The most significant finding for January 2026 is a <strong>24.1%</strong> decrease in detected phishing domains compared to the previous month, totaling <strong>8,932</strong> domains. Despite this reduction, <strong>1,823</strong> domains remain active, indicating a need for improved takedown strategies. The takedown rate stands at <strong>79.6%</strong>, showing effectiveness but also highlighting a gap in response times, with a mean registrar response time of <strong>782.6</strong> hours. Notably, there is a shift towards targeting crypto-related brands, with <strong>Crypto Scam</strong> domains leading at <strong>792</strong> detections, suggesting a change in attacker focus and potential vulnerabilities in the crypto sector.
- <strong>NICENIC INTERNATIONAL GROUP CO., LIMITED</strong> remains the top abused registrar with <strong>1,300</strong> domains, indicating a persistent issue with registrar oversight.
- Crypto-related brands are increasingly targeted, with <strong>Crypto Scam</strong> and <strong>Coinbase</strong> among the top, suggesting attackers are exploiting the volatile crypto market.
- The <strong>.com</strong> TLD continues to be the most weaponized, accounting for <strong>3,249</strong> domains, reflecting its broad usage and trust.
- The <strong>solana_drainer</strong> kit is the most prevalent, with <strong>213</strong> instances, posing significant risks of wallet drains and seed theft for victims.
- The US remains the primary hosting geography with <strong>2,024</strong> domains, but notable activity is seen in <strong>HK</strong> and <strong>DE</strong>, indicating a geographic shift.
- Registrar response times remain high at <strong>782.6</strong> hours, necessitating faster action to reduce active phishing threats.
Top Registrars
| Registrar | Domains |
|---|---|
| NiceNIC International Group Co., Limited | 1,315 |
| PDR Ltd. d/b/a PublicDomainRegistry.com | 972 |
| Gname.com Pte. Ltd. | 782 |
| Dynadot LLC | 453 |
| Web Commerce Communications Limited | 446 |
| NameCheap, Inc. | 438 |
| NameSilo, LLC | 436 |
| GoDaddy.com, LLC | 340 |
Targeted Brands
| Brand | Domains |
|---|---|
| Crypto Casino / Gambling | 1,150 |
| x.com | 516 |
| argent | 451 |
| across | 384 |
| base | 284 |
| binance | 277 |
| Coinbase | 180 |
| Airdrop Scam | 149 |
Active Drainer Kits
January 2026 Domains (8,924)
Sorted by VirusTotal detections. Click any domain for full security report.
Detection Trends
Monthly domain volume, kill rate, and live threats over time.
Monthly Detected Domains
Kill Rate %
Explore More
Related intelligence pages and data feeds.