Phishing URL Detector

Python, scikit-learn, pandas · 2026 · View the code on GitHub

The problem

Phishing links are designed to look boring. I wanted to know how much of that disguise a model could see through using nothing but the URL string itself.

What I built

A class-weighted random forest trained on ~160,000 labeled URLs from a public Kaggle dataset, using 7 lexical features I engineered by hand: has_https, url_length, num_dots, num_hyphens, has_ip, count_digits, and has_extension.

The real lesson was the imbalance

The dataset has roughly 194 legitimate URLs for every phishing URL. A model that labels everything "safe" scores wonderfully on raw accuracy and catches nothing. So I used balanced class weights and judged the model on metrics that survive a skewed base rate, instead of quoting a headline accuracy number that the base rate hands you for free.

Known limitation, and the plan

Lexical features can't catch lookalike domains; go1gle.com reads as clean. Version 2 adds edit-distance comparison against known brand names to flag character-substitution attacks.

Every line of this one is mine, no frameworks doing the thinking, which is exactly why it taught me the most.

See ThreadBack → · Back to projects →