CyphX is a web-based cybersecurity tool that analyzes URLs for potential threats using Google Safe Browsing API and custom risk detection logic. It classifies websites as Safe, Suspicious, or Dangerous in real-time.
Debugged and styled using claude (sonnet 4.6)
shipped Cyph-X
url safety checker that runs domains through heuristics, WHOIS, redirect tracing, DNS, SSL, Google Safe Browsing and a GPT-4o-mini pass before giving a verdict. seven risk signals, each weighted — anything hitting 2+ gets flagged before it even touches the AI layer.
pent some time cleaning up the backend before calling this done.
Biggest thing was the duplicate heuristic_flag — it was being computed twice,
once before the WHOIS block and again after DNS, so the first evaluation was just
getting thrown away. Fixed that, now risk accumulates across all signals before
the threshold check.
Also tightened up the SSL block. Added self-signed detection and a days-left
check so certs expiring within 10 days bump the risk score same as an invalid one.
Fits naturally into the pipeline between DNS and Safe Browsing.
Log in to leave a comment
added a bunch of small but solid features today.
first was the loading spinner — replaced the plain “Checking… pls wait” text w a css spinner. literally just a div w a border animation, no extra libraries. small thing but makes it feel way more polished.
then added redirect checker. uses python’s requests library w allow_redirects=True so no extra api needed. tracks the full redirect chain, counts hops, checks if the final domain is different from the original. if it is, risk score goes up. more than 3 redirects also flags it. shows final url, status code, chain and whether the domain changed — all in the frontend.
had the usual issues. true instead of True, r.ur instead of r.url, missing closing bracket on urlparse, false instead of False, stray ) floating outside the except block. fixed all of it.
also updated all the return statements to include both whois and redirect so the frontend always gets the full data regardless of which check catches it.
Log in to leave a comment
added whoisjson.com api to pull domain info — registration date, expiry, registrar, country and domain age. all shows up below the result now. google.com showing registered 1997, expires 2028, 10442 days old. pretty clean.
had the usual pain tho. registrar was returning [object Object] bc it was a nested dict not a string — fixed by grabbing .get(“name”) from it. country was coming back unknown so had to dig into the registrant field instead. classic api inconsistency stuff.
also the api key wasnt working at first bc i accidentally shared it publicly lol. had to regenerate it and add it to vercel env vars properly.
now if a domain is under 30 days old it auto flags as suspicious. most scam sites dont last longer than that anyway so its a solid signal.
stack is getting real now — heuristics, google safe browsing, ai, whois. four layers. kinda hard to slip thru at this point ngl.
Log in to leave a comment
added check history today. simple js array, stores last 5 urls w a colored dot showing the status.
took longer than it shouldve bc of typos ngl. renderHistroy, lenght, ststus — spent way too long debugging that. also the card was cutting off the history bc of fixed height, fixed it w min-height and overflow-y:auto.
works tho. ship it.
Log in to leave a comment
added brand impersonation detection — if a url has “amazon” or “paypal” etc in the domain but isnt the real site, instant flag. took way longer than it shouldve bc it kept flagging instagram.com itself lol. fixed it w a safe domains list.
threw in fuzzy matching too so typosquatted domains like “instagrem.com” dont slip thru. difflib does the heavy lifting there.
cleaned up the heuristics — domain length, digit count, keywords like “login” and “verify”. nothing crazy but they do their job.
main thing was stacking openrouter ai on top. now the flow is heuristics → google safe browsing → ai. all three have to pass for a url to be safe. way more solid.
openrouter was a pain tho. wrong model name, missing space in the bearer token, vercel timeout issues. fixed all of it after way too many deploys.
tbh its not really a hackathon project anymore. its a real working tool. wild how much it changed from just a basic flask app.
domain age check is next. most scam sites are like 3 days old so that should catch a lot.
Now its a working
Log in to leave a comment
CyphX started as a basic URL checker using Google Safe Browsing, but it only catches known threats, so new phishing sites could easily pass . Now it’s upgraded to a 3-layer system: first, a quick heuristic scan checks for sus stuff like long/random domains or too many numbers and flags them instantly; then Safe Browsing handles known bad links; and finally, GPT-4.0 Mini checks unknown URLs and labels them safe / suspicious / danger. So now CyphX is way smarter—catching both old + new scams while staying fast
Log in to leave a comment
idea was simple — user pastes a url, app checks if its a scam. used flask for the backend and google safe browsing api for the actual threat detection. also added some basic heuristic checks like if the url has words like “login” or “verify”, if its too long, if it has hyphens — each adds to a risk score. depending on the score it returns safe, suspicious or danger.
ran into a few bugs while writing it — forgot to import request from flask, indentation was messed up so the risk checks never actually ran, and the api was flagging everything as a scam bc i was checking if data: instead of if “matches” in data:.
deploying
pushed to github and connected to vercel. this part was painful. vercel couldn’t find the app bc i had app = Flask(name) twice in the file. also had to add requirements.txt (typo’d it the first time ), set up vercel.json, and rename index.py to app.py. moved the api key to vercel env variables before it accidentally went public.
Lots of silly mistakes happened
Log in to leave a comment