Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 9,503 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

107,739Total Detected
92,561Taken Down
86.3%Kill Rate
94.2%VT Coverage
25,335Abuse Reports
Overview Mar 269,503 Feb 2618,204 Jan 268,931 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 47.8%
9,503
6,829
Taken Down
2,240
Still Live
71.9%
Kill Rate
124h
Avg Response
6.0
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,639
Cloudflare, Inc. 1,038
PDR Ltd. d/b/a PublicDomainRegistry.com 579
Dynadot LLC 540
Gname.com Pte. Ltd. 474
Ultahost, Inc. 463
NameSilo, LLC 406
NameCheap, Inc. 319

Targeted Brands

BrandDomains
Coinbase 140
Solana 139
Exodus 103
OKX 88
Ledger 82
KuCoin 75
Trust Wallet 74
Sui 72

Top TLDs

.com3,401 .dev847 .xyz594 .app592 .io489 .net321 .org237 .cc228

Hosting Countries

🇺🇸 US4,955 🇩🇪 DE392 🇳🇱 NL325 🇭🇰 HK201 🇷🇺 RU90 🇫🇷 FR72 🇸🇬 SG54 🇨🇦 CA45

Active Drainer Kits

Solana Drainer117 Wallet Connect Abuse4

March 2026 Domains (9,503)

Sorted by VirusTotal detections. Click any domain for full security report.

netflix-clone-khaki-seven.vercel.app
22 VTTaken Down
netflix-clone-olive-ten.vercel.app
22 VTLive
netflix-clone-rust-five.vercel.app
22 VTTaken Down
pinjaman-01.barracuda.my.id
22 VTTaken Down
pinjamancepatsdri.seller.biz.id
22 VTTaken Down
pinjmaxregistxden.twxyz.my.id
22 VTTaken Down
proxy.jmkjsh.com
22 VTTaken Down
secure--sso-index-kucoin.webflow.io
22 VTTaken Down
sp1-d.jp
22 VTLive
theccguydeliveries.netlify.app
22 VTTaken Down
torvex7.vip
22 VTTaken Down
trezor-support.vercel.app
22 VTLive
vikiflix.netlify.app
22 VTTaken Down
wacheck.services
22 VTTaken Down
wap.imtoken-trade.com
22 VTTaken Down
westandard.appwrite.network
22 VTLive
whatsapp-clone-desktop.vercel.app
22 VTLive
wzwetcva.top
22 VTLive
x110u.xyz
22 VTTaken Down
xxyez-ld.nxtxle.biz.id
22 VTTaken Down
121glo.proxer.cc
21 VTTaken Down
401564coinbase.com
21 VTTaken Down
58425eef-34d9-4648-8e00-c8d7b9452cc1-00-3lfmewycu9qwo.janeway.replit.dev
21 VTTaken Down
6981f042ccad4d00a690b068--wonderful-puppy-834e9a.netlify.app
21 VTLive
accessopenseamints10.vercel.app
21 VTTaken Down
accessopenseamints2.vercel.app
21 VTTaken Down
accessopenseamints3.vercel.app
21 VTTaken Down
accessopenseamints4.vercel.app
21 VTTaken Down
accessopenseamints5.vercel.app
21 VTTaken Down
accessopenseamints6.vercel.app
21 VTTaken Down
accessopenseamints9.vercel.app
21 VTTaken Down
airbnb-clone-coral.vercel.app
21 VTLive
aktifkannpaylatterll.resmi-mil3.art
21 VTTaken Down
akttifkanpayylattersxx4.resmi-lzo3.art
21 VTTaken Down
all-imager-hst.click
21 VTTaken Down
amazon-clone-alpha-seven.vercel.app
21 VTTaken Down
amazon-clone-jade-ten.vercel.app
21 VTLive
amazon-clone-opal-seven.vercel.app
21 VTLive
amazon-clone-red-seven.vercel.app
21 VTLive
amazon-clone-xi-blush.vercel.app
21 VTLive
amazon-landing-page-ui.vercel.app
21 VTLive
amazonclone-saurabh.netlify.app
21 VTLive
azerty-46.github.io
21 VTTaken Down
bafkreidsfteign6t345vr7fozvxb3jcg7h4rojn2c6kmvjrxpmgdsslx4e.ipfs.dweb.link
21 VTTaken Down
bantuan-dana.layanan-resmii.biz.id
21 VTTaken Down
bellsouth-unit-sign-in-att.webflow.io
21 VTTaken Down
bet73041.com
21 VTTaken Down
ccgdelivery.netlify.app
21 VTTaken Down
chnsaulins.duckdns.org
21 VTTaken Down
coinsqoareloggin.webflow.io
21 VTLive
dancing-raindrop-014955.netlify.app
21 VTTaken Down
dappwalletcheck.vercel.app
21 VTTaken Down
digitaskerofficial.vip
21 VTTaken Down
e138s.xyz
21 VTTaken Down
easybank-sand.vercel.app
21 VTTaken Down
f232w.xyz
21 VTTaken Down
fbshop689.com
21 VTTaken Down
geminilogi9.webflow.io
21 VTTaken Down
gemmineelogiz.webflow.io
21 VTLive
h101g.xyz
21 VTTaken Down
« Prev 1 2 3 4 5 6 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

107,739+ domains with security reports

Live Threats

14,744 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence