Overview
Mar 2617,671
Feb 2642,204
Jan 268,931
Dec 2511,773
Nov 2512,579
Oct 258,841
Sep 257,307
Aug 253,788
Jul 25700
Jun 254
March 2026 Intelligence Report
58.1%
17,671
8,382
Taken Down
6,700
Still Live
47.4%
Kill Rate
120h
Avg Response
6.4
Avg VT Score
In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..
- NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
- Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
- The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
- The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
- Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
- Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Top Registrars
| Registrar | Domains |
|---|---|
| Cloudflare, Inc. | 3,248 |
| NICENIC INTERNATIONAL GROUP CO., LIMITED | 3,231 |
| PDR Ltd. d/b/a PublicDomainRegistry.com | 856 |
| Dynadot LLC | 709 |
| GNAME.COM PTE. LTD. | 620 |
| GoDaddy.com, LLC | 587 |
| NameSilo, LLC | 561 |
| Ultahost, Inc. | 490 |
Active Drainer Kits
March 2026 Domains (17,671)
Sorted by VirusTotal detections. Click any domain for full security report.
Detection Trends
Monthly domain volume, kill rate, and live threats over time.
Monthly Detected Domains
Kill Rate %
Explore More
Related intelligence pages and data feeds.