Threat Intelligence Dashboard

December 2025 Report

Detailed threat intelligence for 11,773 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

107,732Total Detected
92,561Taken Down
86.3%Kill Rate
94.3%VT Coverage
25,332Abuse Reports
Overview Mar 269,496 Feb 2618,204 Jan 268,931 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
December 2025 Intelligence Report 6.4%
11,773
11,317
Taken Down
456
Still Live
96.1%
Kill Rate
1836h
Avg Response
10.1
Avg VT Score

In December 2025, PhishDestroy detected 11,773 phishing domains, marking a 6.4% decrease from the previous month. The takedown rate was 76.3%, with 8,978 domains neutralized. Notably, Crypto Scam targeting remains prevalent with 820 domains, while NICENIC INTERNATIONAL GROUP CO., LIMITED emerged as the top registrar for abuse cases. The operational impact shows effective takedown efforts, though the mean registrar response time of 1452.7 hours indicates room for improvement in response speed.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED leads registrar abuse with 1268 cases, necessitating focused intervention.
  • Crypto-related brands like Coinbase and Kraken are primary targets, overshadowing traditional banking sectors.
  • The .com TLD remains the most weaponized with 3816 domains, followed by .app and .dev.
  • The Angel Drainer kit is the most used, posing significant threats to victims' wallets through direct fund extraction.
  • The US hosts the majority of phishing infrastructure with 8798 domains, indicating a need for enhanced monitoring in this region.
  • Detection-to-takedown efficiency remains robust at 76.3%, but the slow registrar response time highlights a critical gap.
Outlook
As we move into January 2026, defenders should anticipate continued targeting of crypto platforms, especially given the dominance of the Angel Drainer kit. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require escalation to improve response times. Watch for potential shifts in TLD usage and geographic hosting patterns.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,269
Cloudflare, Inc. 1,148
Dynadot LLC 607
CSC Corporate Domains, Inc. 583
PDR Ltd. d/b/a PublicDomainRegistry.com 574
Gname.com Pte. Ltd. 529
GoDaddy.com, LLC 498
Tucows Domains Inc. 456

Targeted Brands

BrandDomains
Coinbase 738
Kraken 405
Ledger 345
MetaMask 241
Trezor 159
Solana 109
Phantom 101
Ethereum 90

Top TLDs

.com3,816 .app991 .dev619 .io609 .xyz483 .ru453 .ai349 .org319

Hosting Countries

🇺🇸 US8,439 🇩🇪 DE647 🇸🇪 SE401 🇭🇰 HK390 🇳🇱 NL376 🇷🇺 RU97 🇫🇷 FR77 🇬🇧 GB75

Active Drainer Kits

Angel Drainer746 Wallet Connect Abuse418 Solana Drainer252 Inferno Drainer4 Ice Phishing2

December 2025 Domains (11,773)

Sorted by VirusTotal detections. Click any domain for full security report.

amazon-clone-lime-eight.vercel.app
26 VTLive
amazon-clone-navy-eight.vercel.app
26 VTLive
amazon-clone-navy-ten.vercel.app
26 VTLive
netflix-clone-topaz-kappa.vercel.app
26 VTLive
amazon-clone-plum-eight.vercel.app
25 VTLive
easybank-landing-page-rho.vercel.app
25 VTLive
extension.egjidjbpglichdcondbcbdnbeeppgdph.com
25 VTTaken Down
facebook-login-page-clone-gamma.vercel.app
25 VTLive
netflix-clone-6.vercel.app
25 VTLive
netflix-clone-olive-mu.vercel.app
25 VTLive
portal-e-devlet.com
25 VTTaken Down
6h603.com
24 VTTaken Down
amazon-clone-khaki-eight.vercel.app
24 VTLive
amazon-clone-seven-opal.vercel.app
24 VTLive
bafybeifpqhyzn73oe4u5fepceonr6hbpvffuxj7vikwnwh3wkrp2v3blei.ipfs.infura-ipfs.io
24 VTTaken Down
cp-intermedia-controlpanel-login-webmail.babysuites.net
24 VTTaken Down
easybank-project.vercel.app
24 VTLive
flamita.click
24 VTTaken Down
netflix-clone-sigma-gules.vercel.app
24 VTTaken Down
rownowaga-invrevo.com
24 VTTaken Down
spotifysupport.help
24 VTTaken Down
verificaintesa.it
24 VTTaken Down
www-roblox-com-frr-users-6048717178.vercel.app
24 VTLive
977776i.cleansite.info
23 VTTaken Down
allegrolokalnie.6721842.cfd
23 VTTaken Down
almost-netflix.vercel.app
23 VTLive
amazon-clone-cyan-ten.vercel.app
23 VTLive
amazon-clone-olive-eight.vercel.app
23 VTLive
amazonbylio.vercel.app
23 VTLive
audit-defi.com
23 VTTaken Down
bafybeifo2pid4d2xyk7cc2rncpemph3kljg5ylnovhdmdvw4khoq3uzlya.ipfs.infura-ipfs.io
23 VTTaken Down
bancoprovinciapersonas.rafaelaveronezi.com.br
23 VTTaken Down
basementselfsolve.com
23 VTTaken Down
bet405.cc
23 VTTaken Down
blyaddddd.vercel.app
23 VTLive
facebooklinksk.blogspot.com
23 VTTaken Down
getinfo-netflix.com
23 VTTaken Down
hltps-roblox.com
23 VTTaken Down
httpss-roblox.co
23 VTTaken Down
ledger.recovery.5930217.com
23 VTTaken Down
lhttps-www-roblox.com
23 VTTaken Down
magenta-tenets-857917.framer.app
23 VTTaken Down
mailer3-dhl.mdbgo.io
23 VTTaken Down
marthasvineyardbabysitters.net
23 VTTaken Down
netflix-clone-peach-kappa.vercel.app
23 VTTaken Down
netflix-clone-qu144p5yp-lumiereproductions.vercel.app
23 VTLive
netflix-clone-teal-six.vercel.app
23 VTTaken Down
o365.vip
23 VTTaken Down
opensea.io.marketplace-art.com
23 VTTaken DownWallet Connect Abuse
phantom-backup.com
23 VTTaken Down
portal.pkim.gallezone.lk
23 VTTaken Down
rudrapratapsingh21.github.io
23 VTLive
secure-coinbase-en-auth.daftpage.com
23 VTTaken Down
trezorsuite.at
23 VTLive
upholld-loggi05.godaddysites.com
23 VTTaken Down
wha-web-whatsapp.com.cn
23 VTTaken Down
whatsapp-clone-frontend-liart.vercel.app
23 VTLive
0365ff.com
22 VTTaken Down
134712.cc
22 VTTaken Down
1565999555.com
22 VTTaken Down
1 2 3 4 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

107,732+ domains with security reports

Live Threats

14,744 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence