Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 17,920 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

117,931Total Detected
72,714Taken Down
72.1%Kill Rate
93.8%VT Coverage
30,047Abuse Reports
Overview Mar 2617,920 Feb 2642,204 Jan 268,931 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 57.5%
17,920
8,391
Taken Down
6,689
Still Live
46.8%
Kill Rate
119h
Avg Response
6.4
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
Cloudflare, Inc. 3,378
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,245
PDR Ltd. d/b/a PublicDomainRegistry.com 859
Dynadot LLC 709
Gname.com Pte. Ltd. 646
GoDaddy.com, LLC 593
NameSilo, LLC 563
Ultahost, Inc. 490

Targeted Brands

BrandDomains
Ledger 916
Airdrop Scam 313
Solana 269
Trezor 243
OKX 234
across 219
Coinbase 216
Base 206

Top TLDs

.com5,071 .dev3,182 .xyz915 .io833 .app832 .cc575 .net540 .org375

Hosting Countries

🇺🇸 US7,380 🇩🇪 DE534 🇳🇱 NL445 🇭🇰 HK270 🇷🇺 RU131 🇫🇷 FR92 🇸🇬 SG78 PL54

Active Drainer Kits

Solana Drainer161 Wallet Connect Abuse5 Angel Drainer3 wallet_drainer2 Inferno Drainer1

March 2026 Domains (17,920)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of gxmuseum.com
gxmuseum.com
Taken Down
Screenshot of halbornsecurities.pages.dev
halbornsecurities.pages.dev
Screenshot of hamstertools.pro
hamstertools.pro
Live
hardcore24.biz/phishing
Taken Down
Screenshot of hazard.team/dymkphyudoekcxhfnrmtbdninmgaglxepfnbiblsmdmein
hazard.team/dymkphyudoekcxhfnrmtbdninmgaglxepfnbiblsmdmein
Taken Down
Screenshot of healixprotocol-in.pages.dev
healixprotocol-in.pages.dev
Screenshot of healthtrackersoft.xyz
healthtrackersoft.xyz
Live
Screenshot of help-ledgostart.pages.dev
help-ledgostart.pages.dev
Screenshot of help.ip-identitycheck.com/profile/id/76561198424094904
help.ip-identitycheck.com/profile/id/76561198424094904
Taken Down
Screenshot of help.steampoweredip.com/id/76561198381213140
help.steampoweredip.com/id/76561198381213140
Taken Down
Screenshot of help.steampoweredl.com/en/profile/76561198983097659
help.steampoweredl.com/en/profile/76561198983097659
Taken Down
Screenshot of help.steampowereip.com/profile/76561199810258047
help.steampowereip.com/profile/76561199810258047
Taken Down
Screenshot of help.steampowerid.com/user/76561198968492684
help.steampowerid.com/user/76561198968492684
Screenshot of help.valveconfirmip.com/user/76561198299997192
help.valveconfirmip.com/user/76561198299997192
Taken Down
Screenshot of help.valvesecure.com
help.valvesecure.com
Live
Screenshot of help.verificationvalveip.com/ticket/76561199004217966
help.verificationvalveip.com/ticket/76561199004217966
Taken Down
Screenshot of helpliveus.ghost.io/live-desktop
helpliveus.ghost.io/live-desktop
Taken Down
Screenshot of hetalis-vita.click/butterflyy
hetalis-vita.click/butterflyy
Taken Down
Screenshot of hfggdfgj.pages.dev
hfggdfgj.pages.dev
Screenshot of hiatrer.com/admin
hiatrer.com/admin
Taken Down
Screenshot of hl-dex-v3.app/kinetiq
hl-dex-v3.app/kinetiq
Taken Down
Screenshot of hmnd.airsdropalerts.xyz/claim-hmnd-airdrop/55c0635c-55bf-46de-bbcc-5e2c27476e85
hmnd.airsdropalerts.xyz/claim-hmnd-airdrop/55c0635c-55bf-46de-bbcc-5e2c27476e85
Taken Down
Screenshot of home-bridge-eng.hashnode.dev
home-bridge-eng.hashnode.dev
Screenshot of home-learn.ghost.io/suite
home-learn.ghost.io/suite
Taken Down
home-ledegrlive.framer.media/app
Taken Down
Screenshot of home-page.ghost.io/suite
home-page.ghost.io/suite
Taken Down
Screenshot of home-suitesd-trizor.pages.dev
home-suitesd-trizor.pages.dev
Live
Screenshot of home-uphold-web.pages.dev
home-uphold-web.pages.dev
Live
Screenshot of homeapps.ghost.io/suite
homeapps.ghost.io/suite
Taken Down
Screenshot of homebeginio.ghost.io/desktop
homebeginio.ghost.io/desktop
Taken Down
Screenshot of homeportal.ghost.io/enus-suite
homeportal.ghost.io/enus-suite
Taken Down
Screenshot of homeservice.ghost.io/start-en
homeservice.ghost.io/start-en
Taken Down
Screenshot of houserewardbonus-b0x.pages.dev
houserewardbonus-b0x.pages.dev
Taken Down
Screenshot of https--krab2.cc
https--krab2.cc
Live
Screenshot of hub-jupuary.com/airdrop-checker
hub-jupuary.com/airdrop-checker
Screenshot of hubtracer.com/admin
hubtracer.com/admin
Taken Down
hunt.airsdropalerts.lol/claim-hunt-airdrop/2e5772e4-add6-4899-972f-06ed16a52125
Taken Down
Screenshot of hvfcu.bwfm.platform.verint.com
hvfcu.bwfm.platform.verint.com
Live
Screenshot of hydri4.github.io
hydri4.github.io
Screenshot of hyperbeatinvites.org
hyperbeatinvites.org
Live
Screenshot of hyperilquid.foundaiton.sbs/en?utm_source=bing_original_site=successfully&utm_source=bing&utm_medium=cpc&utm_term=trading_p
hyperilquid.foundaiton.sbs/en?utm_source=bing_original_site=successfully&utm_source=bing&utm_medium=cpc&utm_term=trading_p
Taken Down
Screenshot of hyperliqudi.com
hyperliqudi.com
Screenshot of hyperliqui.io
hyperliqui.io
Live
Screenshot of hyperliquid-bot.com
hyperliquid-bot.com
Screenshot of hyperliquid-data.com
hyperliquid-data.com
Screenshot of hyperliquid-referral-code.com
hyperliquid-referral-code.com
Screenshot of hyperliquid.chrisling.dev
hyperliquid.chrisling.dev
Screenshot of hyperliquid.cm
hyperliquid.cm
Screenshot of hyperliquid.com.pl
hyperliquid.com.pl
Screenshot of hyperliquid.complexcon.net
hyperliquid.complexcon.net
Screenshot of hyperliquid.d-hirechain.com
hyperliquid.d-hirechain.com
Screenshot of hyperliquid.dev
hyperliquid.dev
Screenshot of hyperliquid.fm
hyperliquid.fm
Screenshot of hyperliquid.gigabrain.gg
hyperliquid.gigabrain.gg
Screenshot of hyperliquid.in2026.top
hyperliquid.in2026.top
Screenshot of hyperliquid.international
hyperliquid.international
Screenshot of hyperliquid.ist
hyperliquid.ist
Screenshot of hyperliquid.jp
hyperliquid.jp
Screenshot of hyperliquid.nl
hyperliquid.nl
Screenshot of hyperliquid.se
hyperliquid.se
« Prev ... 272 273 274 275 276 277 278 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

117,931+ domains with security reports

Live Threats

28,133 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence