Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 18,819 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

150,064Total Detected
109,129Taken Down
76.6%Kill Rate
92.6%VT Coverage
40,048Abuse Reports
Overview May 263,971 Apr 2615,639 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 55.3%
18,819
12,748
Taken Down
4,993
Still Live
67.7%
Kill Rate
369h
Avg Response
6.5
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
CloudFlare, Inc. 4,008
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,476
PDR Ltd. d/b/a PublicDomainRegistry.com 863
Dynadot LLC 672
Gname.com Pte. Ltd. 666
GoDaddy.com, LLC 665
NameSilo, LLC 575
Ultahost, Inc. 483

Targeted Brands

BrandDomains
Ledger 1,355
Kraken 406
Trezor 372
Solana 333
Airdrop Scam 299
OKX 288
across 281
Google 248

Top TLDs

.com5,493 .dev3,807 .xyz995 .io955 .app915 .cc710 .net605 .org409

Hosting Countries

🇺🇸 US7,876 🇨🇦 CA6,963 🇩🇪 DE944 🇳🇱 NL652 🇭🇰 HK391 🇷🇺 RU194 🇫🇷 FR148 🇸🇬 SG140

Active Drainer Kits

Solana Drainer184 Angel Drainer5 Inferno Drainer5 Wallet Connect Abuse5 wallet_drainer2

March 2026 Domains (18,819)

Sorted by VirusTotal detections. Click any domain for full security report.

google8989.top
1 VTTaken Down
goopentext.com
1 VTLive
gork.websites.lat
1 VTTaken Down
gospacetwin.com
1 VTTaken Down
governance-moonwell.com
1 VTTaken Down
governance-moonwell.finance
1 VTTaken Down
gowlysolcoin.com
1 VT
gpunoderewards.xyz
1 VTTaken Down
granfeldinvest.com
1 VTTaken Down
grassfoundation.xyz
1 VTLive
greenbitcoin-claiim.pages.dev
1 VTLive
greenbitcoin-xyz-en.pages.dev
1 VTLive
greenmarkett247.store
1 VTTaken Down
grizzlychange.com
1 VTTaken Down
gro25b-cointelegraph.com
1 VTTaken Down
gro38z.net
1 VTTaken Down
gro82x-cointelegraph.com
1 VTTaken Down
gro88k-fxempire.com
1 VTTaken Down
grok-ainetwork.org
1 VTTaken Down
grok49k.tech
1 VTTaken Down
grok4k9.tech
1 VTTaken Down
grupoolampanama.com
1 VTTaken Down
grvt.io-ref.lat
1 VTTaken Down
gtasanandreas-apk.com
1 VTTaken Down
gtbmhj.com
1 VTTaken Down
guaranteedreturntrade.com
1 VTTaken Down
guide-ledgrr-liwe-us.pages.dev
1 VTLive
gulfinvestmentservices.com
1 VTTaken Down
gunfiresquad.io
1 VTLive
gustavoasaell.github.io
1 VTLive
gwgas.xyz
1 VTLive
h4ck.pages.dev
1 VTLive
h5.cnmeihua.com
1 VTTaken Down
h5.uniusd.com
1 VTTaken Down
h5.veloxam.io
1 VTTaken Down
h58sugnrnd.wggts9hcj6eatbyfy.net
1 VT
hackingproteam.com
1 VTTaken Down
hahatogelea.com
1 VTTaken Down
haiwaihao.com
1 VTTaken Down
haiws.com
1 VTTaken Down
hamo-telegram-proxy.pages.dev
1 VTLive
happymod.net.co
1 VTTaken Down
hardcore25.biz
1 VTTaken Down
harmony-bridge.com
1 VTTaken Down
harmony-voice.io
1 VTTaken Down
harmonybridge.us
1 VTTaken Down
haulwavelogistics.com
1 VTTaken Down
haxi.mgtindex.com
1 VTTaken Down
hbmhcw.net
1 VTTaken Down
hdstraemz.org
1 VTTaken Down
hdstreamzs.com.pk
1 VTTaken Down
healixprotocol-in.pages.dev
1 VTLive
hefservice.com
1 VTTaken Down
heleket-payment.com
1 VTTaken Down
helium-migration.live
1 VTTaken Down
help-ledger-cm-strt.pages.dev
1 VTLive
help-start-ledgerlive.pages.dev
1 VTLive
help-trust-wallet.pages.dev
1 VTTaken Down
help.ipsconfirm.com
1 VT
help.valveconfirm.com
1 VTTaken Down
« Prev ... 255 256 257 258 259 260 261 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

150,064+ domains with security reports

Live Threats

33,307 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence