Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,629Total Detected
144,237Taken Down
91.7%Kill Rate
93.5%VT Coverage
45,506Abuse Reports
Overview Jun 268,101 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253
December 2025 Intelligence Report 6.4%
11,773
10,686
Taken Down
524
Still Live
90.8%
Kill Rate
2455h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected <strong>11,773</strong> phishing domains, marking a <strong>6.4%</strong> decrease from the previous month. The takedown rate was <strong>76.3%</strong>, with <strong>8,978</strong> domains neutralized. Notably, <strong>Crypto Scam</strong> targeting remains prevalent with <strong>820</strong> domains, while <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of <strong>1452.7</strong> hours indicates room for improvement in response speed.

  • <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> leads registrar abuse with <strong>1268</strong> cases, necessitating focused intervention.
  • Crypto-related brands like <strong>Coinbase</strong> and <strong>Kraken</strong> are primary targets, overshadowing traditional banking sectors.
  • The <strong>.com</strong> TLD remains the most weaponized with <strong>3816</strong> domains, followed by <strong>.app</strong> and <strong>.dev</strong>.
  • The <strong>Angel Drainer</strong> kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with <strong>8798</strong> domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at <strong>76.3%</strong>, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the <strong>Angel Drainer</strong> kit. Registrars like <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> and <strong>Cloudflare, Inc.</strong> require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,993 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of 195973.com
195973.com
21 VTTaken Down
Screenshot of 692e63c6e33d1db827f89d21--thunderous-sorbet-780abf.netlify.app
692e63c6e33d1db827f89d21--thunderous-sorbet-780abf.netlify.app
21 VTTaken Down
Screenshot of 6h361.com
6h361.com
21 VTTaken Down
Screenshot of access-coinbase-portal.framer.media
access-coinbase-portal.framer.media
21 VTTaken Down
Screenshot of accountspagemain.com
accountspagemain.com
21 VTTaken Down
Screenshot of accuno-amex.koken-ishin.com
accuno-amex.koken-ishin.com
21 VTTaken Down
Screenshot of aii-ib-chuirokin-or-jp.net
aii-ib-chuirokin-or-jp.net
21 VTTaken Down
Screenshot of airbnb-clone-omega-gules.vercel.app
airbnb-clone-omega-gules.vercel.app
21 VTLive
Screenshot of akpp-volkswagen.ru
akpp-volkswagen.ru
21 VT
Screenshot of algo-aloxifinsoftware.com
algo-aloxifinsoftware.com
21 VTTaken Down
Screenshot of amazon-clone-gamma-ecru.vercel.app
amazon-clone-gamma-ecru.vercel.app
21 VTLive
Screenshot of amazon-clone-html-css-js-tau.vercel.app
amazon-clone-html-css-js-tau.vercel.app
21 VTTaken Down
Screenshot of amazon-clone-orcin-ten.vercel.app
amazon-clone-orcin-ten.vercel.app
21 VTLive
Screenshot of amazon-clone-sable-nu.vercel.app
amazon-clone-sable-nu.vercel.app
21 VTLive
Screenshot of amazon-clone-zeta-six.vercel.app
amazon-clone-zeta-six.vercel.app
21 VTTaken Down
Screenshot of amazon-frontend-n1s9.vercel.app
amazon-frontend-n1s9.vercel.app
21 VTLive
Screenshot of amazon-tau-blue.vercel.app
amazon-tau-blue.vercel.app
21 VTLive
Screenshot of amazon.bepx.cc
amazon.bepx.cc
21 VTTaken Down
Screenshot of amcl.vercel.app
amcl.vercel.app
21 VTTaken Down
Screenshot of apparent-intend-710809.framer.app
apparent-intend-710809.framer.app
21 VTTaken Down
Screenshot of apps.complete-docusign-pdf-solution.successful-cpsess5970449126.dailysports.es
apps.complete-docusign-pdf-solution.successful-cpsess5970449126.dailysports.es
