phishdestroy / destroylist
Real-time phishing & scam domain blocklist — 99,000+ curated threats, 828K+ community, free API, multiple formats
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing phishdestroy/destroylist in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Overview (README excerpt)
Crawler viewDestroylist: Phishing & Scam Domain Blacklist Quick Access Live Statistics | Primary | Primary Live | Community | Community Live | |:-------:|:------------:|:---------:|:--------------:| | | | | | | Primary Content | Community Content | |:---------------:|:-----------------:| | | | | | Today | Week | Month | |:--|:-----:|:----:|:-----:| | **Primary** | | | | | **Community** | | | | Data Feeds | Feed | Description | Update | Download | |:-----|:------------|:------:|:--------:| | **Primary** | Curated phishing domains | ⚡ Real-time | | | **Primary Live** | DNS verified active | 🕐 24h | | | **Community** | Aggregated from 13+ sources | 🕐 2h | | | **Community Live** | Community DNS verified | 🕐 24h | | | **Primary Content** | Curated + HTTP content verified | 🕐 12h | | | **Community Content** | Aggregated + HTTP content verified | 🕐 24h | | | **Allowlist** | False positive protection | ✋ Manual | | > [!TIP] > **Production:** or · **Max coverage:** · **Firewall/DNS:** root lists 📁 All Download Formats (TXT, Hosts, AdBlock, Dnsmasq, Unbound, RPZ) | Format | Primary | Primary Live | Community | Community Live | |:------:|:-------:|:------------:|:---------:|:--------------:| | **TXT** | ⬇️ | ⬇️ | ⬇️ | ⬇️ | | **Hosts** | ⬇️ | ⬇️ | ⬇️ | ⬇️ | | **AdBlock** | ⬇️ | ⬇️ | ⬇️ | ⬇️ | | **Dnsmasq** | ⬇️ | ⬇️ | ⬇️ | ⬇️ | | **Unbound** | ⬇️ | ⬇️ | ⬇️ | ⬇️ | | **RPZ** | ⬇️ | ⬇️ | ⬇️ | ⬇️ | > **Hosts** → Pi-hole, /etc/hosts, Windows · **AdBlock** → uBlock Origin, AdGuard · **Dnsmasq** → dnsmasq DNS · **Unbound** → pfSense, OPNsense · **RPZ** → BIND, Knot DNS Root Lists > [!TIP] > **Root domains only** — no subdomains, hosting providers excluded | | All Roots | Live Only | Services Only | |:--|:-:|:-:|:-:| | 🔴 **Primary** | JSON · TXT | JSON · TXT | JSON · TXT | | ⚫ **Community** | JSON · TXT | JSON · TXT | JSON · TXT | > **All Roots** — clean root domains (no infra) · **Live Only** — DNS-verified active · **Services Only** — hosting platform subdomains (Vercel, Pages.dev, Netlify, etc.) --- Content-Verified Feeds > [!NOTE] > **Real HTTP content verification** — not just DNS, but actual phishing page detection | Feed | Description | ⏰ Update | Download | |:-----|:------------|:------:|:--------:| | 💥 **Primary Content** | Curated phishing with verified active content | (06:00 / 18:00 UTC) | | | 🌐 **Community Content** | Aggregated feeds with verified active content | (03:00 UTC) | | > [!WARNING] > **Cloaking Alert:** Scammers use cloaking to hide phishing from bots — showing blank/fake pages to scanners. Domain **NOT** in content list ≠ safe! Use **Primary All** or **Community General** for full protection. --- Threat Intelligence API > **Free, open, no API key.** Real-time domain risk scoring (0-100) across 770K+ threats · Hourly sync · Single & bulk check (500/req) · Keyword search · Full feeds 📖 API Endpoints, Scoring & Integration Examples Endpoints | Method | Endpoint | Description | |:------:|:---------|:------------| | | | Single domain check with risk score & severity | | | | Bulk check up to **500 domains** per request | | | | Search blocklisted domains by keyword | | | | Download full domain feeds (primary, community, active) | | | | Live statistics & domain counts | Threat Scoring Every domain gets a **risk score (0-100)** based on multiple signals: | Signal | Points | Description | |:-------|:------:|:------------| | Curated blocklist | **+40** | In primary destroylist | | Community reported | **+20** | Reported by community sources | | DNS active | **+30** | Domain currently resolves | | Multi-source | **+10** | Confirmed by multiple feeds | | Suspicious keywords | **+5 each** | metamask, wallet, airdrop, etc. | | Risky TLD | **+5** | .xyz, .top, .club, .icu, etc. | > 🔴 **Critical** 70-100 · 🟠 **High** 40-69 · 🟡 **Medium** 20-39 · 🟢 **Low** 1-19 Quick Integration **cURL** **Python** **JavaScript** **Bulk Check** --- About Destroylist > [!NOTE] > Live data collection began on July 1, 2025 Destroylist is a powerful tool against phishing and scams, powered by **PhishDestroy**. It provides reliable intel for: • ✔️ Firewalls • ✔️ DNS resolvers • ✔️ Threat platforms • ✔️ Security research Protect the web, one domain at a time! 🔧 Quick Integration Examples (Subscribe URLs · curl · Python · Bash) One-Click Subscribe URLs | Tool | Format | URL | |:-----|:------:|:----| | **Pi-hole** | Hosts | | | **AdGuard Home** | AdBlock | | | **uBlock Origin** | AdBlock | | | **pfSense / OPNsense (Unbound)** | Unbound | | | **BIND / Knot DNS (RPZ)** | RPZ | | | **Dnsmasq** | Dnsmasq | | > **Pi-hole** — Settings > Blocklists > paste the Hosts URL > **AdGuard Home** — Filters > DNS Blocklists > Add blocklist > paste the AdBlock URL > **uBlock Origin** — Settings > Filter lists > Import > paste the AdBlock URL > **pfSense** — Services > DNS Resolver > paste the Unbound URL > **BIND/Knot** — Add the RPZ URL as a response-policy zone curl One-Liners `bash Plain domain list curl -fsSL https://raw.githubusercontent.com/phishdestroy/destroylist/main/rootlist/formats/primary_active/domains.txt -o domains.txt Hosts format (Pi-hole, /etc/hosts) curl - _...truncated for preview_