Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

166,629Total Detected
144,237Taken Down
91.7%Kill Rate
93.5%VT Coverage
45,506Abuse Reports
Overview Jun 268,101 May 267,021 Apr 2615,633 Mar 2618,814 Feb 2642,095 Jan 268,924 Dec 2511,773 Nov 2512,578 Oct 258,841 Sep 257,306 Aug 253,788 Jul 25700 Jun 253
December 2025 Intelligence Report 6.4%
11,773
10,686
Taken Down
524
Still Live
90.8%
Kill Rate
2455h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected <strong>11,773</strong> phishing domains, marking a <strong>6.4%</strong> decrease from the previous month. The takedown rate was <strong>76.3%</strong>, with <strong>8,978</strong> domains neutralized. Notably, <strong>Crypto Scam</strong> targeting remains prevalent with <strong>820</strong> domains, while <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of <strong>1452.7</strong> hours indicates room for improvement in response speed.

  • <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> leads registrar abuse with <strong>1268</strong> cases, necessitating focused intervention.
  • Crypto-related brands like <strong>Coinbase</strong> and <strong>Kraken</strong> are primary targets, overshadowing traditional banking sectors.
  • The <strong>.com</strong> TLD remains the most weaponized with <strong>3816</strong> domains, followed by <strong>.app</strong> and <strong>.dev</strong>.
  • The <strong>Angel Drainer</strong> kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with <strong>8798</strong> domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at <strong>76.3%</strong>, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the <strong>Angel Drainer</strong> kit. Registrars like <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> and <strong>Cloudflare, Inc.</strong> require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,993 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of insurebitbox.com
insurebitbox.com
21 VTTaken Down
Screenshot of jhttpss-www-roblox.com
jhttpss-www-roblox.com
21 VTTaken Down
Screenshot of jj1505.com
jj1505.com
21 VTTaken Down
Screenshot of kucoiniexlosginie.godaddysites.com
kucoiniexlosginie.godaddysites.com
21 VTTaken Down
Screenshot of kucooiinnlogin.webflow.io
kucooiinnlogin.webflow.io
21 VTTaken Down
Screenshot of kuiconlogin.godaddysites.com
kuiconlogin.godaddysites.com
21 VTTaken Down
Screenshot of kuokinlogon.webflow.io
kuokinlogon.webflow.io
21 VTTaken Down
Screenshot of lcljtkmall.top
lcljtkmall.top
21 VTTaken Down
Screenshot of learn-kucoin-login.typedream.app
learn-kucoin-login.typedream.app
21 VTTaken Down
Screenshot of ledger-wallet-cdn.vercel.app
ledger-wallet-cdn.vercel.app
21 VTTaken Down
Screenshot of livaction-mintgft12.vercel.app
livaction-mintgft12.vercel.app
21 VTTaken DownWallet Connect Abuse
Screenshot of livaction-mintgft13.vercel.app
livaction-mintgft13.vercel.app
21 VTTaken DownWallet Connect Abuse
Screenshot of login.workshopmodsrating.com
login.workshopmodsrating.com
21 VT
Screenshot of maga12u.com
maga12u.com
21 VTTaken Down
Screenshot of mail.informasions.business-minagne.com
mail.informasions.business-minagne.com
21 VTTaken Down
Screenshot of mailbox00.pythonanywhere.com
mailbox00.pythonanywhere.com
21 VTTaken Down
Screenshot of mailer6-ver.mdbgo.io
mailer6-ver.mdbgo.io
21 VTTaken Down
Screenshot of mandirienergikonsultan.com
mandirienergikonsultan.com
21 VTTaken DownWallet Connect Abuse
Screenshot of marutitraders99.com
marutitraders99.com
21 VTTaken Down
Screenshot of mayonetteofficialjob.com
mayonetteofficialjob.com
21 VTTaken Down
Screenshot of meta-maskloig.godaddysites.com
meta-maskloig.godaddysites.com
21 VTTaken Down
Screenshot of metannask.aprisacv.com.mx
metannask.aprisacv.com.mx
21 VTTaken DownWallet Connect Abuse
Screenshot of mmex-robuux2025.netlify.app
mmex-robuux2025.netlify.app
21 VTLive
Screenshot of mmyjjj.netlify.app
mmyjjj.netlify.app
21 VTTaken Down
Screenshot of monero-qr-code-generator.to
monero-qr-code-generator.to
21 VTTaken Down
Screenshot of mtxaccshomecnfrm0log.github.io
mtxaccshomecnfrm0log.github.io
21 VTLive
Screenshot of mymailbrinksternetsergr.vercel.app
mymailbrinksternetsergr.vercel.app
21 VTTaken Down
Screenshot of netflix-71f05.firebaseapp.com
netflix-71f05.firebaseapp.com
21 VTLive
Screenshot of netflix-omega-one.vercel.app
netflix-omega-one.vercel.app
21 VTTaken Down
Screenshot of newmintproj-3pro.vercel.app
newmintproj-3pro.vercel.app
21 VTTaken DownAngel Drainer
Screenshot of polymarkets.at
polymarkets.at
21 VTTaken Down
Screenshot of powemex.com
powemex.com
21 VT
Screenshot of pro-coinbase-web-us.daftpage.com
pro-coinbase-web-us.daftpage.com
21 VTTaken Down
Screenshot of public-crypto-ledger-en.typedream.app
public-crypto-ledger-en.typedream.app
21 VTTaken Down
Screenshot of public-xi-lemon.vercel.app
public-xi-lemon.vercel.app
21 VTLive
Screenshot of recovery-trezor.net
recovery-trezor.net
21 VTTaken Down
Screenshot of rnicrosoft-auth.com
rnicrosoft-auth.com
21 VTTaken Down
Screenshot of robloxgiftcardnest.com
robloxgiftcardnest.com
21 VTTaken Down
Screenshot of scanledgerapi.com
scanledgerapi.com
21 VTTaken Down
Screenshot of sdd.baby
sdd.baby
21 VTTaken Down
Screenshot of severozapadonlineparts.ru
severozapadonlineparts.ru
21 VTTaken Down
Screenshot of site-9yfg7o615.godaddysites.com
site-9yfg7o615.godaddysites.com
21 VTTaken Down
Screenshot of skinsmonkye.com
skinsmonkye.com
21 VTTaken Down
sparrowwallef.com
21 VTTaken Down
Screenshot of special-telegram-eosin.vercel.app
special-telegram-eosin.vercel.app
21 VTTaken Down
Screenshot of spinbase.cc
spinbase.cc
21 VTTaken Down
Screenshot of srishtiworkk.github.io
srishtiworkk.github.io
21 VTLive
Screenshot of store.workshopmodsrating.com
store.workshopmodsrating.com
21 VT
Screenshot of syriatel.gamefy.io.proxy.openvpn-ssh.com
syriatel.gamefy.io.proxy.openvpn-ssh.com
21 VTTaken Down
Screenshot of telstraaserviceadmin.weebly.com
telstraaserviceadmin.weebly.com
21 VTTaken Down
Screenshot of tkshop2ed.top
tkshop2ed.top
21 VTTaken Down
Screenshot of tokkmall.com
tokkmall.com
21 VTTaken Down
Screenshot of trezorwalletsupport.com
trezorwalletsupport.com
21 VTTaken Down
Screenshot of trueamericancasino.com
trueamericancasino.com
21 VTTaken Down
Screenshot of tycewin.cc
tycewin.cc
21 VTTaken Down
Screenshot of update-ledger-login.vercel.app
update-ledger-login.vercel.app
21 VTTaken Down
Screenshot of uphuld-loggun.godaddysites.com
uphuld-loggun.godaddysites.com
21 VTTaken Down
Screenshot of wallet-ladger-livelogin.vercel.app
wallet-ladger-livelogin.vercel.app
21 VTTaken Down
Screenshot of wallet-landing-near.vercel.app
wallet-landing-near.vercel.app
21 VTLive
Screenshot of web3-projects-beta.vercel.app
web3-projects-beta.vercel.app
21 VTLive
« Prev 1 2 3 4 5 6 7 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

166,629+ domains with security reports

Live Threats

13,073 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence