Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 18,819 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

148,975Total Detected
100,710Taken Down
71.2%Kill Rate
92.5%VT Coverage
39,723Abuse Reports
Overview May 263,464 Apr 2615,640 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 55.3%
18,819
12,076
Taken Down
5,669
Still Live
64.2%
Kill Rate
352h
Avg Response
6.5
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
CloudFlare, Inc. 4,008
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,476
PDR Ltd. d/b/a PublicDomainRegistry.com 862
Dynadot LLC 672
Gname.com Pte. Ltd. 666
GoDaddy.com, LLC 665
NameSilo, LLC 575
Ultahost, Inc. 483

Targeted Brands

BrandDomains
Ledger 1,355
Kraken 406
Trezor 372
Solana 333
Airdrop Scam 299
OKX 288
across 281
Google 248

Top TLDs

.com5,493 .dev3,807 .xyz995 .io955 .app915 .cc710 .net605 .org409

Hosting Countries

🇺🇸 US7,876 🇨🇦 CA6,963 🇩🇪 DE944 🇳🇱 NL652 🇭🇰 HK391 🇷🇺 RU194 🇫🇷 FR148 🇸🇬 SG140

Active Drainer Kits

Solana Drainer184 Angel Drainer5 Inferno Drainer5 Wallet Connect Abuse5 wallet_drainer2

March 2026 Domains (18,819)

Sorted by VirusTotal detections. Click any domain for full security report.

kyxn.dev
16 VTTaken Down
lashakemen.github.io
16 VTLive
layanan-shopee447.blogspot.com
16 VTTaken Down
ldgr-live-wallet-docs.pages.dev
16 VTLive
ldzer-start.pages.dev
16 VTLive
learn-start-trezurio.pages.dev
16 VTLive
ledge-live-login-info.pages.dev
16 VTLive
ledger-api.com
16 VTTaken Down
ledger-app.click
16 VTTaken Down
ledger-live-desktop-eng-us.pages.dev
16 VTLive
ledger-seo-live-desk.pages.dev
16 VTLive
ledgercom-start.pages.dev
16 VTLive
linkdeingreso457.webcindario.com
16 VTTaken Down
lisoskins.com
16 VTTaken Down
live--ladger-desktop.pages.dev
16 VTLive
loogin-comndex.godaddysites.com
16 VTTaken Down
lumoradex.com
16 VTTaken Down
m--start-y-edger-oauth.webflow.io
16 VTTaken Down
m.cxminvest.cc
16 VTTaken Down
m.drwinxglobaloos.cc
16 VTTaken Down
m.galabet-gunceladresim.vip
16 VTTaken Down
m.gomarketssvip.cc
16 VT
m.padisahbetyenigirisadresi.vip
16 VTLive
mail.appleon-line.com
16 VTTaken Down
main-logn-trezr.pages.dev
16 VTLive
meinnet.live
16 VTTaken Down
metachaindapps.live
16 VTLive
metamaskextensuon.blogspot.com
16 VTTaken Down
metasmsckwlt.gitbook.io
16 VTLive
metatamaskwallet.webflow.io
16 VTTaken Down
mintprogress4.vercel.app
16 VTLive
monad-dex.imperamonad.xyz
16 VTTaken Down
moni-coinbase-1q8.pages.dev
16 VTTaken Down
mont-investeau.com
16 VTTaken Down
moonshot-votes.cfd
16 VT
myfcijetmdlokhqteam.saystudio.net
16 VTTaken Down
mythili-ram.github.io
16 VTLive
naveen-gudiwada.github.io
16 VTLive
navietkoreeark-qxinajotuolweymppvkrbouw.pages.dev
16 VTTaken Down
ndax-ndax.webflow.io
16 VTTaken Down
ndx-logn-en.pages.dev
16 VTLive
net-coin-cdn-aith-io.square.site
16 VTTaken Down
netcoiens-login.webflow.io
16 VTTaken Down
netcoins-loggii.webflow.io
16 VTTaken Down
netflix-cloness.surge.sh
16 VTLive
netlfix-clone-b5f18.web.app
16 VTLive
nexustrde.com
16 VTTaken Down
njzq1.cish31dmkad.com
16 VTTaken Down
octavestltd.com
16 VTTaken Down
ofgxtw.help
16 VTTaken Down
onesourcedists.com
16 VTTaken Down
outlook-office365.mgamt.com
16 VTTaken Down
p207h.xyz
16 VTTaken Down
pancakeswap-rectifier.pages.dev
16 VTLive
payoutgroup.online
16 VTTaken Down
pc.gtcfxlgroup.cc
16 VT
pc.marqueetraderfx.cc
16 VTTaken Down
pepeunchained2-claims.pages.dev
16 VTLive
piecewdy.com
16 VTTaken Down
pippinwood-designs.com
16 VTTaken Down
« Prev ... 29 30 31 32 33 34 35 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

148,975+ domains with security reports

Live Threats

40,776 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence