Layer 1: reserved words
2,400+ words tied to phishing, including Saudi bank names, government services (absher, nafath), and brands. Updated weekly.
Layer 2: domain blocklist
45,000+ known-phishing domains from PhishTank + our internal feed.
Layer 3: brand impersonation (fuzzy)
Alias attempts mimicking famous brands (alrajih, noo n, al-rajhi) are rejected. Levenshtein distance ≤ 2.
Layer 4: Google Web Risk API
Before activation, we send the URL hash to Google. If known as malware/phishing — instant reject.
Layer 5: Llama Guard 3
Destination is scanned by Meta's Llama Guard 3 for harmful content (drugs, weapons, self-harm).
Layer 6: rate-limit + honeypot
100 link attempts per minute from one account → 429. Honeypot form fields catch bots.
What if a link is caught after activation?
It's instantly disabled, visitors are routed to cd4cd.com/blocked with an explanation, and the account owner is notified.