How It Works

We use the Levenshtein Distance algorithm to calculate the similarity between the input URL and our whitelist of known legitimate domains (e.g., comparing goog1e.com to google.com). If a domain is deceptively similar, it is immediately flagged.

The engine scans for high-risk keywords often used in social engineering attacks, such as login, secure, verify, or update-payment. The presence of these words in a non-whitelisted domain lowers the trust score.

Certain Top-Level Domains (TLDs) like .xyz, .top, or .gq are statistically more likely to be used for spam. We apply a penalty score when these are combined with other risk factors.

Our whitelist isn't static. It grows as the community reports and verifies new safe domains. The engine uses this constantly updated list to verify new links against community-trusted knowledge.