This sounds a good idea, and agreed that existing "safety nets" are quite lacking... Also proxying the API would be non-trivial at scale, unless you wanted to build out infrastructure to do that quickly (i.e. some kind of cache-or-fetch-and-cache)
Realistically most users will get to a bad site either via a search engine (more likely... an ad on a search engine, which Orion + Kagi will avoid), or clicking a link in email. That is handled by most webmail services now (and even some non-web mail) by their protection systems that rewrite links (yuck... but it works for non expert users I guess).
For a real targeted attack you will use a new URL that isn't on a blacklist, so I guess these measures have reducing value in an era of free SSLs and cheap domains!