█ Append-only blacklist · since 1 July 2025

Every scam domain.
Logged the moment we see it.

Name: Live Phishing Threat Data
Creator: PhishDestroy
License: https://creativecommons.org/publicdomain/zero/1.0/

This is the raw feed — the same blacklist your DNS resolver, browser extension and threat-intel pipeline pulls from. Append-only. No sanitised dashboards, no warnings, no negotiations. Volunteer-run since 2019.

Download JSON feed → Browse threats Report via bot

493 Threats Today last 24h · UTC

5,296 Threats This Week 7-day rolling

17,699 Threats This Month May 2026

110,763 Total Threats Tracked cumulative

█ Daily threat activity

Last 30 days, by detection volume.

peak: 11 Apr · 1,403 detections

Today Daily count

02 Apr · 350

03 Apr · 464

04 Apr · 904

05 Apr · 523

06 Apr · 635

07 Apr · 520

08 Apr · 442

09 Apr · 486

10 Apr · 454

11 Apr · 1,403

12 Apr · 395

13 Apr · 637

14 Apr · 513

15 Apr · 648

16 Apr · 226

17 Apr · 236

18 Apr · 604

19 Apr · 362

20 Apr · 459

21 Apr · 915

22 Apr · 459

23 Apr · 351

24 Apr · 754

25 Apr · 442

26 Apr · 348

27 Apr · 719

28 Apr · 1,249

29 Apr · 485

30 Apr · 806

01 May · 493

Apr 02 Apr 09 Apr 16 Apr 23 May 01

Daily average 576

Peak (11 Apr) 1,403

7-day momentum ↑ 16%

Total / 30d 17,699

01 / Featured exposés · this week

Why the registrars bury our reports.

all investigations · /news →

Retaliation 15 Apr 2026

Investigation · NameSilo

NameSilo killed our Twitter because we told the truth about them.

Two PhishDestroy X accounts locked under three shifting justifications. Two weeks earlier we documented NameSilo sheltering a $20M+ Monero-theft operation now under EU criminal investigation.

9 min · ResearchRead exposé →

Registrar 14 Apr 2026

Investigation · Trustname (IANA #4318)

Trustname.com: "bulletproof" registrar with €120 in declared revenue.

An ICANN-accredited registrar that calls itself bulletproof in its own DNS TXT record. Estonian shell, €120 revenue, one employee, Belarusian owners — and a week of fresh fake-Elon casino domains.

14 min · ResearchRead exposé →

Negligence 11 Apr 2026

Investigation · NiceNIC International

NiceNIC: 5,000+ abuse reports, zero takedowns, one excuse.

Top abused registrar in our dataset. 1,865 alive 7+ days after first report, 156 of those re-reported. The "we forwarded your complaint to the registrant" auto-reply is the entire abuse-process.

12 min · ResearchRead exposé →

$20M+ Heist 02 Apr 2026

Investigation · xmrwallet · Monero drainer

10 years, $20M+ stolen, NameSilo never took it down.

Decade-old Monero phishing operation traced from view-key theft to wallet exfiltration. Now under active EU criminal investigation — registrar still hosting derivative domains.

22 min · InvestigationRead exposé →

Pattern 28 Mar 2026

Pattern report · 12 registrars

The registrar abuse response failure — a system, not a glitch.

Cross-registrar pattern of delays, deflection and victim-blaming. Same template responses, same 7-day-plus survival rates, same registrants. "Forwarded to registrant" = the gravestone of every abuse complaint.

18 min · PatternRead pattern →

02 / Append log · destroylist

The blacklist scrolls whether you watch or not.

live tail · destroylist/main
updated every <30s · UTC

~/destroylist main $ tail -f list.json UTC 13:38:32 LIVE

$ # Append-only feed. Each row = one new domain entering the blacklist.
$ wc -l list.json
110,763 domains tracked · 493 appended in last 24h

[2026-05-01 16:38:25] + claimpets.smdeals.xyz .xyz

[2026-05-01 16:07:59] + viascdetran.online .online

[2026-05-01 16:04:45] + iobbank.com .com

[2026-05-01 15:46:15] + walletwasabi.com .com

[2026-05-01 15:46:03] + bifrostdesktopapp.io .io

[2026-05-01 15:45:58] + thevidmate.net .net

[2026-05-01 15:45:57] + hd-streamz.tv .tv

[2026-05-01 15:45:45] + blockchain-scan.org .org

[2026-05-01 15:45:38] + imtokec.com.cn .cn

[2026-05-01 15:45:15] + libertyswap-finance.com .com

[2026-05-01 15:45:12] + kaching.space .space

[2026-05-01 15:45:08] + hnkxyq.com .com

12 latest entries · 110,763 total domains tail -f list.json

03 / Surface analytics

Where the infrastructure hides — and what it costs you.

7 of 1,136 registrars shown
ranked by abuse volume · last 30 days

Top abused registrars

last 30 days

NICENIC INTERNATIONAL GROUP CO., LIMITED 100% of #1 abuser 19,055

Cloudflare, Inc. 71.7% of #1 abuser 13,660

03 REGISTRAR_NOT_FOUND 37.4% of #1 abuser 7,123

PDR Ltd. d/b/a PublicDomainRegistry.com 25.2% of #1 abuser 4,795

Gname.com Pte. Ltd. 20.7% of #1 abuser 3,944

DYNADOT LLC 20.5% of #1 abuser 3,899

NameSilo, LLC 19.4% of #1 abuser 3,692

Top abused TLDs · damage dealt

cost burned by scammers

.com $384,130

.dev $129,264

.xyz $11,842

.app $87,300

.io $172,400

.net $44,064

.org $38,292

Total damage / all-time $985,234

04 / The dossier · active threats

The dossier — raw, unfiltered, append-only.

20 shown · 110,763 total
newest first · scroll for more

Every scam domain. Logged the moment we see it.