Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

149,795Total Detected
105,161Taken Down
74%Kill Rate
92.6%VT Coverage
39,946Abuse Reports
Overview May 263,841 Apr 2615,640 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
8,439
Taken Down
2,779
Still Live
71.7%
Kill Rate
2288h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,993 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

award-boosteth.com
16 VTTaken Down
b220u.xyz
16 VTTaken Down
b45078.com
16 VTTaken Down
b45085.com
16 VTTaken Down
bafkreie3aau6e7nzvao27vaoqcq6wcp6fllgd5pagnvgeylqso3jetnd4u.ipfs.dweb.link
16 VTTaken Down
bafybeialhrwzqxqwwecyjmub6gn4ehoajt64dcpsaxtu6b5ier4zowx3de.ipfs.w3s.link
16 VTTaken Down
bafybeibiru73a22lhi25q3w3fqjiyn3wrod5bsaqlzrkgj6nz6lqciqr3a.ipfs.dweb.link
16 VTTaken Down
bafybeibvd45o3zcj7cwhqzszpwbtfyic4p7spfed2kxuizsh4qtdmt2gom.ipfs.infura-ipfs.io
16 VTTaken Down
bafybeicu6ofsozfl6kqndmqqfliitee75zupzv3ke3jg2ap26vn7lysf6y.ipfs.dweb.link
16 VTLive
bafybeiehgfy5gxgf7mv34zs3kih7iatowo7n46jifuwsdozbpi23wnp64u.ipfs.w3s.link
16 VTTaken Down
bafybeieioorq2gemlvbkffwwttxkijnn7lb3kjh4rbvh223jb5qrzesgqa.ipfs.dweb.link
16 VTTaken Down
bafybeielogclanvxn2g5vx6xawugn2krdgycjhrdozilhgu5xpf2wspz24.ipfs.dweb.link
16 VTTaken Down
bafybeigz3zfosvwiso3abzamcwdp6v2o4xasnj4smntd4uienjeb2sklle.ipfs.infura-ipfs.io
16 VTTaken Down
bancovenezuelacreditospersonas.netlify.app
16 VTTaken Down
base-learn-coinbase.daftpage.com
16 VTTaken Down
baselootym.pro
16 VTLive
basesupport.site
16 VTTaken Down
bellsouth-att-sign-in-02e55b.webflow.io
16 VTTaken Down
bellsouth-att-sign-in-339ec8.webflow.io
16 VTTaken Down
bellsouth-att-sign-in-87e71e.webflow.io
16 VTTaken Down
bellsouth-att-sign-in-abe8d5.webflow.io
16 VTTaken Down
berrybenkaofficialjob.com
16 VTTaken Down
bet73042.com
16 VTLive
bet73071.com
16 VTTaken Down
betacer.com
16 VTTaken Down
betbf.app
16 VTTaken Down
betnoks.com
16 VTTaken Down
betpro.st
16 VTTaken Down
betzu.site
16 VTTaken Down
bhdinformacionparaticoncursoonline.kesug.com
16 VTTaken Down
bifrost.pe
16 VTTaken Down
biotex-resource.com
16 VTTaken Down
bitroyale.pro
16 VTTaken Down
blocksmartwallet.live
16 VTTaken DownSolana Drainer
blornpliffy.top
16 VTTaken Down
bloxy-rbx1i.netlify.app
16 VTTaken Down
bnb-zoobit.com
16 VTTaken DownWallet Connect Abuse
bookanexus.com
16 VTTaken Down
booking-clone-flame.vercel.app
16 VTLive
booking-clone-two.vercel.app
16 VTLive
brentvaleappa.com
16 VTTaken Down
browser-chrome.gitbook.io
16 VTTaken Down
browser-metmask-ext.typedream.app
16 VT
bt-yaktl.daftpage.com
16 VTTaken Down
btc81novelis.fr
16 VT
btcevent.us
16 VTLive
by.xfhkj.com
16 VTLive
c1b93000.bvfhgvuddfh.pages.dev
16 VTLive
ca----coinsqure-cdn-----auth.webflow.io
16 VTTaken Down
ca-coinsquree-cdn-auth.webflow.io
16 VTTaken Down
camvan.xyz
16 VTTaken Down
casgrok.com
16 VTTaken Down
cashcuz.com
16 VTTaken Down
cb.careplus247.info
16 VTTaken Down
cdn.sessionspy.com
16 VTTaken Down
centoplay.cc
16 VT
cf-6.nxnrllbe.eu.org
16 VTTaken Down
challengesez.pro
16 VTTaken Down
checkin-asterdex.com
16 VTTaken DownAngel Drainer
chezupshaw.com
16 VTTaken Down
« Prev ... 31 32 33 34 35 36 37 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

149,795+ domains with security reports

Live Threats

36,971 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence