PhishDestroy

PhishDestroy API

Free, open-source threat intelligence API for detecting phishing sites and cryptocurrency scams in real time

♥ Volunteer ProjectOpen SourceFree ForeverNo API Key
...
Unique Domains
...
Primary List
...
Community
...
Active Threats


API Reference


GET/v1/checkcore
Check a single domain for threats. Returns risk score (0-100), severity level, matched blocklists, suspicious keyword detection, and automatic subdomain-to-parent domain matching.
domainstringDomain to check (required). Also accepts d or url
curl "https://api.destroy.tools/v1/check?domain=metamask-login.xyz"
{
  "domain": "metamask-login.xyz",
  "threat": true,
  "severity": "critical",
  "risk_score": 85,
  "active": true,
  "lists": { "primary": true, "community": true },
  "flags": ["curated_blocklist", "community_reported", "dns_active", "multi_source", "suspicious_keywords", "risky_tld"],
  "matched_keywords": ["metamask", "login"],
  "checked_at": "2025-02-10T22:00:00.000Z"
}


POST/v1/check/bulk500/req
Check up to 500 domains in a single request.
curl -X POST "https://api.destroy.tools/v1/check/bulk" -H "Content-Type: application/json" -d '{"domains":["metamask-login.xyz","google.com"]}'


GET/v1/searchsearch
Search blocklisted domains by substring.
qstringSearch query, min 3 chars
limitintMax results (default 50, max 200)
curl "https://api.destroy.tools/v1/search?q=metamask&limit=10"


GET/v1/feed/{list}
Download full domain feeds. Lists: primary community primary_active community_active


GET/v1/stats
Live statistics: domain counts, last sync, API version.


Quick Start




const r = await fetch("https://api.destroy.tools/v1/check?domain=" + domain);
const data = await r.json();
if (data.threat) console.warn("BLOCKED:", data.severity, "score:", data.risk_score);


import requests
r = requests.get(f"https://api.destroy.tools/v1/check?domain={domain}")
if r.json()["threat"]: print("PHISHING:", r.json()["severity"])


Threat Scoring


Every domain gets a risk score (0-100) based on multiple signals:




+40Curated blocklist


+20Community reported


+30DNS active


+10Multi-source


+5eaSuspicious keywords


+5Risky TLD


Critical 70-100 · High 40-69 · Medium 20-39 · Low 1-19


About




PhishDestroy is a volunteer-driven, open-source cybersecurity project fighting phishing and cryptocurrency scams since 2019. Over 500,000+ threats neutralized across 25+ networks.


The API is free, requires no API key, and syncs hourly from the destroylist repository. Use it in browser extensions, security tools, firewalls, bots, or SIEM systems.


We don't just collect — we destroy.


Integrated Sources




📥
MetaMask
eth-phishing-detect


🔎
ScamSniffer
scam-database


🐟
OpenPhish
openphish.com


🛡
SEAL
security-alliance


ChainPatrol
chainpatrol.io


🏠
URLhaus
abuse.ch


🛡
Hagezi
dns-blocklists


Polkadot JS
polkadot-js


+ many more integrated into our threat intelligence pipeline


Disclaimer: PhishDestroy is a volunteer community project provided "as is" without warranty. A domain not being listed does not guarantee it is safe. False positives may occur.





🌐 Website
⭐ GitHub
💬 Telegram
𝕏 Twitter
🤖 Bot


© 2019-2025 PhishDestroy · Made with ❤️ by volunteers


No tracking · No ads · No API keys · Terms · Appeals