Destroylist: Phishing & Scam Domain Blacklist 
Quick Overview & Access 
Project Status
Statistics 
| Primary | Primary Live | Community | Community Live |
|---|---|---|---|
 |
 |
 |
 |
| Today | Week | Month | |
|---|---|---|---|
| Primary |  |
 |
 |
| Community |  |
 |
 |
Data Feeds 
| Feed | Description | Update |
|---|---|---|
| list.json / .txt | Primary curated phishing domains | Real-time |
| active_domains.json | Primary DNS verified | 24h |
| blocklist.json | Community aggregated | 2h |
| live_blocklist.json | Community DNS verified | 24h |
| allowlist.json | False positive protection | Manual |
Download Formats 
| Format | Primary | Primary Live | Community | Community Live |
|---|---|---|---|---|
| TXT | ⬇ | ⬇ | ⬇ | ⬇ |
| Hosts | ⬇ | ⬇ | ⬇ | ⬇ |
| AdBlock | ⬇ | ⬇ | ⬇ | ⬇ |
| Dnsmasq | ⬇ | ⬇ | ⬇ | ⬇ |
Hosts — Pi-hole, /etc/hosts, Windows · AdBlock — uBlock Origin, AdGuard · Dnsmasq — DNS server
Root Lists 
Root domains only (no subdomains), hosting providers excluded
| Source | All Roots | Live Only |
|---|---|---|
| Primary | active_root_domains.json | online_root_domains.json |
| Community | community_root_domains.json | community_online_root_domains.json |
💡 Production:
list.jsonoractive_domains.json· Max coverage:blocklist.json· Firewall/DNS: root lists
Connect With Us 
| Platform | Link |
|---|---|
| Website | phishdestroy.io |
| Telegram Alerts | t.me/destroy_phish |
| Telegram Bot | t.me/PhishDestroy_bot |
| Twitter / X | x.com/Phish_Destroy |
| Mastodon | @phishdestroy@mastodon.social |
| Ban Service | ban.destroy.tools |
About Destroylist 
Live data collection began on July 1, 2025
Destroylist is a powerful tool against phishing and scams, powered by PhishDestroy. It provides reliable intel for:
Firewalls- DNS resolvers
- Threat platforms
- Security research
Protect the web, one domain at a time!
Quick Integration
Python
import requests
blocklist = requests.get('https://raw.githubusercontent.com/phishdestroy/destroylist/main/list.json').json()
is_malicious = "suspicious-domain.com" in blocklist
Bash
curl -s https://raw.githubusercontent.com/phishdestroy/destroylist/main/list.txt | grep -q "suspicious-domain.com" && echo "BLOCKED"
DNS Blocklist (Pi-hole/AdGuard)
https://raw.githubusercontent.com/phishdestroy/destroylist/main/dns/active_domains.json
Key Info for Online Fraud Victims 
DestroyList aims to disable malicious domains: scams, phishing, and other illicit sites to enhance internet safety.
Before a domain is added, we:
Scan it across cybersecurity platforms for threat intelligence.
Send an official complaint to the registrar and the hosting provider (via WHOIS), including scan results, screenshots, and a request for client investigation. The complaint also notifies them about inclusion in our public database.
According to ICANN rules, registrars must review such complaints within 24 hours.
We work hard to eliminate threats quickly. Every malicious domain is analyzed, documented, reported, and published transparently.
However, when a domain receives 10–30+ abuse reports and a registrar still ignores them for months, the situation changes: the registrar is no longer a passive party. It effectively provides infrastructure for illegal activity.
Some registrars behave as if their internal policies somehow override ICANN requirements and national laws — as if phishing and fraud are "allowed" as long as they personally decide not to act.
We document this publicly so that anyone can see: threats persist not because they were unnoticed, but because the responsible providers simply chose to do nothing.
Requests from private individuals:
DestroyList is an open-source, non-commercial volunteer project.
Private individuals may request the number of abuse reports we have sent for a specific domain, but only through public channels:
- via GitHub issues
- via commit history: https://github.com/phishdestroy/destroylist/commits/main/
We do not respond to private e-mail requests from individuals about report counts.
This is a legal requirement for transparency and equal access to information.
Official government or law-enforcement requests may be answered privately.
If you were defrauded by a domain already listed here, check its addition date using the commit history or via our Telegram/Mastodon channels.
If the fraud happened after the domain was already listed, the registrar's or host's delay may indicate they share responsibility for the loss.
Future potential victims can also see this negligence documented publicly.
Registrars and hosts that tolerate scam operations may reasonably be expected to assist victims or their legal representatives.
Update Process 
Gather: Continuous phishing domain collection via PhishDestroy system
Verify: Cross-check with trusted threat intelligence sources
Publish: Real-time push to GitHub + multi-channel alerts
Clean: DNS checks, deduplication, remove expired domains
Automation:
- DNS verification every hour
- Daily statistics tracking
- Root domain extraction every 2 hours
Goals & Usage 
Use Destroylist for:
Network security systems- Automation & monitoring
- Threat intelligence research
- Machine learning training
Open collaboration = Stronger security. Let's team up!
Historical Vault 
Archive of 500,000+ domains over 5+ years. Ideal for:
AI training
Research
Trend analysis
Appeals Process 
Wrongly listed? Fix it fast:
- Appeals Form
- GitHub Issue with proof
Accuracy first!
License
MIT – Free, open, yours to hack!
Join the Fight! 
Got ideas, sources, or improvements?
- Detection tweaks
Integration tips- Fresh intel
Drop Issues/PRs – let's crush phishing together! 