Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 18,885 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

119,968Total Detected
74,519Taken Down
72.7%Kill Rate
94%VT Coverage
30,584Abuse Reports
Overview Mar 2618,885 Feb 2642,203 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 55.3%
18,885
9,062
Taken Down
6,663
Still Live
48%
Kill Rate
114h
Avg Response
6.4
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
Cloudflare, Inc. 3,591
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,516
PDR Ltd. d/b/a PublicDomainRegistry.com 879
Dynadot LLC 719
Gname.com Pte. Ltd. 654
GoDaddy.com, LLC 628
NameSilo, LLC 582
Ultahost, Inc. 490

Targeted Brands

BrandDomains
Ledger 1,236
Kraken 405
Airdrop Scam 361
Trezor 358
Solana 310
OKX 262
Coinbase 225
Google 220

Top TLDs

.com5,308 .dev3,393 .xyz935 .io892 .app849 .cc700 .net592 .org391

Hosting Countries

🇺🇸 US7,380 🇩🇪 DE534 🇳🇱 NL445 🇭🇰 HK270 🇷🇺 RU131 🇫🇷 FR92 🇸🇬 SG78 PL54

Active Drainer Kits

Solana Drainer168 Wallet Connect Abuse5 Angel Drainer3 wallet_drainer2 Inferno Drainer1

March 2026 Domains (18,885)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of trzzor-bridge.wixstudio.com
trzzor-bridge.wixstudio.com
Taken Down
Screenshot of twlist.com
twlist.com
Screenshot of twt02.top/usdc
twt02.top/usdc
Taken Down
Screenshot of tww18.cc/phishing
tww18.cc/phishing
Taken Down
Screenshot of txbcgl-z9on3m-prabath2006-9df8d166.koyeb.app/log
txbcgl-z9on3m-prabath2006-9df8d166.koyeb.app/log
Taken Down
Screenshot of typusfiinance.pages.dev
typusfiinance.pages.dev
Screenshot of tzer-bridg-us.pages.dev
tzer-bridg-us.pages.dev
Live
Screenshot of unapp-vault-v4.com
unapp-vault-v4.com
Livewallet_drainer
Screenshot of unified-mpc.amidoggy.xyz
unified-mpc.amidoggy.xyz
Screenshot of unifiednodefix.pages.dev
unifiednodefix.pages.dev
Live
Screenshot of unifrewardpad.xyz
unifrewardpad.xyz
Live
Screenshot of unify-protocol.info
unify-protocol.info
Screenshot of uniswap-ai.github.io
uniswap-ai.github.io
Live
Screenshot of uniswap-invest.com
uniswap-invest.com
Taken Down
Screenshot of unitas-evm-dapp-29x.pages.dev
unitas-evm-dapp-29x.pages.dev
Live
Screenshot of unstakeyield.xyz
unstakeyield.xyz
Screenshot of uperuperbell.com/b30f1
uperuperbell.com/b30f1
Taken Down
Screenshot of uploader.irys.xyz/4w6sSeVKynfcVSG9YUDe1LJHM4aMWNhgrFvvBk5QmZko
uploader.irys.xyz/4w6sSeVKynfcVSG9YUDe1LJHM4aMWNhgrFvvBk5QmZko
Taken Down
Screenshot of us-leger-io.pages.dev
us-leger-io.pages.dev
Screenshot of us-live-legr.pages.dev
us-live-legr.pages.dev
Live
Screenshot of us-publicstart.ghost.io/bridge
us-publicstart.ghost.io/bridge
Taken Down
Screenshot of us-suite-start.pages.dev
us-suite-start.pages.dev
Screenshot of us-walet-ledgre.pages.dev
us-walet-ledgre.pages.dev
Live
Screenshot of us05web.zoom.us
us05web.zoom.us
Live
Screenshot of usdc.bz/host
usdc.bz/host
Taken Down
Screenshot of usdt-99.com
usdt-99.com
Taken Down
Screenshot of usdt-no-kyc.exchange
usdt-no-kyc.exchange
usdtl0.to/transfer
Screenshot of uselive.ghost.io/bridge-en
uselive.ghost.io/bridge-en
Taken Down
Screenshot of userbegin.ghost.io/suite-desktop
userbegin.ghost.io/suite-desktop
Taken Down
Screenshot of userconnect.ghost.io/ledger
userconnect.ghost.io/ledger
Taken Down
Screenshot of userhelp.ghost.io/en-suite
userhelp.ghost.io/en-suite
Taken Down
Screenshot of userhome.ghost.io/exodus-web3
userhome.ghost.io/exodus-web3
Taken Down
Screenshot of username228.icu/sbgjtwuwesuvaeilmgcllanjoehjgembiysvn
username228.icu/sbgjtwuwesuvaeilmgcllanjoehjgembiysvn
Taken Down
Screenshot of userportal.ghost.io/desktop-en
userportal.ghost.io/desktop-en
Taken Down
Screenshot of users-kelpdao.com/airdrop/launchpad
users-kelpdao.com/airdrop/launchpad
Screenshot of userstarted.ghost.io/desktop-en
userstarted.ghost.io/desktop-en
Taken Down
Screenshot of usguide.ghost.io/setup
usguide.ghost.io/setup
Taken Down
Screenshot of usor.digital/event
usor.digital/event
Taken Down
Screenshot of usor.solplanet.cc/login
usor.solplanet.cc/login
Taken Down
Screenshot of usorcoin.lol/claim
usorcoin.lol/claim
Taken Down
Screenshot of usordrop.lol/claim
usordrop.lol/claim
Taken Down
Screenshot of usormeme.lol/claim
usormeme.lol/claim
Taken Down
Screenshot of usstartweb.ghost.io/ledger-live
usstartweb.ghost.io/ledger-live
Taken Down
Screenshot of usukpvashop.com
usukpvashop.com
Taken Down
Screenshot of uswebob.us
uswebob.us
Screenshot of uxchallengerz.pro
uxchallengerz.pro
Screenshot of v1-sunswap.vercel.app
v1-sunswap.vercel.app
Live
Screenshot of valannia.app
valannia.app
Screenshot of vapodex.com
vapodex.com
Taken Down
Screenshot of velmorata.info/ramilo?gad_source=1&gad_campaignid=23545299547&gbraid=0AAAABCvPE2_8ZhTHCwQeqFMh6QsIVgoIk&gclid=EAIaIQobChMIuqjQkZrRkgMVULGDBx0MwQblEAMYASAAEgKnCfD_BwE
velmorata.info/ramilo?gad_source=1&gad_campaignid=23545299547&gbraid=0AAAABCvPE2_8ZhTHCwQeqFMh6QsIVgoIk&gclid=EAIaIQobChMIuqjQkZrRkgMVULGDBx0MwQblEAMYASAAEgKnCfD_BwE
Taken Down
Screenshot of ventuals-85a.pages.dev
ventuals-85a.pages.dev
Live
Screenshot of verificationwallet.my/your-funds-will-be-verify-crypto-verification
verificationwallet.my/your-funds-will-be-verify-crypto-verification
Taken Down
Screenshot of verify.1d2470101.icu/211115289
verify.1d2470101.icu/211115289
Screenshot of verify.1d328920rder.icu/270740266
verify.1d328920rder.icu/270740266
Taken Down
Screenshot of verify.check3851.sbs/998080222827
verify.check3851.sbs/998080222827
Taken Down
Screenshot of verify.form5612.sbs/426045156670
verify.form5612.sbs/426045156670
Screenshot of verify.form7428.icu/452605345218
verify.form7428.icu/452605345218
Screenshot of verify.form7604.world/203127327738
verify.form7604.world/203127327738
Screenshot of verifycenter.website
verifycenter.website
Live
« Prev ... 307 308 309 310 311 312 313 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

119,968+ domains with security reports

Live Threats

28,006 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence