Malicious URLs are designed to fool your eye. Homograph characters, Punycode encoding, lookalike subdomains — each technique exploits human pattern recognition. Train yours.
HOMOGRAPH
paypal.com vs paypa1.com
Letters replaced with visually identical characters
PUNYCODE / IDN
xn--pple-43d.com → ạpple.com
Unicode domains encoded to bypass ASCII filters
SUBDOMAIN ABUSE
paypal.com.evil.xyz
Legitimate brand as subdomain, evil domain as TLD
PATH DECEPTION
evil.com/paypal/login
Legitimate path on malicious domain