Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

150,048Total Detected
110,217Taken Down
77.9%Kill Rate
92.5%VT Coverage
40,041Abuse Reports
Overview May 263,963 Apr 2615,639 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
8,832
Taken Down
2,326
Still Live
75%
Kill Rate
2322h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,993 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

yoxwin.space
13 VTTaken Down
ypxmn.cn
13 VTTaken Down
yupooclothes.com
13 VTTaken Down
zarunbet.com
13 VTTaken Down
zerionallets.wordpress.com
13 VTTaken Down
zhichao.blog
13 VTLive
zircuit.airdropsalert.us
13 VTTaken Down
098654coinbase.com
12 VTTaken Down
0xchain.top
12 VTTaken Down
1839236c.mfgjgnihfh.pages.dev
12 VTLive
1bigwin.click
12 VTTaken Down
1e1f212b.ripsyr.pages.dev
12 VTTaken Down
1spade.top
12 VTLive
30f1b22b.elvsoo.pages.dev
12 VTLive
33krkn.cc
12 VTLive
36e0e9e4.mfgjgnihfh.pages.dev
12 VTTaken Down
39eaa487.startts.pages.dev
12 VTTaken Down
4z8.7bd.myftpupload.com
12 VTTaken Down
5aa6563b.trezo-d82.pages.dev
12 VTTaken Down
7196ae03.mfgjgnihfh.pages.dev
12 VTLive
72-146-195-11.cprapid.com
12 VTTaken Down
7bf8ec90.kfhhfdue.pages.dev
12 VTLive
82895.xyz
12 VTTaken Down
8b4dfe60.knfdjfhusurje.pages.dev
12 VTLive
9516.li
12 VTLive
99rob.netlify.app
12 VTTaken Down
9cece7b9.reeeset.pages.dev
12 VTLive
9f088313.ripsyr.pages.dev
12 VTTaken Down
a9342e21.memo-ba1.pages.dev
12 VTLive
acccess-cnbase-proauth.daftpage.com
12 VTLive
access-secure-krakeen.daftpage.com
12 VTTaken Down
action-coinbase-exten.created.app
12 VTTaken Down
adventure-phone.com
12 VTTaken Down
aerodrome-distribution.com
12 VTLiveAngel Drainer
aethir.airdropsalert.us
12 VTTaken Down
ahaoinn.com
12 VTTaken Down
ailgun.org
12 VTLive
air.solgalaxy.cc
12 VTTaken DownSolana Drainer
airdrop-irys.xyz
12 VTLive
airdrop-ravedao.com
12 VTTaken DownWallet Connect Abuse
airdrop-web3-app.top
12 VTTaken Down
airdrop.omnera.finance
12 VTLive
airdrop.vooooi.xyz
12 VTLiveAngel Drainer
airdropalert.group
12 VTTaken Down
airdropalerts.pro
12 VTTaken Down
airdropsalert.us
12 VTTaken Down
aisdhostingrefund.pages.dev
12 VTLiveWallet Connect Abuse
alf4m.github.io
12 VTLive
allinoursite.com
12 VTTaken Down
alm-wallet.top
12 VTLive
ame.ethylamines.com
12 VTTaken Down
announcement-aave.app
12 VTTaken Down
app-krakenn-docs.framer.ai
12 VTTaken Down
app-magmafinance.xyz
12 VTLiveAngel Drainer
app-phantom-ou.pages.dev
12 VTTaken Down
app-uphold-login.blogspot.tw
12 VTTaken Down
app.unisvvap.cfd
12 VTTaken DownAngel Drainer
app.usdclmp.com
12 VTTaken DownWallet Connect Abuse
app.verslo.io
12 VTTaken Down
app.xn--unswap-4va.org
12 VTTaken DownWallet Connect Abuse
« Prev ... 73 74 75 76 77 78 79 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

150,048+ domains with security reports

Live Threats

31,317 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence