Classify a URL.
QLoRA fine-tune of google/gemma-4-E4B-it over the gateguard phishing-indicator taxonomy. Paste a URL — the server extracts indicators (URL-only or with a server-side DOM fetch), runs the classifier, returns a verdict.
The URL-only extractor implements ~12 URL-string-derivable indicators (IP hostname, suspicious TLD, brand impersonation, free-hosting platforms, etc.). The optional DOM fetch adds ~6 header/DOM signals (CSP, HSTS, login-form analysis). The model was trained on richer feature-extracted indicators; this minimal extractor is a clean-room implementation for the open-source demo.
Don't point this at anything you wouldn't open in a sandboxed browser tab. The DOM fetch executes the target page's JavaScript inside the server's headless Chromium.