21 VTTaken Down
Screenshot of att-bonus.com.mx
att-bonus.com.mx
21 VTTaken Down
Screenshot of attyahoomail-servicescomms.weeblysite.com
attyahoomail-servicescomms.weeblysite.com
21 VTTaken Down
Screenshot of b45038.com
b45038.com
21 VTTaken Down
Screenshot of b45070.com
b45070.com
21 VTTaken Down
Screenshot of bafybeibdyr3vrviyiqdrraxyk5dxy5fb6subupjbgqwyvki3b7pn2h32lm.ipfs.w3s.link
bafybeibdyr3vrviyiqdrraxyk5dxy5fb6subupjbgqwyvki3b7pn2h32lm.ipfs.w3s.link
21 VTTaken Down
Screenshot of bafybeie7lbm2yjucacnbbj5lzuxh7hfqf6v27ohwsnzbsbxm5ikxob3pim.ipfs.dweb.link
bafybeie7lbm2yjucacnbbj5lzuxh7hfqf6v27ohwsnzbsbxm5ikxob3pim.ipfs.dweb.link
21 VTTaken Down
Screenshot of bafybeiej3ntsxyjofgabr7fwsfnasqkcx6gfzocf2ncresca5jlzv4tkzy.ipfs.infura-ipfs.io
bafybeiej3ntsxyjofgabr7fwsfnasqkcx6gfzocf2ncresca5jlzv4tkzy.ipfs.infura-ipfs.io
21 VTTaken Down
Screenshot of bafybeigbqwmxazxynaputje3qz5bp5im3grqzyqdzb3r3xb5uuzysijlt4.ipfs.infura-ipfs.io
bafybeigbqwmxazxynaputje3qz5bp5im3grqzyqdzb3r3xb5uuzysijlt4.ipfs.infura-ipfs.io
21 VTTaken Down
Screenshot of bellsouth-att-sign-in-4b8c33.webflow.io
bellsouth-att-sign-in-4b8c33.webflow.io
21 VTTaken Down
Screenshot of bet394.cc
bet394.cc
21 VTTaken Down
Screenshot of bet73aa.com
bet73aa.com
21 VTTaken Down
Screenshot of bet73uu.com
bet73uu.com
21 VTTaken Down
Screenshot of bitzixnexusai.com
bitzixnexusai.com
21 VTTaken Down
Screenshot of boglinepotal.com
boglinepotal.com
21 VTTaken Down
Screenshot of booking-com-clone-kappa.vercel.app
booking-com-clone-kappa.vercel.app
21 VTLive
Screenshot of bright-mousse-41eb32.netlify.app
bright-mousse-41eb32.netlify.app
21 VTTaken Down
Screenshot of click-now-appeal.page.gd
click-now-appeal.page.gd
21 VTTaken Down
Screenshot of co-us-start-trezor-io-start.typedream.app
co-us-start-trezor-io-start.typedream.app
21 VTTaken Down
Screenshot of coin.volcanovip.cc
coin.volcanovip.cc
21 VTTaken Down
Screenshot of coinbase-ledgerx.my
coinbase-ledgerx.my
21 VTTaken Down
Screenshot of curve-flnance.com
curve-flnance.com
21 VTTaken Down
Screenshot of dhlrewardscards.com
dhlrewardscards.com
21 VT
Screenshot of dibbss.com
dibbss.com
21 VTTaken Down
Screenshot of easy-bank-landing-page-weblytic.vercel.app
easy-bank-landing-page-weblytic.vercel.app
21 VTLive
Screenshot of embedilekitcdn.flazio.site
embedilekitcdn.flazio.site
21 VTTaken Down
Screenshot of ethereumbot-app.com
ethereumbot-app.com
21 VTTaken Down
Screenshot of exobus.io
exobus.io
21 VTTaken Down
Screenshot of ezy-whatsapp.com.cn
ezy-whatsapp.com.cn
21 VTTaken Down
Screenshot of facebook-clone-blush-alpha.vercel.app
facebook-clone-blush-alpha.vercel.app
21 VTLive
Screenshot of g-mail.digital
g-mail.digital
21 VTTaken Down
Screenshot of geettikkha.github.io
geettikkha.github.io
21 VTTaken Down
Screenshot of gov-australia-center.com
gov-australia-center.com
21 VTTaken Down
Screenshot of gxdrtnbsnkxskrskxredit.com
gxdrtnbsnkxskrskxredit.com
21 VTTaken Down
Screenshot of help-ledger-login.vercel.app
help-ledger-login.vercel.app
21 VTTaken Down
Screenshot of hhttps-roblox.com
hhttps-roblox.com
21 VTTaken Down
Screenshot of home-rent-application.vercel.app
home-rent-application.vercel.app
21 VTLive
Screenshot of hypeliquid-foundation.com
hypeliquid-foundation.com
21 VTTaken Down
Screenshot of info-learn-coinbase.daftpage.com
info-learn-coinbase.daftpage.com
21 VTTaken Down
Screenshot of instagramcom-soneeek.blogspot.com
instagramcom-soneeek.blogspot.com
21 VTTaken Down
« Prev 1 2 3 4 5 6 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,629+ domains with security reports

Live Threats

13,073 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence