Threat Intelligence Dashboard

March 2026 Report

Detailed threat intelligence for 18,819 phishing domains. Registrar abuse, drainer kits, targeted brands, and AI-generated expert assessment.

149,029Total Detected
101,089Taken Down
71.5%Kill Rate
92.5%VT Coverage
39,748Abuse Reports
Overview May 263,499 Apr 2615,640 Mar 2618,819 Feb 2642,098 Jan 268,930 Dec 2511,773 Nov 2512,579 Oct 258,841 Sep 257,307 Aug 253,788 Jul 25700 Jun 254
March 2026 Intelligence Report 55.3%
18,819
12,093
Taken Down
5,646
Still Live
64.3%
Kill Rate
352h
Avg Response
6.5
Avg VT Score

In March 2026, PhishDestroy detected 6,635 phishing domains, marking a 63.6% decrease from the previous month. Despite this reduction, 3,124 domains remain active, highlighting a takedown rate of only 52.6%. Attackers continue to focus on cryptocurrency platforms, with Coinbase and Exodus being the top targets. The operational impact is significant, as the takedown rate remains below the desired threshold, indicating a need for improved response times from registrars, particularly NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc..

  • NICENIC INTERNATIONAL GROUP CO., LIMITED is the top abused registrar with 1,334 domains, necessitating immediate escalation.
  • Cryptocurrency platforms, especially Coinbase and Exodus, are under sustained attack, with 86 and 72 domains respectively.
  • The .com TLD remains the most weaponized with 2,369 domains, followed by .dev and .app.
  • The Solana Drainer kit is prevalent, used in 105 instances, posing a significant threat of wallet drains for victims.
  • Peak detection days were March 2nd and March 5th, indicating concentrated phishing campaigns.
  • Mean registrar response time is 47.3 hours, suggesting room for improvement in takedown efficiency.
Outlook
Looking ahead to April 2026, defenders should remain vigilant against cryptocurrency-targeted phishing, particularly involving Solana Drainer kits. Registrars like NICENIC INTERNATIONAL GROUP CO., LIMITED and Cloudflare, Inc. require continued monitoring and pressure to enhance their response times. Expect potential shifts in TLD usage as attackers adapt to increased scrutiny.
Full Data on GitHub Browse All Domains Live Threats

Top Registrars

RegistrarDomains
CloudFlare, Inc. 4,008
NICENIC INTERNATIONAL GROUP CO., LIMITED 3,476
PDR Ltd. d/b/a PublicDomainRegistry.com 862
Dynadot LLC 672
Gname.com Pte. Ltd. 666
GoDaddy.com, LLC 665
NameSilo, LLC 575
Ultahost, Inc. 483

Targeted Brands

BrandDomains
Ledger 1,355
Kraken 406
Trezor 372
Solana 333
Airdrop Scam 299
OKX 288
across 281
Google 248

Top TLDs

.com5,493 .dev3,807 .xyz995 .io955 .app915 .cc710 .net605 .org409

Hosting Countries

🇺🇸 US7,876 🇨🇦 CA6,963 🇩🇪 DE944 🇳🇱 NL652 🇭🇰 HK391 🇷🇺 RU194 🇫🇷 FR148 🇸🇬 SG140

Active Drainer Kits

Solana Drainer184 Angel Drainer5 Inferno Drainer5 Wallet Connect Abuse5 wallet_drainer2

March 2026 Domains (18,819)

Sorted by VirusTotal detections. Click any domain for full security report.

dropppp.sbs
12 VTTaken Down
dydx-exchange.pages.dev
12 VTLive
easy-ledgr-live-dext-set.pages.dev
12 VTLive
ebridge.sbs
12 VTTaken Down
eigenplayer.xyz
12 VTTaken Down
ellx.pages.dev
12 VTLive
emailsahwservice.weebly.com
12 VTTaken Down
en-hrd-wallet.pages.dev
12 VTLive
en-us-ledgrr.pages.dev
12 VTLive
enbridge.zapier.app
12 VTLive
enusexedozx.pages.dev
12 VTTaken Down
equimad.com.co
12 VTTaken Down
esodus-wallet.pages.dev
12 VTLive
eth-nexus.pages.dev
12 VTLive
ethereum-nexus.pages.dev
12 VTLive
evadextrade.com
12 VTTaken Down
evm-rectification.pages.dev
12 VTLive
evmsbitnode.pages.dev
12 VTTaken Down
exodus-tool.com
12 VTTaken Down
exodusweb3-ens.pages.dev
12 VTLive
exoxdusweb-docs-eng.pages.dev
12 VTLive
exxodus-doc.pages.dev
12 VTTaken Down
ez-3f7.pages.dev
12 VTLive
facebook.kleinanz-market.pro
12 VTTaken Down
firstledger-c1f.pages.dev
12 VTLive
flexcontrol.app
12 VTTaken Down
forcesdrop.com
12 VTLive
fortstat.info
12 VTTaken Down
fulss.com
12 VTTaken Down
fxglobecaptpartnerslt.com
12 VTTaken Down
galabetcasiadresleri.vip
12 VTTaken Down
galabeton.com
12 VT
galleta.jdevcloud.com
12 VTTaken Down
ganeshgawade81.github.io
12 VTLive
gbfe.cyrb.live
12 VTTaken Down
gemenilogiinn.gitbook.io
12 VTTaken Down
gemiieniilogin.webflow.io
12 VTTaken Down
get-ledgar-io--en.pages.dev
12 VTLive
goldvests-holding.net
12 VTTaken Down
greenbitcoin.xyz
12 VTTaken Down
gregarious-maamoul-fdf5b4.netlify.app
12 VTTaken Down
grkyeikk.com
12 VTTaken Down
guide-live-ledgr-eng-ami.pages.dev
12 VTLive
hifzasid.github.io
12 VTLive
hlp-trdge-brge.pages.dev
12 VTLive
home-page-live-ledgl.pages.dev
12 VTLive
home-pro-com.zapier.app
12 VTTaken Down
home-trxor.pages.dev
12 VTLive
homepage--en-ledgr-us.pages.dev
12 VTLive
icloud.sa.com
12 VTTaken Down
icloudmapa.com
12 VTTaken Down
icloudphotos.litong5969.work
12 VTTaken Down
incineratoreth.com
12 VTTaken Down
invoice-crypotmus.com
12 VTTaken Down
io-started-treizr.wixstudio.com
12 VTTaken Down
io-trust-en.framer.ai
12 VTTaken Down
jastorkast.duckdns.org
12 VTTaken Down
jnlfsnblfnblge.weebly.com
12 VTTaken Down
juno-member-information-update-97ea6f.webflow.io
12 VTTaken Down
kelvo-mirix-biz-punra-zxgw22526v-glavix.pages.dev
12 VTLive
« Prev ... 55 56 57 58 59 60 61 ... Next »

Detection Trends

Monthly domain volume, kill rate, and live threats over time.

Monthly Detected Domains

Kill Rate %

Explore More

Related intelligence pages and data feeds.

Domain Hub

149,029+ domains with security reports

Live Threats

40,285 phishing sites still online

DestroyList on GitHub

Open-source daily phishing domain feeds

About PhishDestroy

Independent anti-phishing threat intelligence