| Rule No | Description |
|---|---|
| 1 | HTTPS usage check |
| 2 | Raw IP address detection |
| 3 | URL length analysis |
| 4 | @ symbol detection |
| 5 | Subdomain depth |
| 6 | Suspicious TLD detection |
| 7 | Certificate age check |
| 8 | Hyphen usage |
| 9 | URL shorteners |
| 10 | Login keywords |
| Rule No | Description |
|---|---|
| 21 | Unicode / Homoglyph detection |
| 22 | Typosquatting detection |
| Rule No | Description |
|---|---|
| 18 | Clone phishing (DOM similarity heuristic) |
| 28 | Clipboard hijacking detection (L1/L2 behavioural analysis) |
| Rule No | Description |
|---|---|
| 30 | Semantic phishing intent detection |
Rules 11–17, 19, 20, 23, 24, 25, 27 and 29 are part of the extended PhishAID framework. These require advanced techniques such as machine learning, behavioral analysis, and external threat intelligence APIs.