Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 18,821 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

146,053Total Detected
79,237Taken Down
57%Kill Rate
92.4%VT Coverage
38,873Abuse Reports
Overview May 261,969 Apr 2615,640 Mar 2618,821 Feb 2642,102 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 55.3%
18,821
9,929
Taken Down
7,829
Still Live
52.8%
Kill Rate
320h
Avg Response
6.5
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
CloudFlare, Inc. 4,008
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,476
PDR Ltd. d/b/a PublicDomainRegistry.com 862
Dynadot LLC 672
GoDaddy.com, LLC 666
Gname.com Pte. Ltd. 666
NameSilo, LLC 575
Ultahost, Inc. 483

Targeted Brands

BrandDomains
Ledger 1,355
Kraken 406
Trezor 372
Solana 333
Airdrop Scam 299
OKX 288
across 281
Google 248

Top TLDs

.com5,494 .dev3,807 .xyz995 .io955 .app915 .cc710 .net605 .org409

Hosting Countries

🇺🇸 US7,876 🇨🇦 CA6,962 🇩🇪 DE944 🇳🇱 NL652 🇭🇰 HK391 🇷🇺 RU194 🇫🇷 FR148 🇸🇬 SG140

Active Drainer Kits

Solana Drainer184 Angel Drainer5 Inferno Drainer5 Wallet Connect Abuse5 wallet_drainer2

March 2026 Domains (18,821)

Sorted by VirusTotal detections. Click any domain for full security report.

paypal-account-login.eliaswebstudio.com
23 VTTaken Down
ridistrict.com
23 VTTaken Down
robiox.com.gr
23 VTTaken Down
safearea.putunesimbah.de
23 VTTaken Down
share-instagram.com
23 VTTaken Down
sp1-d.jp
23 VTLive
sprightly-longma-4a5bc1.netlify.app
23 VTLive
tk-h5.spys1010.vip
23 VTTaken Down
tk8879.com
23 VTLive
twezygame.xyz
23 VTTaken Down
usherkomugisha.com
23 VT
w64x.xyz
23 VTTaken Down
w65v.xyz
23 VTTaken Down
wallet.0x0.su
23 VTLive
watchhr.biz
23 VTTaken Down
westandard.appwrite.network
23 VTLive
what-apps.com
23 VTTaken Down
whatscvpp.top
23 VTTaken Down
xxzye-d.santxye.biz.id
23 VTTaken Down
zelleapayhelplinenumber.webflow.io
23 VTTaken Down
121jio.luxemte.cc
22 VTTaken Down
63390.xyz
22 VTTaken Down
68147.xyz
22 VTTaken Down
8563-coinbase.com
22 VTTaken Down
acceso-ya1.webcindario.com
22 VTTaken Down
accounts.bmwweb.cc
22 VTLive
adobedrive-developproject.appwrite.network
22 VTLive
aktivasiixm-payllterdna.luciferxyz.biz.id
22 VTTaken Down
allegro.2398g9848394.cyou
22 VTTaken Down
allegro.pruwtao367201.cfd
22 VTTaken Down
allegrolokalne.sbs
22 VTLive
amazon-clone-tau-lemon-59.vercel.app
22 VTLive
amazon-clone-three-sandy.vercel.app
22 VTLive
amazon.deviceperks.com
22 VT
amazonwebclone.vercel.app
22 VTLive
apply-black.vercel.app
22 VTLive
at-t-mail-16b827.webflow.io
22 VTTaken Down
b249n.xyz
22 VTTaken Down
bafkreictgoqh23cwflhs54whbr4qfmydt6b37wkeai4mie7vdq3tcistxe.ipfs.dweb.link
22 VTTaken Down
bet426.cc
22 VTTaken Down
centre-backup-exodus-com-u.vercel.app
22 VTTaken Down
chartreuse-color-879469.framer.app
22 VTTaken Down
coiniybessiprrologn.godaddysites.com
22 VTTaken Down
cyrexmods.to
22 VTTaken Down
dainty-faloodeh-f44b02.netlify.app
22 VTTaken Down
dana-bantuan.official-helpp.web.id
22 VTTaken Down
danon.rajawaliabadistore.my.id
22 VTTaken Down
dappaccesswallets.netlify.app
22 VTLive
discord.imms.top
22 VTTaken Down
dnaazxformnn.stormiexyz.my.id
22 VTTaken Down
dotnotblock-pfwzl61nwt.edgeone.app
22 VTTaken Down
dvo-a.com
22 VTTaken Down
e138a.xyz
22 VTTaken Down
easy-bank-landing-page-ecru.vercel.app
22 VTLive
event-pancakeswap.app
22 VTTaken Down
extrabet2451.com
22 VTTaken Down
extraordinary-pastelito-8d4c5e.netlify.app
22 VTLive
facebook-clone-nu-nine.vercel.app
22 VTLive
facebook-clone-theta-nine.vercel.app
22 VTLive
facebook-frontend-capstone.vercel.app
22 VTLive
« Prev 1 2 3 4 5 6 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

146,053+ domains with security reports

Live Threats

59,687 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence