You need to load the URL, if you want to check if a fake Google login page shows up or something like that.
And the phishers are trying to evade your URL scanner. If your URL scanner has an identifiable user-agent, or doesn't execute javascript, or there's anything else that makes it identifiable, they'll show a boring legitimate page to your scanner and only phish the real users.
As I understand it, self-serve ad networks have similar challenges detecting ads placed by scammers.
E-mails show up with obfuscated links all the time; you can't detect phishing just from the URL if legitimate e-mails are using https://us123.list-manage.com/track/click?u=87958734095826 as an URL.
You need to load the URL, if you want to check if a fake Google login page shows up or something like that.
And the phishers are trying to evade your URL scanner. If your URL scanner has an identifiable user-agent, or doesn't execute javascript, or there's anything else that makes it identifiable, they'll show a boring legitimate page to your scanner and only phish the real users.
As I understand it, self-serve ad networks have similar challenges detecting ads placed by scammers.