Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 18,719 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

119,791Total Detected
74,420Taken Down
72.7%Kill Rate
94.1%VT Coverage
30,457Abuse Reports
Overview Mar 2618,719 Feb 2642,203 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 55.6%
18,719
8,975
Taken Down
6,576
Still Live
47.9%
Kill Rate
114h
Avg Response
6.4
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
Cloudflare, Inc. 3,561
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,503
PDR Ltd. d/b/a PublicDomainRegistry.com 870
DYNADOT LLC 717
Gname.com Pte. Ltd. 651
GoDaddy.com, LLC 615
NameSilo, LLC 574
Ultahost, Inc. 490

Targeted Brands

BrandDomains
Ledger 1,221
Kraken 404
Airdrop Scam 360
Trezor 358
Solana 308
OKX 259
Coinbase 225
Google 220

Top TLDs

.com5,260 .dev3,366 .xyz926 .io891 .app846 .cc697 .net589 .org383

Hosting Countries

🇺🇸 US7,380 🇩🇪 DE534 🇳🇱 NL445 🇭🇰 HK270 🇷🇺 RU131 🇫🇷 FR92 🇸🇬 SG78 PL54

Active Drainer Kits

Solana Drainer166 Wallet Connect Abuse5 Angel Drainer3 wallet_drainer2 Inferno Drainer1

March 2026 Domains (18,719)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of started-trezo.wixstudio.com
started-trezo.wixstudio.com
Taken Down
Screenshot of started.ghost.io/device
started.ghost.io/device
Taken Down
Screenshot of startedapp.ghost.io/en-desktop
startedapp.ghost.io/en-desktop
Taken Down
Screenshot of startedpages.ghost.io/en-desktop
startedpages.ghost.io/en-desktop
Taken Down
Screenshot of startedsetup.ghost.io/suite-en
startedsetup.ghost.io/suite-en
Taken Down
Screenshot of startedweb.ghost.io/ledger-live
startedweb.ghost.io/ledger-live
Taken Down
Screenshot of startf.ghost.io/ledger
startf.ghost.io/ledger
Taken Down
Screenshot of startfaqs.ghost.io/ledger-begin
startfaqs.ghost.io/ledger-begin
Taken Down
Screenshot of startflow.ghost.io/trezor-suites-us
startflow.ghost.io/trezor-suites-us
Taken Down
Screenshot of startguide.ghost.io/exodus
startguide.ghost.io/exodus
Taken Down
Screenshot of starti.ghost.io/suite
starti.ghost.io/suite
Taken Down
Screenshot of starting-gets.ghost.io
starting-gets.ghost.io
Screenshot of startinstall.ghost.io/eng-us
startinstall.ghost.io/eng-us
Taken Down
Screenshot of startintro.ghost.io/exodus
startintro.ghost.io/exodus
Taken Down
Screenshot of startio-eng.ghost.io/en-suiteapp
startio-eng.ghost.io/en-suiteapp
Taken Down
Screenshot of startio-trezr.zapier.app/io-start
startio-trezr.zapier.app/io-start
Taken Down
Screenshot of startk.ghost.io/exodusweb-en
startk.ghost.io/exodusweb-en
Taken Down
Screenshot of startledegrapp.ghost.io/ledger-live-app
startledegrapp.ghost.io/ledger-live-app
Taken Down
Screenshot of startledge.ghost.io/en-start
startledge.ghost.io/en-start
Taken Down
Screenshot of startledgeer.ghost.io/app-ledger-live
startledgeer.ghost.io/app-ledger-live
Taken Down
Screenshot of startledgersso.ghost.io/ledger-live-en
startledgersso.ghost.io/ledger-live-en
Taken Down
Screenshot of startoi.ghost.io/exodus-web3
startoi.ghost.io/exodus-web3
Taken Down
Screenshot of startprimary.ghost.io/exodus-en
startprimary.ghost.io/exodus-en
Taken Down
Screenshot of startrezorio.ghost.io/us-en
startrezorio.ghost.io/us-en
Taken Down
startt.ghost.io/bridge-us
Taken Down
Screenshot of startup-eng.ghost.io/ledger-live
startup-eng.ghost.io/ledger-live
Taken Down
Screenshot of startupdate.ghost.io/en-desktop
startupdate.ghost.io/en-desktop
Taken Down
Screenshot of startusa.ghost.io/en-suite
startusa.ghost.io/en-suite
Taken Down
Screenshot of startwallet.ghost.io/trezor-start
startwallet.ghost.io/trezor-start
Taken Down
Screenshot of startwebpages.ghost.io/io-start-en
startwebpages.ghost.io/io-start-en
Taken Down
Screenshot of startwelcome.ghost.io/suite
startwelcome.ghost.io/suite
Taken Down
Screenshot of startxyz.ghost.io/us-suite
startxyz.ghost.io/us-suite
Taken Down
Screenshot of stashpatricks.in
stashpatricks.in
Taken Down
Screenshot of stashpatricks.in/login.php
stashpatricks.in/login.php
Taken Down
Screenshot of station-wallet.pages.dev
station-wallet.pages.dev
Screenshot of steam-winter.com/gift
steam-winter.com/gift
Taken Down
Screenshot of steamrip-media.pages.dev
steamrip-media.pages.dev
Screenshot of steones.com
steones.com
Taken Down
Screenshot of stilwellinvest.com/pc_home
stilwellinvest.com/pc_home
Taken Down
Screenshot of stipdep.cc/w
stipdep.cc/w
Taken Down
Screenshot of stm.oefq-jon.com/ba74c
stm.oefq-jon.com/ba74c
Taken Down
Screenshot of stocknexa.com
stocknexa.com
Live
Screenshot of stockpills.com
stockpills.com
Live
Screenshot of stoodio-doodles.com/check
stoodio-doodles.com/check
Taken Down
Screenshot of store.gerald-main.shop/e90ae
store.gerald-main.shop/e90ae
Taken Down
Screenshot of store.gerald1main.shop/eedfe
store.gerald1main.shop/eedfe
Taken Down
Screenshot of store.isaaclomman.com
store.isaaclomman.com
Taken Down
store.steamcommunlty.cc/advance/design/appdata/glock18
Taken Down
Screenshot of store.workshop-glock18.cc/steamapps/skins/advance/content
store.workshop-glock18.cc/steamapps/skins/advance/content
Taken Down
Screenshot of store.workshopartisthub.com/sharedfiles/filesdetails/famas_marble_mountain
store.workshopartisthub.com/sharedfiles/filesdetails/famas_marble_mountain
Taken Down
store.workshopartistlibrary.com/sharedfiles/filesdetails/unknown_warriors
Taken Down
Screenshot of store.workshopartistlocate.com/sharedfiles/filesdetails/aug_poseidon
store.workshopartistlocate.com/sharedfiles/filesdetails/aug_poseidon
Taken Down
Screenshot of store.workshopcomingmod.com/sharedfiles/filesdetails/aug_poseidon
store.workshopcomingmod.com/sharedfiles/filesdetails/aug_poseidon
Taken Down
Screenshot of store.workshopcomingskin.com/sharedfiles/filesdetails/aug_poseidons
store.workshopcomingskin.com/sharedfiles/filesdetails/aug_poseidons
Taken Down
Screenshot of store.workshopcommunityrare.com/sharedfiles/filesdetails/aug_poseidons
store.workshopcommunityrare.com/sharedfiles/filesdetails/aug_poseidons
Taken Down
Screenshot of store.workshopcommunityworks.com/sharedfiles/filesdetails/unknown_warriors
store.workshopcommunityworks.com/sharedfiles/filesdetails/unknown_warriors
Taken Down
Screenshot of store.workshopconceptdesign.com/sharedfiles/filesdetails/carondelet_charlatan
store.workshopconceptdesign.com/sharedfiles/filesdetails/carondelet_charlatan
Taken Down
Screenshot of store.workshopconnecskin.com/sharedfiles/filesdetails/carved_arabesque
store.workshopconnecskin.com/sharedfiles/filesdetails/carved_arabesque
Taken Down
Screenshot of store.workshopcontentvote.com/sharedfiles/filesdetails/carved_arabesque
store.workshopcontentvote.com/sharedfiles/filesdetails/carved_arabesque
Taken Down
Screenshot of store.workshopcreatorsdesign.com/sharedfiles/filesdetails/carved_arabesque
store.workshopcreatorsdesign.com/sharedfiles/filesdetails/carved_arabesque
Taken Down
« Prev ... 301 302 303 304 305 306 307 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

119,791+ domains with security reports

Live Threats

27,923 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence