How to Build a Phishing URL Scanner in JavaScript (Free APIs)

Phishing attacks cost businesses $4.76 billion per year. But you can build a basic URL scanner in under 100 lines of code using free APIs. Here's what we'll build: a tool that takes any URL and returns a risk assessment based on DNS records, IP geolocation, domain age signals, and a visual screenshot. The Architecture Our scanner performs 4 checks on every URL: DNS Resolution — Does the domain resolve? What IPs does it point to? IP Geolocation — Where are the servers located? (Suspicious hosting = red flag) Page Content — Does the page contain login forms, credential fields, or brand impersonation? Visual Screenshot — Capture what the page looks like for evidence Each check uses a free API — no API keys needed to start. Setup mkdir url-scanner && cd url-scanner npm init -y No dependencies needed — we're using fetch (built into Node.js 18+). The Scanner // scanner.js const API_BASE = ' https://frostbyte-api.vercel.app ' ; async function scanUrl ( targetUrl ) { const url = new URL ( targ