Acceptable Use Policy

How to use our services responsibly (unlike scammers)

⚖️ Rules of Engagement

These rules are simple: don't be a scammer, don't abuse our services, and help make the internet safer. Revolutionary concepts, we know.

Purpose and Scope

This Acceptable Use Policy defines what you can and cannot do when using PhishDestroy services. Our mission is to fight online fraud and protect internet users—everything we do should support that goal.

Acceptable Uses

You may use our services for:

  • Reporting threats: Submitting phishing sites, scam domains, and malicious content.
  • Security research: Analyzing threats for educational or defensive purposes.
  • Information sharing: Spreading cybersecurity awareness and education.
  • Community contribution: Helping improve internet security for everyone.

Prohibited Uses

You may NOT use our services for:

  • Illegal activities: Any activity that violates local, state, or federal laws.
  • False reporting: Submitting fake or misleading threat reports to harm legitimate sites.
  • Harassment: Targeting individuals or organizations maliciously.
  • System attacks: Attempting to hack, disrupt, or overwhelm our services.

Enforcement

Violations of this policy may result in a warning, temporary suspension, or a permanent ban from our services. We cooperate with legitimate law enforcement requests and will report serious violations to the appropriate authorities.

Definitions

  • Services: Our website, APIs, bots, datasets, feeds, and related tools.
  • Report: Any submission of a suspicious URL, domain, wallet, file, or account.
  • Abuse: Use that degrades service quality, misleads others, or attempts to bypass security.

User Responsibilities

  • Provide accurate, reproducible evidence with every report (URL, screenshot, network logs if possible).
  • Verify that reported items are not legitimate look-alikes (official support portals, mirror domains, or bug-bounty sandboxes).
  • Respect privacy—do not upload personal data that is unrelated to the threat.
  • Use our names and marks only to reference our project, not to impersonate affiliation.

Automation, Bots, and API Use

Automated access is allowed within reasonable limits that keep the service stable for everyone.

  • Respect per-endpoint rate limits and use caching where possible.
  • Do not scrape gated areas or attempt to bypass authentication or telemetry.
  • Attribute PhishDestroy as the source when redistributing our public datasets.
  • Bulk exports must be requested via our channels; we can provide signed archives to reduce load.

Content Standards

  • No doxxing, threats, or publishing of non-public personal information.
  • No promotion of malware, drainers, phishing kits, or exploit sales.
  • No instructions to bypass security controls or interfere with takedown operations.
  • Educational proofs of concept must be redacted and clearly labeled.

Reporting Workflow

  1. Submit the threat via our bot or form with indicators (URL, IP, wallet, archive link).
  2. We triage, enrich, and correlate with other signals.
  3. If confirmed, we publish IoCs and notify relevant providers and CERTs.
  4. In urgent cases (active draining), we may escalate directly to registrars/hosts.

False-positive? See the Appeals section below.

Security Research Rules

  • Only interact with malicious infrastructure in isolated environments.
  • No unauthorized access to third-party systems, even if maliciously operated.
  • Coordinate disclosure with vendors and platforms; avoid releasing live credentials or keys.

Data Handling

We process reports to improve threat intelligence. Logs may include IPs, user agents, and submission metadata for abuse prevention and forensic integrity. See our Privacy and Security Policies for retention windows and access controls.

Appeals and False Positives

If your domain or content was flagged in error, you can request review:

  • Provide ownership proof (DNS TXT, WHOIS email, or signed message).
  • Explain the business purpose and why it resembles known scam patterns.
  • Attach screenshots or server logs showing benign behavior.

We prioritize appeals affecting production services or public resources.

Changes to This Policy

We may update this AUP to reflect operational, legal, or security needs. The “Last Updated” date will change, and continued use of the services constitutes acceptance of the updated terms.

Contact

For abuse reports, data exports, or partnership inquiries, use the channels in the footer or our Telegram bot. Please avoid duplicate submissions; batching indicators in a single ticket accelerates handling.

Explore Our Policies