Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,053Total Detected
79,237Taken Down
57%Kill Rate
92.4%VT Coverage
38,873Abuse Reports
Overview May 261,969 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
6,574
Taken Down
4,653
Still Live
55.8%
Kill Rate
1865h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,992 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

195222777.com
21 VTTaken Down
1952255.com
21 VTTaken Down
195444000.com
21 VTTaken Down
1958800.com
21 VTLive
195926.com
21 VTTaken Down
195973.com
21 VTTaken Down
692e63c6e33d1db827f89d21--thunderous-sorbet-780abf.netlify.app
21 VTTaken Down
6h361.com
21 VTTaken Down
access-coinbase-portal.framer.media
21 VTTaken Down
accountspagemain.com
21 VTTaken Down
accuno-amex.koken-ishin.com
21 VTTaken Down
aii-ib-chuirokin-or-jp.net
21 VTLive
airbnb-clone-omega-gules.vercel.app
21 VTLive
akpp-volkswagen.ru
21 VT
algo-aloxifinsoftware.com
21 VTLive
amazon-clone-gamma-ecru.vercel.app
21 VTLive
amazon-clone-html-css-js-tau.vercel.app
21 VTTaken Down
amazon-clone-orcin-ten.vercel.app
21 VTLive
amazon-clone-sable-nu.vercel.app
21 VTLive
amazon-clone-zeta-six.vercel.app
21 VTTaken Down
amazon-frontend-n1s9.vercel.app
21 VTLive
amazon-tau-blue.vercel.app
21 VTLive
amazon.bepx.cc
21 VTTaken Down
amcl.vercel.app
21 VTTaken Down
apparent-intend-710809.framer.app
21 VTTaken Down
apps.complete-docusign-pdf-solution.successful-cpsess5970449126.dailysports.es
21 VTTaken Down
att-bonus.com.mx
21 VTTaken Down
attyahoomail-servicescomms.weeblysite.com
21 VTTaken Down
b033.app
21 VTLive
b45038.com
21 VTTaken Down
b45070.com
21 VTTaken Down
bafybeibdyr3vrviyiqdrraxyk5dxy5fb6subupjbgqwyvki3b7pn2h32lm.ipfs.w3s.link
21 VTTaken Down
bafybeie7lbm2yjucacnbbj5lzuxh7hfqf6v27ohwsnzbsbxm5ikxob3pim.ipfs.dweb.link
21 VTTaken Down
bafybeiej3ntsxyjofgabr7fwsfnasqkcx6gfzocf2ncresca5jlzv4tkzy.ipfs.infura-ipfs.io
21 VTTaken Down
bafybeigbqwmxazxynaputje3qz5bp5im3grqzyqdzb3r3xb5uuzysijlt4.ipfs.infura-ipfs.io
21 VTTaken Down
bankofamericalogin.sbs
21 VTLive
bellsouth-att-sign-in-4b8c33.webflow.io
21 VTTaken Down
bet394.cc
21 VTTaken Down
bet73aa.com
21 VTLive
bet73uu.com
21 VTTaken Down
bitzixnexusai.com
21 VTLive
boglinepotal.com
21 VTTaken Down
booking-com-clone-kappa.vercel.app
21 VTLive
bright-mousse-41eb32.netlify.app
21 VTTaken Down
click-now-appeal.page.gd
21 VTTaken Down
co-us-start-trezor-io-start.typedream.app
21 VTTaken Down
coin.volcanovip.cc
21 VTTaken Down
coinbase-ledgerx.my
21 VTTaken Down
curve-flnance.com
21 VTTaken Down
dhlrewardscards.com
21 VT
dibbss.com
21 VTLive
easy-bank-landing-page-weblytic.vercel.app
21 VTLive
embedilekitcdn.flazio.site
21 VTTaken Down
ethereumbot-app.com
21 VTTaken Down
ethereumcodeapp.net
21 VTLive
exobus.io
21 VTTaken Down
ezy-whatsapp.com.cn
21 VTTaken Down
facebook-clone-blush-alpha.vercel.app
21 VTLive
g-mail.digital
21 VTLive
geettikkha.github.io
21 VTTaken Down
« Prev 1 2 3 4 5 6 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,053+ domains with security reports

Live Threats

59,687 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence