Inspiration
Every day, 3.4 billion phishing emails are sent worldwide. Most people can't tell a fake URL from a real one — and the tools that security professionals use are too technical for everyday users. We built PhishGuard to close that gap: a tool that gives anyone instant access to professional-grade threat intelligence, explained in language you don't need a security degree to understand.
What It Does
PhishGuard analyzes any URL and delivers a comprehensive threat report in under 10 seconds:
- Threat Score (0–100) — A weighted composite score across 5 signal categories
- AI Analyst Verdict — Groq AI (Llama 3.3 70B) synthesizes all findings into a plain-English paragraph, like having a security analyst on call
- 90+ Vendor Scan — Cross-references VirusTotal's entire vendor database simultaneously
- Domain Intelligence — RDAP/WHOIS lookup reveals domain age (a brand-new domain is a huge red flag), registrar, and country
- URL Structure Analysis — Detects homoglyph attacks (paypa1.com vs paypal.com), suspicious TLDs, brand impersonation in subdomains, entropy scoring, and 12+ other structural signals
- IP & Server Intel — Geolocates the hosting server, identifies the ISP, and flags datacenter IPs often used for anonymous phishing infrastructure
- Google Safe Browsing + URLhaus — Real-time checks against Google's and abuse.ch's threat databases
- Phishing Education Hub — Interactive quiz and visual breakdown of 6 common phishing tactics
Verdict classifications: 🟢 SAFE · 🔵 LOW RISK · 🟡 SUSPICIOUS · 🟠 LIKELY PHISHING · 🔴 CONFIRMED THREAT
How We Built It
The architecture has two main layers:
Analysis Engine (urlAnalysis.js + apiService.js)
All threat checks run in a sequential pipeline via a custom useScanner hook. URL structure analysis runs locally (no API needed), then domain/IP lookups, then external threat feeds in parallel, and finally the Groq AI call which receives a structured JSON summary of all findings and returns a narrative verdict.
Frontend (React + Tailwind CSS) Built with a custom dark design system — deep navy backgrounds, electric cyan accents, and verdict-specific glow colors. Key UI moments: an animated radar scanning progress screen, a radial SVG threat gauge that fills on load, and a tabbed report layout (Overview, Threat Feeds, Domain & IP, URL Structure). A particle network canvas runs in the background.
Groq Integration After all signals are collected, we send a structured summary to Groq's Llama 3.3 70B model with a system prompt instructing it to act as a senior cybersecurity analyst. The response arrives in under 1 second — fast enough to feel like a live analysis.
Challenges We Faced
- CORS restrictions — Most threat intelligence APIs don't allow direct browser calls. We handled this with a combination of CORS-friendly endpoints (URLhaus, ip-api.com, RDAP) and carefully structured VirusTotal requests.
- No false confidence — Designing the scoring algorithm to avoid both false positives (legitimate sites flagged) and false negatives (phishing sites missed) required careful weight tuning across 5 signal categories.
- Making it understandable — The hardest UX challenge wasn't the data — it was presenting raw threat signals in a way that a non-technical user immediately understands. The Groq AI narrative layer was the key breakthrough here.
What We Learned
- Domain age is one of the strongest single phishing indicators — most phishing domains are under 30 days old
- Groq's inference speed (sub-second responses) makes real-time AI analysis genuinely viable in a web app
- The gap between "technically flagged" and "human-understandable" is enormous — and closing it is where the real security value lives
What's Next
- Browser extension for inline URL warnings while browsing
- Email header analyzer (SPF/DKIM/DMARC validation)
- Bulk URL scanning for security teams
- API endpoint for developers to integrate PhishGuard into their own tools
Built With
- 3.3
- 70b
- api
- browsing
- css
- groq
- ip-api
- javascript
- llama
- node.js
- rdap
- react
- safe
- tailwind
- urlhaus
- virustotal
- vite
Log in or sign up for Devpost to join the conversation.