Threat Intelligence Dashboard

January 2026 Report

Detailed threat intelligence for 8,930 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,066Total Detected
79,871Taken Down
57.5%Kill Rate
92.4%VT Coverage
38,874Abuse Reports
Overview May 261,979 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
January 2026 Intelligence Report 24.1%
8,930
4,303
Taken Down
4,151
Still Live
48.2%
Kill Rate
1145h
Avg Response
9.5
Avg VT Score

The most significant finding for January 2026 is a 24.1% decrease in detected phishing domains compared to the previous month, totaling 8,932 domains. Despite this reduction, 1,823 domains remain active, indicating a need for improved takedown strategies. The takedown rate stands at 79.6%, showing effectiveness but also highlighting a gap in response times, with a mean registrar response time of 782.6 hours. Notably, there is a shift towards targeting crypto-related brands, with Crypto Scam domains leading at 792 detections, suggesting a change in attacker focus and potential vulnerabilities in the crypto sector.

  • NICENIC INTERNATIONAL GROUP CO., LIMITED remains the top abused registrar with 1,300 domains, indicating a persistent issue with registrar oversight.
  • Crypto-related brands are increasingly targeted, with Crypto Scam and Coinbase among the top, suggesting attackers are exploiting the volatile crypto market.
  • The .com TLD continues to be the most weaponized, accounting for 3,249 domains, reflecting its broad usage and trust.
  • The solana_drainer kit is the most prevalent, with 213 instances, posing significant risks of wallet drains and seed theft for victims.
  • The US remains the primary hosting geography with 2,024 domains, but notable activity is seen in HK and DE, indicating a geographic shift.
  • Registrar response times remain high at 782.6 hours, necessitating faster action to reduce active phishing threats.
Outlook
Expect continued focus on crypto-related phishing, with potential increases in domain registrations targeting this sector. Defenders should monitor NICENIC INTERNATIONAL GROUP CO., LIMITED and PDR Ltd. for escalated abuse activity. Watch for new drainer kit variants as attackers refine their methods to exploit cryptocurrency vulnerabilities.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,320
PDR Ltd. d/b/a PublicDomainRegistry.com 971
Gname.com Pte. Ltd. 782
Dynadot LLC 453
Web Commerce Communications Limited 446
NameCheap, Inc. 438
NameSilo, LLC 435
GoDaddy.com, LLC 340

Targeted Brands

BrandDomains
Crypto Casino / Gambling 1,150
x.com 516
argent 451
across 384
base 284
binance 277
Coinbase 180
Airdrop Scam 149

Top TLDs

.com3,248 .cc686 .net565 .xyz429 .org361 .top333 .app317 .live200

Hosting Countries

🇺🇸 US7,154 🇩🇪 DE326 🇭🇰 HK247 🇳🇱 NL163 🇷🇺 RU153 🇸🇬 SG112 🇫🇷 FR92 🇨🇭 CH80

Active Drainer Kits

Solana Drainer257 Angel Drainer138 Wallet Connect Abuse38 Unknown Drainer7 wallet_drainer1

January 2026 Domains (8,930)

Sorted by VirusTotal detections. Click any domain for full security report.

metimaasklogiez.godaddysites.com
19 VTTaken Down
miiiiccrroofdsofttyyresghnmnjh.weebly.com
19 VTTaken Down
mitrarekan.com
19 VTLive
mob.authez.top
19 VTLive
mondroitaide.net
19 VTLive
movelistrade92.net
19 VTLive
mtamasckvloglz.gitbook.io
19 VTTaken Down
mysteryclaims6347-live.vercel.app
19 VTTaken DownAngel Drainer
n3dcj-maaaa-aaaad-qal3q-cai.raw.ic0.app
19 VTTaken Down
navernid.pythonanywhere.com
19 VTTaken Down
neonwin.cc
19 VTTaken Down
net-coin.framer.wiki
19 VTTaken Down
netflex-hub.netlify.app
19 VTTaken Down
nobira-xel.net
19 VTLive
nowcharge.cfd
19 VTLive
nstutqucbooks.weebly.com
19 VTTaken Down
nusewin.cc
19 VT
official-coinbase-help.com
19 VTLive
ooooo-oooo-oooo.surge.sh
19 VTTaken Down
orange-group.back2buzz.eu
19 VTTaken Down
ox0z3x.top
19 VTLive
phantom-wallett.blogspot.hk
19 VTTaken Down
podologuesaintpierre.fr
19 VTTaken Down
polvestionpro.pl
19 VTLive
post-luxo.com
19 VTTaken Down
promobhd.webcindario.com
19 VTTaken Down
protocol.uniswap-staging.org
19 VT
quantumswiftforumai.top
19 VTLive
quickbee.vip
19 VTTaken Down
raydiumsolutions.xyz
19 VTTaken DownSolana Drainer
receptive-purpose-551959.framer.app
19 VTTaken Down
recov-trwstvvallet.com
19 VTTaken Down
ruwahotekoff.digital
19 VT
sampaworks.info
19 VTTaken Down
sdktek.sbs
19 VTLive
seacure-learn-metamask-login.typedream.app
19 VT
seeker-mobile.net
19 VTSolana Drainer
shawww55.weebly.com
19 VTTaken Down
shibac.vip
19 VTLive
site-2xyv2b8yf.godaddysites.com
19 VTTaken Down
soleryxastrael88.com
19 VTTaken Down
sso--uphoold--cdn-autth-x.typedream.app
19 VT
stake10719.com
19 VTLive
stakingsreward.one
19 VTLive
starsupdate.live
19 VT
startgamb.cc
19 VTLive
store.workshop-glock18.cc
19 VTTaken Down
sulvix-850v.com
19 VTLive
symphonious-cannoli-76b929.netlify.app
19 VTTaken DownWallet Connect Abuse
t-mobile.awpqk.cc
19 VTLive
t-mobile.ftqrt.cc
19 VTLive
t-mobile.ftrjd.cc
19 VTLive
t-mobile.gtfic.cc
19 VTLive
t-mobile.hztkv.cc
19 VTLive
t-mobile.ieulc.cc
19 VTLive
t-mobile.miqr.cc
19 VTLive
t-mobile.oflxe.cc
19 VTLive
t-mobile.osawe.cc
19 VTTaken Down
t-mobile.qarhj.cc
19 VTLive
t-mobile.steig.cc
19 VTLive
« Prev ... 8 9 10 11 12 13 14 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,066+ domains with security reports

Live Threats

58,927 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence