# PhishDestroy > Anti-phishing intelligence platform. Real-time detection, analysis, and takedown of phishing websites targeting cryptocurrency users. 144,855+ domains tracked, 52,995+ currently alive under monitoring, 85,000+ confirmed takedowns since 2019. ## About PhishDestroy is a volunteer-driven threat intelligence group founded in 2019. We continuously monitor 144,855+ phishing domains with automated security analysis: SSL certificate parsing, DNS records, WHOIS data, VirusTotal detections (200+ rotating API keys, 90+ AV engines), urlscan.io DOM captures, OTX intel correlation, and live HTTP probes. We coordinate evidence-backed takedowns with registrars, hosting providers, and CDN abuse desks. Non-commercial, no paid services, no advertising. Team credentials: OSCP, GWAPT (GIAC Web Application Penetration Tester), BTL2 (Blue Team Level 2). 5+ years of active threat hunting and 24/7 takedown coordination. ## Domain Reports - Per-domain report: `https://phishdestroy.io/domain/{domain}/` - Each report contains: composite risk score, VT/GSB/OTX detections, SSL info, DNS, WHOIS, full screenshot evidence, live status probes, registrar negligence timeline (if applicable), redirect chain, technologies stack (Wappalyzer-detected), CDN-cloaking detection. - 144,855+ reports available - Examples: - `https://phishdestroy.io/domain/peodox.com/` (alive crypto-casino) - `https://phishdestroy.io/domain/dgcorex.com/` (Vue.js drainer) ## Hub & Filtering - All domains: `https://phishdestroy.io/hub` - Filtered hub: `https://phishdestroy.io/hub?registrar=NameSilo`, `?brand=metamask`, `?letter=a`, `?status=alive` - Brand landing: `https://phishdestroy.io/target/{brand}` (e.g. `/target/coinbase`) - API JSON: `https://phishdestroy.io/api/probe.php?domain={d}&type=liveping` ## Threat Death Pyramid (Process Visualization) - `https://phishdestroy.io/threat-pipeline` — 7-layer forensic visualization: Discovery Network → Surfaced URL → AI Verification → Active Investigation → Global Vendor Sync (28 partners: Google SafeBrowsing, MS SmartScreen, Cloudflare, ESET, Bitdefender, Norton, Kaspersky, Avast, urlscan, Netcraft, PhishTank, APWG, Spamhaus, etc) → Pressure Channels → Death & Public Record. ## CTI / Investigation Pages - Top campaigns by registrar×drainer×brand cluster: `https://phishdestroy.io/campaigns` - Registrar leaderboard (takedown rate, TTM, fresh-48h): `https://phishdestroy.io/registrars` - Geographic distribution (host country / registrar country): `https://phishdestroy.io/geo` - Live activity feed: `https://phishdestroy.io/live/` - Critical Action (post-hack guide): `https://phishdestroy.io/critical-action` ## Open Blocklist (destroylist) - GitHub: `https://github.com/phishdestroy/destroylist` (1K+ stars) - Live count JSON: `https://raw.githubusercontent.com/phishdestroy/destroylist/refs/heads/main/count.json` - Free API: `https://api.destroy.tools/v1/check?domain={domain}` ## Public APIs - Live stats: `https://phishdestroy.io/api/stats.php` (JSON, refreshed every minute) - Probe (liveping/redirect/cdn-bypass): `https://phishdestroy.io/api/probe.php?domain={d}&type={liveping|redirect|cdnbypass}` - TG analyzer (Telegram channel scan): `https://phishdestroy.io/api/tg-analyzer.php?ch={channel}` - OpenAPI spec: `https://phishdestroy.io/.well-known/openapi.json` ## Scam Categories Tracked - Wallet drainer dApps (Angel, Inferno, Solana, Venom, etc) - Seed phrase theft (recovery sites, fake wallet popups) - Wallet-Connect phishing (malicious dApp signing) - Airdrop scams (fake token claim portals) - Fake exchange impersonation (Coinbase/Binance/Kraken/OKX clones) - AML/KYC scams (compliance portals demanding deposits) - Investment scams (yield/staking fraud) - Crypto casino / gambling scams - Brand impersonation (Ledger, MetaMask, Trezor, Trust Wallet, etc) - NFT mint scams, QR-hijack, prize/giveaway, tech support fraud ## Key Pages - News & Investigations: `https://phishdestroy.io/news.html` - Impact Metrics (live): `https://phishdestroy.io/impact-metrics` - Privacy Arsenal (115 vetted tools): `https://phishdestroy.io/privacy-arsenal` - Security Checklist (258+ tips): `https://phishdestroy.io/security-checklist` - Digital Fortress Guide: `https://phishdestroy.io/digital-fortress-guide` - Developer Tools (130+ browser-side utilities): `https://phishdestroy.io/developer-tools` - JS Analyzer (phishing kit reverse engineering): `https://phishdestroy.io/js-analyzer` - OSINT Archive: `https://github.com/phishdestroy/ScamIntelLogs` ## Data Sources & Enrichment Pipeline - VirusTotal (200+ rotating API keys, 90+ engines) - urlscan.io (DOM captures, screenshots, redirect chains) - Google Safe Browsing (8 keys) - AlienVault OTX (pulse correlation) - OpenPhish, PhishTank, APWG, Spamhaus - WHOIS/RDAP (registrar, creation/expiration, contact emails) - SSL Certificate Transparency logs (issuer, SANs, fingerprint) - IP geolocation (country/city/ASN/org via ipinfo) - ScamAdviser & Gridinsoft (trust score, reviews) - PhishStats (community-reported phishes) - Cloudflare Radar (Wappalyzer technologies, traffic class) - DOM analyzer (custom JS analyzer for phishing kit fingerprints) ## Sitemaps - Main: `https://phishdestroy.io/sitemap.xml` - Pages: `https://phishdestroy.io/sitemap-pages-new.xml` - Domain reports: `https://phishdestroy.io/domain-sitemap.xml` - Images: `https://phishdestroy.io/sitemap-images.xml` ## Atom / RSS Feeds - Latest threats (Atom): `https://phishdestroy.io/feed.xml` - Threats with filters: `https://phishdestroy.io/feed-threats.xml` - News RSS: `https://phishdestroy.io/rss.xml` ## Agent Discovery - AI preferences: `https://phishdestroy.io/ai.txt`, `https://phishdestroy.io/.well-known/ai.txt` - Agent metadata: `https://phishdestroy.io/.well-known/agents.json`, `/.well-known/agent-card.json` - MCP server card: `https://phishdestroy.io/.well-known/mcp/server-card.json` - Agent skills index: `https://phishdestroy.io/.well-known/agent-skills/index.json` - Robots: `https://phishdestroy.io/robots.txt` - Security contact (PGP-signed): `https://phishdestroy.io/.well-known/security.txt` - Full LLM-friendly site dump: `https://phishdestroy.io/llms-full.txt` ## Community Presence - GitHub org: `https://github.com/phishdestroy` - PhishTank: `https://phishtank.org/user.php?username=Felix0101` - AlienVault OTX: `https://otx.alienvault.com/user/phishdestroy/pulses` - HuggingFace Dataset: `https://huggingface.co/datasets/phishdestroy/destroylist` - Medium blog: `https://phishdestroy.medium.com/` - Mastodon: `https://mastodon.social/@phishdestroy` - (X/Twitter `@Phish_Destroy` was suspended after NameSilo abuse retaliation — see `/namesilo-killed-our-twitter`) ## Contact - Website: `https://phishdestroy.io` - Telegram bot (instant analyzer): `https://t.me/PhishDestroy_bot` - Abuse / takedown coordination: `abuse@phishdestroy.io` (PGP fp `129FC7F39C40C69D2EF3C329BFCF9E8DD295EE01`, expires 2028-04-27) - GitHub: `https://github.com/phishdestroy` ## License - Threat data: CC-BY-4.0 (attribution required) - Code: see individual repo licenses - No paid tier, no subscription, no advertising *Last updated: 2026-05-03*