Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

147,432Total Detected
97,529Taken Down
69.6%Kill Rate
92.5%VT Coverage
39,312Abuse Reports
Overview May 262,806 Apr 2615,640 Mar 2618,819 Feb 2642,100 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
7,546
Taken Down
3,678
Still Live
64.1%
Kill Rate
1956h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,284
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 584
PDR Ltd. d/b/a PublicDomainRegistry.com 581
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 509
NameCheap, Inc. 461

Targeted Brands

BrandDomains
coinbase 813
Crypto Casino / Gambling 781
across 545
Kraken 422
Ledger 364
MetaMask 265
x.com 213
Google 213

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,992 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

xx1505.com
20 VTTaken Down
zxd365756.com
20 VTTaken Down
049734-coinbase.com
19 VTTaken Down
1-easybank-landing-page-master.vercel.app
19 VTLive
108909-cb.com
19 VTLive
11659944.com
19 VTTaken Down
138-68-183-9.cprapid.com
19 VTTaken Down
195000444.com
19 VTTaken Down
1950044.com
19 VTTaken Down
195145.com
19 VTTaken Down
195171.com
19 VTTaken Down
195222333.com
19 VTTaken Down
195243.com
19 VTTaken Down
195333444.com
19 VTTaken Down
195333666.com
19 VTTaken Down
195444888.com
19 VTTaken Down
195777333.com
19 VTTaken Down
195867.com
19 VTTaken Down
203948-94383bro.glitch.me
19 VTTaken Down
230951-coinbase.com
19 VTLive
2365l.com
19 VTTaken Down
2yus7ngwd0c87v-1drvsharepoint.deemfirsts.com
19 VTTaken Down
35147c05.hdfuhduddijgji.pages.dev
19 VTTaken Down
4a537f8276704fe3b6b61761570858560.2141976.meusitehostgator.com.br
19 VTTaken Down
6366uu.com
19 VTTaken Down
692e6414c3ffb2b12624b6fd--thunderous-sorbet-780abf.netlify.app
19 VTTaken Down
6h061.com
19 VTLive
acs-ch.info
19 VTTaken Down
adrianairbnb.netlify.app
19 VTLive
africangulf.ly
19 VTTaken Down
airbnb-1869ae.webflow.io
19 VTTaken Down
airbnb-clone-final.vercel.app
19 VTLive
airbnb-demo-jade.vercel.app
19 VTLive
airbnb-frontend-beryl.vercel.app
19 VTLive
aliexpress.lm-e.top
19 VTTaken Down
amazongech.netlify.app
19 VTLive
aniketsangal.github.io
19 VTLive
anzaz.tkshopskaidian.com
19 VTLive
app-facebmall.top
19 VTLive
app-lidopoints.com
19 VTWallet Connect Abuse
app-shopglobalselling.top
19 VTLive
app-uphd.daftpage.com
19 VTTaken Down
app.zeiron.run
19 VT
apparent-platform-689410.framer.app
19 VTTaken Down
appleallpay.github.io
19 VTLive
aster-dex.run
19 VTTaken DownWallet Connect Abuse
atazino.at
19 VTTaken Down
att-103446-103201.weeblysite.com
19 VTTaken Down
auth-wetransfer-com-4c95d-5d82f-6f882c.vercel.app
19 VTTaken Down
authorise.weebly.com
19 VTTaken Down
b230e.xyz
19 VTLive
b45094.com
19 VTTaken Down
backup-centre-exodus-us.vercel.app
19 VTTaken Down
bafkreifqccvbywrjj7ntbsp35ecgvn2dt7sbafarthzfq5thqy4gedfkia.ipfs.dweb.link
19 VTTaken Down
bafkreihtqnzk5fy34v72ozhiwchifj3cakrye2maw5bpdg3gl5l6q4o33e.ipfs.dweb.link
19 VTTaken Down
bafybeibbnvs3pnyu6rhmnnerfjm4mcowfw6r4wm7mcv6yelnehuofpnjiy.ipfs.dweb.link
19 VTTaken Down
bafybeibifb3diqevxab4h4me2vdv5rtx2tprhqkyay5j3z2x4qytzn7v7e.ipfs.infura-ipfs.io
19 VTTaken Down
bafybeie47r3tvwwvwqdmczsjgf2xir67zimzw2dyu34ck262bryr2wqvha.ipfs.infura-ipfs.io
19 VTTaken Down
bafybeif3ixjydo2gj7coj7j6tkvqv76l6vp5ckpry4oknuqoucsf4hipc4.ipfs.infura-ipfs.io
19 VTTaken Down
bafybeigcvw6t2r4kyczarfwggvbiim2leeoluohcle76tymcvvm56tmv4i.ipfs.infura-ipfs.io
19 VTTaken Down
« Prev ... 6 7 8 9 10 11 12 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

147,432+ domains with security reports

Live Threats

42,672 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence