Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

147,424Total Detected
97,357Taken Down
69.6%Kill Rate
92.5%VT Coverage
39,307Abuse Reports
Overview May 262,798 Apr 2615,640 Mar 2618,819 Feb 2642,100 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
7,545
Taken Down
3,680
Still Live
64.1%
Kill Rate
1956h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,992 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

uphuld-loggun.godaddysites.com
21 VTTaken Down
wallet-ladger-livelogin.vercel.app
21 VTTaken Down
wallet-landing-near.vercel.app
21 VTLive
web3-projects-beta.vercel.app
21 VTLive
website-657fe787.xji.acn.temporary.site
21 VTTaken Down
website-e8dce2af.pop.owl.temporary.site
21 VTTaken Down
wurowex.com
21 VTTaken Down
www57365.cc
21 VTTaken Down
xfinityverif.vercel.app
21 VTTaken Down
xp-steth.org
21 VTTaken DownWallet Connect Abuse
yourtinyurl.live
21 VTTaken Down
156.67.218.149.sslip.io
20 VTTaken Down
1565777444.com
20 VTTaken Down
1615222333.com
20 VTTaken Down
16fdc029-01ca-4047-933e-bf5575463977.vercel.app
20 VTTaken Down
17saloon.com
20 VTLive
1951155.com
20 VTTaken Down
195143.com
20 VTTaken Down
195222888.com
20 VTTaken Down
195232.com
20 VTTaken Down
195333333.com
20 VTTaken Down
195444777.com
20 VTTaken Down
195444999.com
20 VTTaken Down
1957711.com
20 VTTaken Down
1958866.com
20 VTTaken Down
1spin.cc
20 VTTaken Down
2025rkt-sa.vip
20 VTLive
32173-coinbase.com
20 VT
343243-coinbase.com
20 VTTaken Down
50cas.us
20 VTLive
6h321.com
20 VTTaken Down
6h336.com
20 VTTaken Down
6h692.com
20 VTLive
6h816.com
20 VTTaken Down
952365.cc
20 VTTaken Down
9f5d362ddbe946e58a6faeca56170e30.vbdxe.cn
20 VTLive
a-mettamaxsk-logjiin.godaddysites.com
20 VTTaken Down
aayush4725.github.io
20 VTLive
aboo-facebook.blogspot.com
20 VTTaken Down
about-coinbasehelp-cdn.daftpage.com
20 VTTaken Down
adfdf74.cc
20 VTLive
alert.casino6868.xyz
20 VTLive
altex-momentum.net
20 VTLive
amazon-tau-ecru.vercel.app
20 VTLive
amexz.kano-okaya.com
20 VTTaken Down
amexz.siratoriyasu.com
20 VTTaken Down
arubaid.sviluppo.host
20 VTTaken Down
auth-basepro-cdn.daftpage.com
20 VTTaken Down
b45060.com
20 VTTaken Down
b45098.com
20 VTTaken Down
bafkreiecvycccw636eu24sboxdcwg2incfh7vhgt3vlqbbhv37ztbyaev4.ipfs.dweb.link
20 VTTaken Down
bafkreiehjatmkhv5y2zkeaj2idmdb5w5mhl6mljeo34tmuhgam2vjzh6ya.ipfs.nftstorage.link
20 VTTaken Down
bafkreiezz7szm2v5hdurd4odopuw42wyqmyqeo4kmdafhzuhdqmshljdpa.ipfs.dweb.link
20 VTTaken Down
bafkreihuwsmynlll4to4pzv7dq2ke76huvkbcni7eh4khw5ids3wt4x5su.ipfs.dweb.link
20 VTTaken Down
bafybeibednalgwbl72zf6kml3rrbyabnk2k2nxm6j3szad2lemlagypcda.ipfs.infura-ipfs.io
20 VTTaken Down
bafybeibeooncwnjx3amo2o2swthlvsjll5hcqkjxrwslmvsydqd75ukvvy.ipfs.infura-ipfs.io
20 VTTaken Down
bafybeibiri6akaf2pabdtm6fnlk2jnkmay5v6a5kaukpfc6mttlflk6oyq.ipfs.infura-ipfs.io
20 VTTaken Down
bafybeid6cqpwazua4i4xa623imlmlva5jxblgcdstxtdefum6hec72lrxi.ipfs.infura-ipfs.io
20 VTTaken Down
bafybeie7lbm2yjucacnbbj5lzuxh7hfqf6v27ohwsnzbsbxm5ikxob3pim.ipfs.infura-ipfs.io
20 VTTaken Down
bafybeietqbtudhhied2ds3zwupewgtiylypmglxybebmiq6ukbn6ukd4uy.ipfs.dweb.link
20 VTTaken Down
« Prev ... 2 3 4 5 6 7 8 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

147,424+ domains with security reports

Live Threats

42,483 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence