Upload app.py

app.py

@@ -346,8 +346,7 @@ def predict_url(payload: PredictUrlPayload):
                         "url_col": url_col,
                     }
 
-        # Typosquat guard: if SLD is very similar to common brands but not exact,
-        # short-circuit as phishing with high confidence to match notebook demos.
+        # Typosquat guard: mirror notebook fallback logic.
         try:
             s_host = (urlparse(_ensure_scheme(url_str)).hostname or "").lower()
             s_sld = s_host.split(".")[-2] if "." in s_host else s_host
@@ -365,12 +364,14 @@ def predict_url(payload: PredictUrlPayload):
                 except Exception:
                     from difflib import SequenceMatcher
                     return SequenceMatcher(None, a, b).ratio()
-            is_exact = any(s_clean == _normalize_brand(b) for b in brands)
-            if s_clean and not is_exact:
+            if s_clean:
                 best = 0.0
                 for b in brands:
                     best = max(best, _sim(s_clean, _normalize_brand(b)))
-                if best >= 0.82:
+                has_digits = bool(re.search(r"\d", s_sld))
+                has_hyphen = ("-" in s_sld)
+                is_official = any(s_host.endswith(f"{_normalize_brand(b)}.com") for b in brands)
+                if (best >= 0.90) and (has_digits or has_hyphen) and (not is_official):
                     phish_is_positive = True if URL_POSITIVE_CLASS_ENV == "" else (URL_POSITIVE_CLASS_ENV == "PHISH")
                     label = "PHISH"
                     predicted_label = 1 if ((label == "PHISH") == phish_is_positive) else 0