Malicious Link Detection
How We Protect Your Links
When We Scan
Your links are checked at multiple points:
- Before saving – When you create, edit, or duplicate a link
- Daily rescans – Every day for a set period of time after the link is created or edited
- Following redirects – We scan the final destination, not just the first hop
What We Check For
Using Google Web Risk technology, we detect:
- Phishing sites – Fake pages designed to steal credentials
- Malware – Sites that distribute viruses or harmful software
- Deceptive content – Fraudulent or misleading websites
How Deep We Look
- We follow up to 3 redirects to find the true destination
- Links with more than 3 redirects are automatically blocked
- We scan the final URL, not just your short link
When a Link Gets Flagged
🚫 Blocked Before Creation
If we detect a threat while you're creating, editing, or duplicating a link:
- You'll see a blocked modal
- The link won't be saved – We block it before it gets saved
- You can try again – Fix the destination URL and recreate the link
⚠️ Flagged After Creation
Sometimes a safe link becomes dangerous later. If our daily scans detect a new threat:
What you'll see:
- A warning icon (⚠️) next to the link in your dashboard, and the link color will turn red
- You will not be able to click, edit, delete, duplicate, copy the link, or download the QR Code
Troubleshooting Flagged Links
Step 1: Investigate the Destination
Check where your link actually goes:
- Manually visit the destination URL
- Follow any redirects to see the final page
- Look for anything suspicious: unexpected pop-ups, download prompts, or unfamiliar content
Common causes:
- The destination site was hacked or compromised
- A redirect in your chain points to a malicious site
- The page content changed after you created the link
Step 2: Fix or Replace
If you control the destination:
- Remove any malicious content or suspicious scripts
- Check if your site was compromised
- Eliminate any unwanted redirects
- Update your security measures
If you don't control the destination:
- Contact the site owner to alert them
- Find an alternative, secure URL
- Use a different source for your campaign
Step 3: Create a New Link
Once the issue is resolved:
- Verify the destination is clean and working
- Create a new shortened link
- Test it to confirm it works properly
False Positives: What If Your Link Is Safe?
We understand that security tools can occasionally flag legitimate content by mistake.
If You Believe Your Link Was Incorrectly Flagged
Contact our support team and include:
- The short link that was flagged (e.g., utm.rocks/abc123)
- The destination URL where it should redirect
- Why you believe it's safe – Explain the legitimate business purpose
- Any context – Is this your own site? A well-known brand? Educational content?
What happens next:
- Our team will manually review your link within 3-4 business days
- If it's a false positive, we'll unblock it and email you
- If the security concern is valid, we'll explain why and suggest alternatives
Frequently Asked Questions
Why does UTM.io scan links? Other shorteners don't.
We're committed to keeping our platform safe for everyone. Link shorteners are sometimes abused for phishing and malware, and we take proactive steps to prevent that.
Can I disable scanning for my links?
Security scanning protects both you and your audience. However, Enterprise accounts have different scanning policies. Contact sales if you have specific requirements.
How long does the review process take?
Manual reviews typically take 1-2 business days. We'll email you as soon as we've made a decision.
Will my link be automatically unblocked if the destination is fixed?
No. Our daily scans will continue, but once flagged, a link requires manual review before it's unblocked.
Still Have Questions?
Our support team is here to help. Contact us through: [email protected]