📄 DOCUMENTATION

Repository Map

Everything you need to know — directory structure, automation schedules, data formats, download links, and integration guides.

📂
Repository Structure

Every directory has a README with documentation, download links, and usage examples.

🎯

list.json / list.txt

Primary blocklist — all PhishDestroy curated phishing & scam domains. The source of truth.

list.jsonlist.txtcount.json
View on GitHub →
📡

dns/

DNS intelligence engine. Multithreaded validator (100 threads) checks A/AAAA/CNAME/MX/NS records. Live vs dead classification.

active_domains.jsondead_domains.jsoncontent_active.jsontoday_added.jsonweek_added.jsonmonth_added.json
View dns/ →
🌐

community/

Aggregated from 13+ community threat intel feeds. Filtered, normalized, DNS-validated. Separate from primary to maintain data integrity.

blocklist.jsonlive_blocklist.jsoncontent_live.json
View community/ →
🛡️

rootlist/formats/

Pre-built blocklist configs for every platform — Pi-hole, Unbound, uBlock Origin, BIND RPZ, hosts file. 4 lists × 6 formats.

domains.txthosts.txtadblock.txtdnsmasq.confunbound.confrpz.zone
View formats/ →
🗂️

rootlist/arrays/

Full blocklist split into 34 JSON shards (3K domains each). Optimized for CDN edge caching, pagination, browser extensions.

part_000.jsonpart_033.json
View arrays/ →
🗄️

archives/

Historical snapshots for research. Weekly (every Sunday) and monthly full blocklist state. Train ML models, track trends.

weekly/YYYY-WXX.jsonmonthly/YYYY-MM.json
View archives/ →

allow/

Allowlisted domains — false positive protection. Domains here are automatically excluded from all blocklists during processing.

View allow/ →
⚙️

scripts/

Python processing pipeline — validation, cleaning, format conversion, rootlist building, sharding. Plus the GitHub Pages website.

validate_json.pyjson_to_txt.pybuild_rootlist.pybuild_shards.pycalculate_stats.py
View scripts/ →
Automation & Schedules

Fully automated pipeline. Domains flow from detection → validation → DNS check → format conversion → deployment.

📋 On List Update
event
push → list.json, dns/*, community/*
Full processing pipeline: validate → clean → convert formats → update counts → build rootlist → shard → commit. Triggered on every domain addition.
🔄 Scheduled Update
every 15 min
cron: */15 * * * *
DNS validation cycle. Resolves every domain, classifies live vs dead, updates active domain feeds. 100 concurrent threads.
📊 Update Statistics
every 6h
cron: 0 */6 * * *
Recalculates all statistics, updates badge count endpoints for shields.io, generates aggregate metrics.
🌐 Deploy Pages
every 3h
cron: 0 */3 * * *
Rebuilds and deploys the PhishDestroy website + this documentation page via Jekyll + GitHub Pages.
🔗 Check Links
weekly
cron: weekly + push to *.md
Validates all links across markdown files. Catches broken URLs before they affect users.
🧹 Stale Issues
daily 06:00
cron: 0 6 * * *
Labels inactive issues after 60 days. Auto-closes after 14 more. Exempts: pinned, security, appeal labels.
📦
Data Formats & Downloads

Primary Active is recommended for production blocking — only DNS-verified live threats.

ListTypeDomainsGitHub
PrimaryCurated — all~100Kformats/primary/
Primary Active ⭐Curated — live only~51Kformats/primary_active/
Community13+ feeds — all~830Kformats/community/
Community Active13+ feeds — live~285Kformats/community_active/
FormatFileCompatible With
Plain domainsdomains.txtAny tool, scripts, custom integrations
Hosts filehosts.txtWindows, macOS, Linux /etc/hosts
AdBlock filteradblock.txtuBlock Origin, AdGuard, AdBlock Plus
DNSMasq configdnsmasq.confPi-hole, OpenWrt, DNSMasq
Unbound configunbound.confUnbound DNS resolver
Response Policy Zonerpz.zoneBIND, Knot, PowerDNS
📊
Monthly Threat Reports

Each month folder contains a full analytics report: registrar abuse, TLD distribution, geolocation, brand targeting, crypto drainers, VirusTotal engine coverage, activity charts, and downloadable threat JSON.

2025
July 2025700
August 20253,788
September 20257,307
October 20258,841
November 202512,581
December 202511,773
2026
January 20268,932
February 202618,207
March 20264,042
🔧
Processing Pipeline

When domains are added to list.json, this pipeline runs automatically:

01

validate_json.py

Validates JSON structure of all list files

02

validate_and_clean.py

Removes false positives using allow/ lists

03

json_to_txt.py

Converts to 6 output formats — hosts, adblock, dnsmasq, unbound, rpz, plain

04

update_counts.py

Updates count.json badge endpoints for shields.io

05

build_rootlist.py

Extracts root domains via tldextract, filters infrastructure providers, validates DNS

06

build_shards.py

Splits root domains into 34 JSON shards (3K each) for CDN distribution

🔌
API Endpoints

Free, no API key required. Base URL: api.destroy.tools

MethodEndpointDescription
GET/v1/check?domain=Check if a domain is in the blocklist. Returns risk score + metadata.
GET/v1/search?q=Search domains by keyword or pattern.
POST/v1/check/bulkBulk check — newline-separated domains in body.
GET/v1/feed/primaryPrimary threat feed — latest additions.
GET/v1/statsLive statistics — counts, rates, trends.