A full-stack URL threat scanner with deep analysis across DNS records, SSL certificates, redirect chains, heuristic detection, and VirusTotal integration.
Live Demo: arsh0198.github.io/threat-scanner
- 🎯 Risk Score (0–100) with animated bar
- 🎣 Phishing keyword detection
- 🦠 Malware indicator detection
- 🎭 Homoglyph / Cyrillic character detection
- 👥 Typosquatting detection (Levenshtein distance vs 14 major brands)
- 🔗 URL shortener detection
- 🚨 IP-as-host detection
- 📏 Hostname length & subdomain depth analysis
- 🕓 Persistent scan history (localStorage)
- 🌙 Dark terminal aesthetic
- 🌐 Real DNS lookup (A records, MX, NS, SPF)
- 🔒 SSL/TLS certificate inspection (issuer, expiry, protocol)
- 🔁 Redirect chain following (up to 5 hops)
- 🔴 VirusTotal API integration (70+ antivirus engines)
- ⚡ Parallel async analysis for fast results
threat-scanner/
├── public/
│ ├── index.html # App UI
│ ├── style.css # Dark terminal styles
│ └── app.js # Frontend logic
├── server.js # Express API backend
├── package.json
└── README.md
- Push this repo to GitHub
- Go to Settings → Pages → Source: main → / (root)
(Pages will servepublic/index.htmlif root has no index.html)
Actually: renamepublic/index.html→ move files to root, OR use/publicas the Pages source folder... or just follow Step 2 first.
Easiest: upload the contents of the
public/folder directly to the root of your repo (alongsideserver.js). GitHub Pages will findindex.htmlat root.
- Go to render.com → New → Web Service
- Connect your GitHub repo
- Settings:
- Build command:
npm install - Start command:
node server.js - Environment: Node
- Build command:
- Add environment variable:
VIRUSTOTAL_API_KEY→ get your free key at virustotal.com
- Click Deploy
- Copy your Render URL (e.g.
https://threatscan-xyz.onrender.com)
Open public/app.js and update line 7:
const BACKEND_URL = 'https://threatscan-xyz.onrender.com';Commit and push — done!
| Check | Points |
|---|---|
| No HTTPS | +20 |
| IP as hostname | +35 |
| Suspicious TLD | +20 |
| URL shortener | +25 |
| Phishing keywords | +12 each (max 40) |
| Malware keywords | +10 each (max 30) |
| Homoglyph characters | +40 |
| Typosquatting | +35 |
| Long hostname | +15 |
| Deep subdomains | +15 |
| Heavy URL encoding | +15 |
| @ trick | +30 |
| VirusTotal detections | +10 per engine |
- 0–24 → 🛡️ Safe
- 25–59 →
⚠️ Suspicious - 60–100 → ☠️ Dangerous
Disclaimer: Heuristic analysis only. Not a replacement for professional security tools. Always verify with multiple sources.
Made by Arsh Abbasi · github.com/arsh0198