Hosts → Pi-hole, /etc/hosts, Windows · AdBlock → uBlock Origin, AdGuard · Dnsmasq → DNS server

🔎 We utilize a distributed network of 30+ proprietary parsers to identify malicious domains at their earliest stage:

• Advanced Heuristics: Continuous monitoring of Google Ads (Malvertising), SEO-manipulated search results, and trending social media campaigns on Twitter (X), YouTube, and Telegram
• Infrastructure Analysis: Leveraging dnstwist and typosquatting detection to catch look-alike domains targeting established brands
• Community Intelligence: Real-time ingestion of community-reported threats via our Telegram Bot and partner intelligence feeds

Once a threat is confirmed, we submit data to over 50 industry-leading vendors:

Cloudflare        Google Safe Browsing      Microsoft Security      VirusTotal
Netcraft          ESET                      Bitdefender             Norton Safe Web
Avira             PhishTank                 Dr.Web                  Yandex Safe Browsing
URLScan.io        PolySwarm                 SiteReview              Urlquery
PhishStats        PhishReport               IsItPhish               ThreatCenter

• Abuse Notifications: Formal alerts to domain registrars and hosting providers
• Forensic Evidence Disclosure: Complete evidence packages including metadata, screenshots, and PDF reports
• ICANN Compliance Support: Reports aligned with ICANN standards
• Conditional Re-Detection Logic: Follow-up alerts only if threat remains active beyond 24 hours

• Open Database: Real-time commits to this GitHub repository
• Live Monitoring: Visual intelligence at phishdestroy.io/live
• Social Broadcasting: Automated alerts on Twitter, Telegram, and Mastodon

💼 DestroyList aims to disable malicious domains: scams, phishing, and other illicit sites to enhance internet safety.

Before a domain is added, we:

🔍 Scan it across cybersecurity platforms for threat intelligence.

📥 Send an official complaint to the registrar and the hosting provider (via WHOIS), including scan results, screenshots, and a request for client investigation. The complaint also notifies them about inclusion in our public database.

🚔 According to ICANN rules, registrars must review such complaints within 24 hours.

🦖 We work hard to eliminate threats quickly. Every malicious domain is analyzed, documented, reported, and published transparently.

However, when a domain receives 10–30+ abuse reports and a registrar still ignores them for months, the situation changes: the registrar is no longer a passive party. It effectively provides infrastructure for illegal activity.

Some registrars behave as if their internal policies somehow override ICANN requirements and national laws — as if phishing and fraud are "allowed" as long as they personally decide not to act.

👮 We document this publicly so that anyone can see: threats persist not because they were unnoticed, but because the responsible providers simply chose to do nothing.

Requests from private individuals:

DestroyList is an open-source, non-commercial volunteer project.

Private individuals may request the number of abuse reports we have sent for a specific domain, but only through public channels:

• via GitHub issues
• via commit history: https://github.com/phishdestroy/destroylist/commits/main/

❗ We do not respond to private e-mail requests from individuals about report counts.

✔️ This is a legal requirement for transparency and equal access to information.

Official government or law-enforcement requests may be answered privately.

💔 If you were defrauded by a domain already listed here, check its addition date using the commit history or via our Telegram/Mastodon channels.

💬 If the fraud happened after the domain was already listed, the registrar's or host's delay may indicate they share responsibility for the loss. Future potential victims can also see this negligence documented publicly.

🔞 Registrars and hosts that tolerate scam operations may reasonably be expected to assist victims or their legal representatives.