§ url

url.

Parse a URL and inspect the parts. Beyond the standard split into protocol/host/path/query, surfaces things real-world phishing relies on: IDN homograph candidates, RTL bidi overrides, NULL bytes, double-encoded percent escapes, userinfo tricks, IP literals dressed up as domains.

parsing

uses the platform URL constructor — same parser the browser navigates with. inputs without a scheme are retried with http:// prepended.

flags

severity is opinionated. high = obvious red flag a phisher would use. medium = unusual but legitimate uses exist. low = informational.