Switch from using new URL to url.parse

[niftylettuce]

IDN homograph attack URL's are improperly parsed (e.g. ones that may contain Greek characters).

> new URL('http://xn--bankofmerca-3ij68171c.vg')
Uncaught TypeError [ERR_INVALID_URL]: Invalid URL: http://xn--bankofmerca-3ij68171c.vg
    at onParseError (internal/url.js:257:9)
    at new URL (internal/url.js:333:5)
    at repl:1:1
    at Script.runInThisContext (vm.js:120:20)
    at REPLServer.defaultEval (repl.js:430:29)
    at bound (domain.js:426:14)
    at REPLServer.runBound [as eval] (domain.js:439:12)
    at REPLServer.onLine (repl.js:758:10)
    at REPLServer.emit (events.js:323:22)
    at REPLServer.EventEmitter.emit (domain.js:482:12) {
  input: 'http://xn--bankofmerca-3ij68171c.vg',
  code: 'ERR_INVALID_URL'
}
> url.parse('http://xn--bankofmerca-3ij68171c.vg');
Url {
  protocol: 'http:',
  slashes: true,
  auth: null,
  host: 'xn--bankofmerca-3ij68171c�.vg',
  port: null,
  hostname: 'xn--bankofmerca-3ij68171c�.vg',
  hash: null,
  search: null,
  query: null,
  pathname: '/',
  path: '/',
  href: 'http://xn--bankofmerca-3ij68171c�.vg/'
}

I am submitting a PR now for this.

[niftylettuce]

Actually, url.parse seems to have issues too. I think perhaps url-parse might be a better solution, one that is cross-browser/platform compliant as well.

[niftylettuce]

Hmm, I see why this one failed:

> punycode.toASCII('xn--bankofmerca-3ij68171c.vg')
'xn--bankofmerca-3ij68171c.vg'
> punycode.toUnicode('xn--bankofmerca-3ij68171c.vg')
'bankofаmerꭵca.vg'

It looks like PhishTank is allowing URL's that are not actually valid. I'll have to add extra logic to workaround this in my usage with Spam Scanner.