Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 9,804 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

108,027Total Detected
92,520Taken Down
86.2%Kill Rate
94.2%VT Coverage
25,431Abuse Reports
Overview Mar 269,804 Feb 2618,204 Jan 268,931 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 46.1%
9,804
6,829
Taken Down
2,240
Still Live
69.7%
Kill Rate
124h
Avg Response
6.0
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
NiceNIC International Group Co., Limited 1,657
Cloudflare, Inc. 1,166
PDR Ltd. d/b/a PublicDomainRegistry.com 587
Dynadot LLC 546
Gname.com Pte. Ltd. 484
Ultahost, Inc. 463
NameSilo, LLC 410
Global Domain Group LLC 326

Targeted Brands

BrandDomains
Coinbase 141
Solana 139
Exodus 103
Ledger 96
OKX 90
KuCoin 81
Trust Wallet 75
Sui 72

Top TLDs

.com3,461 .dev973 .xyz610 .app603 .io514 .net321 .org241 .cc231

Hosting Countries

🇺🇸 US4,955 🇩🇪 DE392 🇳🇱 NL325 🇭🇰 HK201 🇷🇺 RU90 🇫🇷 FR72 🇸🇬 SG54 🇨🇦 CA45

Active Drainer Kits

Solana Drainer120 Wallet Connect Abuse4 Angel Drainer1

March 2026 Domains (9,804)

Sorted by VirusTotal detections. Click any domain for full security report.

Screenshot of opt.topmexprotrades.xyz
opt.topmexprotrades.xyz
11 VTTaken Down
Screenshot of optimaltradesolution.top
optimaltradesolution.top
11 VTTaken Down
Screenshot of owa-lausanne-ch.weebly.com
owa-lausanne-ch.weebly.com
11 VTTaken Down
Screenshot of padisahbet-turkiye-2026.vip
padisahbet-turkiye-2026.vip
11 VT
Screenshot of paranaweb.lovable.app
paranaweb.lovable.app
11 VTTaken Down
Screenshot of parcelodelivery.live
parcelodelivery.live
11 VTTaken Down
Screenshot of passion-signal.com
passion-signal.com
11 VTTaken Down
Screenshot of pcrtal.tmgmexchanges.top
pcrtal.tmgmexchanges.top
11 VTTaken Down
pedagio-digital.vercel.app
11 VTTaken Down
Screenshot of performance-checkpoint-hub.pages.dev
performance-checkpoint-hub.pages.dev
11 VTTaken Down
Screenshot of personalvault-coinbase.com
personalvault-coinbase.com
11 VTTaken Down
Screenshot of phantomwallets.blogspot.co.id
phantomwallets.blogspot.co.id
11 VTTaken DownSolana Drainer
Screenshot of phantomwallets.blogspot.com.cy
phantomwallets.blogspot.com.cy
11 VTTaken DownSolana Drainer
Screenshot of phantomwalletx.blogspot.is
phantomwalletx.blogspot.is
11 VTTaken DownSolana Drainer
Screenshot of phantomwalletx.blogspot.pe
phantomwalletx.blogspot.pe
11 VTTaken DownSolana Drainer
Screenshot of pikestead.club
pikestead.club
11 VTTaken Down
Screenshot of planetxresolve.pages.dev
planetxresolve.pages.dev
11 VTTaken Down
Screenshot of policy-compliance-office.pages.dev
policy-compliance-office.pages.dev
11 VTTaken Down
Screenshot of porinisafaricamps.com
porinisafaricamps.com
11 VTTaken Down
Screenshot of portal-ndax-io-cdn-en-auth.webflow.io
portal-ndax-io-cdn-en-auth.webflow.io
11 VTLive
Screenshot of premiumcapitalfx.ltd
premiumcapitalfx.ltd
11 VTTaken Down
Screenshot of president-day.ltd
president-day.ltd
11 VTTaken Down
Screenshot of priivnote.com
priivnote.com
11 VTTaken Down
Screenshot of prinvesment.com
prinvesment.com
11 VTLive
Screenshot of profitabletrademining.com
profitabletrademining.com
11 VTTaken Down
Screenshot of project-xai.com
project-xai.com
11 VTTaken Down
Screenshot of prozone.ac
prozone.ac
11 VTTaken Down
Screenshot of pumpclaimed.fun
pumpclaimed.fun
11 VTLive
Screenshot of raysort.netlify.app
raysort.netlify.app
11 VTTaken Down
Screenshot of rayydium.com
rayydium.com
11 VTTaken Down
Screenshot of realestateonreels.com
realestateonreels.com
11 VTTaken Down
Screenshot of receivegraph.com
receivegraph.com
11 VTTaken Down
Screenshot of reporteprod.petroleramonterrico.com
reporteprod.petroleramonterrico.com
11 VTTaken Down
Screenshot of requirements-approved-renewal.xyz
requirements-approved-renewal.xyz
11 VTTaken Down
Screenshot of rer11ta.sbs
rer11ta.sbs
11 VT
Screenshot of rip2xonline.pages.dev
rip2xonline.pages.dev
11 VTLive
robloxt.cv
11 VTLive
Screenshot of rover.ltd
rover.ltd
11 VTTaken Down
Screenshot of shopeetbk777.blogspot.com
shopeetbk777.blogspot.com
11 VTTaken Down
Screenshot of shorturl.webcindario.com
shorturl.webcindario.com
11 VT
Screenshot of smrturl.co
smrturl.co
11 VTTaken Down
Screenshot of sol-solly.top
sol-solly.top
11 VTTaken Down
sso-ca--netcoins-com-auth.webflow.io
11 VTLive
Screenshot of stoll-gruippe.com
stoll-gruippe.com
11 VTTaken Down
Screenshot of suiet-vallet.webflow.io
suiet-vallet.webflow.io
11 VTTaken Down
Screenshot of super-bridge.app
super-bridge.app
11 VTTaken Down
Screenshot of toinprimetrade.com
toinprimetrade.com
11 VTTaken Down
Screenshot of trojwesternonline.com.horizonnationalbk.com
trojwesternonline.com.horizonnationalbk.com
11 VTTaken Down
Screenshot of trust-walletsecure.com
trust-walletsecure.com
11 VTTaken Down
trustwalletbyl.com
11 VTLive
trustwalletjcy.com
11 VTLive
Screenshot of trustworldbnk.sbs
trustworldbnk.sbs
11 VTTaken Down
Screenshot of tslatrade.smcxh.com
tslatrade.smcxh.com
11 VTTaken Down
Screenshot of tyabjs.top
tyabjs.top
11 VTTaken Down
Screenshot of update-sec.click
update-sec.click
11 VTTaken Down
Screenshot of uphld-logon-accunt.blogspot.mx
uphld-logon-accunt.blogspot.mx
11 VTTaken Down
Screenshot of uphol-login-issoo-io.webflow.io
uphol-login-issoo-io.webflow.io
11 VTTaken Down
Screenshot of uphold-wallet-account-login.pages.dev
uphold-wallet-account-login.pages.dev
11 VTTaken Down
Screenshot of walletsavior.pages.dev
walletsavior.pages.dev
11 VTTaken Down
Screenshot of web-exodus-wllet.wasmer.app
web-exodus-wllet.wasmer.app
11 VT
« Prev ... 29 30 31 32 33 34 35 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

108,027+ domains with security reports

Live Threats

14,768 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence