How to Scan URLs for Phishing Threats & Other Malicious Content in Node.js

Documents and executable files aren’t the only content types commonly exploited by threat actors. Malicious URLs are just as common, and without a way of quickly identifying URL threats, we leave ourselves vulnerable to scams and remote malware downloads.

Thankfully, using the below code, we can build a free API into our Node.js applications that specializes in checking URLs for phishing scams and malicious content. When threats are identified, the underlying service will call out what type of website threat type it detected in the response body, and if the URL links to any known virus types, it’ll point those out in a separate object. To authorize our API calls, we’ll just need a free-tier API key, which we can get by registering a free account on the Cloudmersive website.

We can begin structuring our API call by installing the SDK. There’s two ways we can do that — either by running this command:

npm install cloudmersive-virus-api-client --save

Or by adding this snippet to our package.json:

  "dependencies": {
    "cloudmersive-virus-api-client": "^1.1.9"
  }

Finally, we can use the below code to call the function & complete our request:

var CloudmersiveVirusApiClient = require('cloudmersive-virus-api-client');
var defaultClient = CloudmersiveVirusApiClient.ApiClient.instance;

// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';



var apiInstance = new CloudmersiveVirusApiClient.ScanApi();

var input = new CloudmersiveVirusApiClient.WebsiteScanRequest(); // WebsiteScanRequest | 


var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.scanWebsite(input, callback);

Now we can rapidly detect URL threats and prevent malicious links from exploiting our system.