Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 18,819 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

150,100Total Detected
108,890Taken Down
76.5%Kill Rate
92.6%VT Coverage
40,055Abuse Reports
Overview May 263,986 Apr 2615,639 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 55.3%
18,819
12,573
Taken Down
5,139
Still Live
66.8%
Kill Rate
369h
Avg Response
6.5
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
CloudFlare, Inc. 4,008
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,476
PDR Ltd. d/b/a PublicDomainRegistry.com 863
Dynadot LLC 672
Gname.com Pte. Ltd. 666
GoDaddy.com, LLC 665
NameSilo, LLC 575
Ultahost, Inc. 483

Targeted Brands

BrandDomains
Ledger 1,355
Kraken 406
Trezor 372
Solana 333
Airdrop Scam 299
OKX 288
across 281
Google 248

Top TLDs

.com5,493 .dev3,807 .xyz995 .io955 .app915 .cc710 .net605 .org409

Hosting Countries

🇺🇸 US7,876 🇨🇦 CA6,963 🇩🇪 DE944 🇳🇱 NL652 🇭🇰 HK391 🇷🇺 RU194 🇫🇷 FR148 🇸🇬 SG140

Active Drainer Kits

Solana Drainer184 Angel Drainer5 Inferno Drainer5 Wallet Connect Abuse5 wallet_drainer2

March 2026 Domains (18,819)

Sorted by VirusTotal detections. Click any domain for full security report.

rake-bit.es
1 VTTaken Down
ralinia.it
1 VTTaken Down
ramkids.gr
1 VTTaken Down
ramptoken.org
1 VTTaken Down
randdsprinklers.co.uk
1 VTTaken Down
ranebit.com
1 VTTaken Down
rapid-firefly-549b.asvgd.workers.dev
1 VTLive
rareseanft.com
1 VT
rarible-ai.com
1 VTTaken Down
rarvom.com
1 VTTaken Down
rastreio.jltransportelogistica.com
1 VTTaken Down
ravipateriya.in
1 VT
raydium.jlp.ag
1 VTTaken Down
raydiumdapp-revshare.website
1 VTTaken Down
raydiumswap9.wordpress.com
1 VTTaken Down
raydlium.pro
1 VTTaken Down
rbxflip.xyz
1 VTTaken Down
rbywlt3243gfg.ayodeji-820.workers.dev
1 VTTaken Down
rcbot.biz
1 VTTaken Down
rcclub.cc
1 VTTaken Down
re-verifyrpc.pages.dev
1 VTLive
realwoopt.live
1 VTTaken Down
reawake.online
1 VTLive
recoverwest.com
1 VTTaken Down
redeem-ethereal.app
1 VT
redeem-ethereal.com
1 VTTaken Down
redrabbit.fun
1 VT
redrobih.com
1 VTTaken Down
reduks.store
1 VTLive
reg-arcade-exf.pages.dev
1 VTLive
register-flyingtulip.xyz
1 VTTaken Down
register-memehouse.fun
1 VTTaken Down
register-neet.xyz
1 VTTaken Down
register-openclaw.xyz
1 VTTaken Down
register-ripple.com
1 VTTaken Down
register-slurmit.fun
1 VTTaken Down
register-variational.com
1 VTTaken Down
remi7.vip
1 VTTaken Down
remixr.app
1 VTTaken Down
renbridge.pro
1 VTTaken Down
rentfee.net
1 VT
repchain.app
1 VTTaken Down
republic24.biz
1 VTTaken Down
reservecertitude.com
1 VTTaken Down
resilient-bublanina-c4ca5b.netlify.app
1 VTTaken Down
restake-etherfi.xyz
1 VTTaken Down
resto-manage.com
1 VTTaken Down
retail-ledgr.pages.dev
1 VTLive
retrobridge-portal.com
1 VTTaken Down
reviewfile-x.com
1 VT
reviewspoty.com
1 VTTaken Down
revolution-coredaoorg.pages.dev
1 VTLive
revs-stonks.pages.dev
1 VTLive
revseguro.com
1 VTTaken Down
reward-moonwell.fi
1 VTTaken Down
reward-ore.supply
1 VTTaken Down
reward-variational.com
1 VTLive
reward-zeralabs.org
1 VTTaken Down
rewards-based.one
1 VTTaken Down
rewards-ethereal.trade
1 VT
« Prev ... 272 273 274 275 276 277 278 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

150,100+ domains with security reports

Live Threats

33,381 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence