Affiliate Partners Pass Review -
Then Become a Risk
Then Become a Risk
Continuous validation for publisher onboarding, campaign QA, and live traffic monitoring.
Malicious redirects and script changes often activate after approval—disrupting campaigns and damaging network trust.
Continuous validation between approval and conversion
Built for high-volume affiliate environments — see how it works
Interactive demo. Figures reflect real-world deployment patterns.
0
Domains validated daily
0
Scans per month
0%
Less manual review
The problem — the approval gap
Publisher applies
→
Onboarding scan: clean
→
Campaign goes live
→
Week 2…
→
Malicious redirect injected
→
Advertiser escalates
→
Campaign paused
Approval is a snapshot. Partner domains are dynamic. The gap between the two is where revenue leaks — and where Quttera's API closes it.
The API — four integration points
Select a stage to explore the API: auto-advancing
Onboarding
Campaign QA
Live monitoring
Pre-payout
Scan publisher domain before approval
Two calls per publisher — malware scan and blacklist check — before any campaign goes live. Returns scanner result, blacklist status across Google, Yandex, Phishtank and others.
Step 1 — trigger malware scan
POSTscannerapi.quttera.com/api/v3/{api-key}/url/scan/partner-site.com.json
"error": 200,
"errorstr": "success",
"status": {
"blacklisted": "no",
"scanner_result": "undef",
"state": "DOWNLOAD",
"url": "partner-site.com"
}
Step 2 — retrieve report when state = DONE
GETscannerapi.quttera.com/api/v3/{api-key}/url/report/partner-site.com.json
"report": {
"state": "clean",
"scanned_files": 24,
"malicious_files": 0,
"suspicious_files": 0,
"blacklist_report": {
"blacklist_status": "NoThreat",
"providers": [
{ "name": "Google Safebrowsing", "status": "NoThreat" },
{ "name": "Yandex Safebrowsing", "status": "NoThreat" },
{ "name": "Phishtank", "status": "NoThreat" }
]
}
}
Validate landing pages and redirect chains before launch
Two targeted scans catch the issues that matter most before a campaign spends budget — redirect manipulation (integrity scan) and SSL certificate health.
Step 1 — integrity scan (redirect chains, broken links, HTTP headers)
POSTscannerapi.quttera.com/api/v3/{api-key}/integrity/scan/lp.partner-b.com.json
"report": {
"state": "DONE",
"headers_comments": [
"ALERT: HTTP security header 'Content-Security-Policy' is missing",
"ALERT: HTTP security header 'X-Frame-Options' is missing"
],
"links_alert": [
{
"alert": "redirection",
"url": "https://lp.partner-b.com/offer",
"redir_target": "https://suspicious-domain.ru/cread.php",
"http_status": "302"
}
]
}
Step 2 — SSL certificate health
POSTscannerapi.quttera.com/api/v3/{api-key}/ssl/scan/lp.partner-b.com.json
"report": {
"trusted": true,
"expired": false,
"expiration_days": 187,
"cert_issuer_o": "Sectigo Limited",
"state": "DONE"
}
Continuous post-approval monitoring
Poll status endpoints on a schedule. When state returns DONE, pull the full report and check scanner_result. Any result other than "clean" triggers your review workflow.
Step 1 — check scan status (poll until DONE)
GETscannerapi.quttera.com/api/v3/{api-key}/url/status/partner-c.com.json
"status": {
"state": "DONE",
"scanner_result": "suspicious",
"blacklisted": "yes",
"sensitivity": "HEURISTIC",
"url": "partner-c.com"
}
Step 2 — retrieve full report for flagged domain
GETscannerapi.quttera.com/api/v3/{api-key}/url/report/partner-c.com.json
"report": {
"state": "suspicious",
"malicious_files": 2,
"suspicious_files": 3,
"files": [
{
"filename": "partner-c.com/checkout.js",
"threat": "Malicious",
"threat_name": "Trojan.JS.Injection.gen",
"reason": "Injected script exfiltrating form data"
}
]
}
Score attribution risk before paying commission
Before releasing payout, run two checks — blacklist report across all authorities, and compliance scan mapped to PCI-DSS, SOC 2 and ISO 27001. Any violation flags the payout for review.
Step 1 — full blacklist report across all authorities
GETscannerapi.quttera.com/api/v3/{api-key}/blacklist/report/partner-d.com.json
"status": { "blacklisted": "yes", "url": "partner-d.com" },
"authority": [
{ "name": "Google Safebrowsing", "blacklisted": "yes" },
{ "name": "Phishtank", "blacklisted": "no" },
{ "name": "Yandex Safebrowsing", "blacklisted": "no" },
{ "name": "Quttera Labs", "blacklisted": "yes" }
]
Step 2 — compliance scan mapped to PCI-DSS / SOC 2 / ISO 27001
GETscannerapi.quttera.com/api/v3/{api-key}/compliance/report/partner-d.com.json
"report": {
"summary": {
"PCI-DSSv4.0": 4,
"SOC2": 4,
"ISO/IEC:27001": 6
},
"controls": {
"CC6.1": {
"info": { "standard": "SOC2",
"title": "Unauthorized Access Prevention" },
"violations": [
{ "threat_name": "Trojan.JS.Injection.gen.2DB",
"group": "Code Injection, Obfuscation" }
]
}
}
}
Live scan simulator — try it
Simulates the
url/scan → url/report flow using realistic API response structures.Scanning…
Live partner risk dashboard
Domain Malware scan Blacklist State
Approval Does Not Mean Ongoing Safety
Approval Does Not Mean Ongoing Safety
Affiliate networks review publishers at onboarding—but partner websites are dynamic.
Domains that appear clean during approval can later:
Domains that appear clean during approval can later:
- activate malicious redirects
- inject hidden scripts
- manipulate landing page behavior
- redirect users to unsafe destinations
Why This Matters for Affiliate Networks
When partner domains drift from safe to malicious:
- Advertisers escalate issues
- Campaigns are paused or terminated
- EPC and performance metrics degrade
- User trust is impacted
- Network reputation is at risk
The Affiliate Validation Gap
Traditional validation is static.
Affiliate ecosystems are dynamic.
Affiliate ecosystems are dynamic.
Approval ≠ ongoing safety
Risk appears after campaigns go live
No visibility between approval and conversion
Continuous Affiliate Network Risk Validation
Continuous Affiliate Network Risk Validation
Quttera provides continuous external validation of:
✓ Publisher landing pages
✓ Redirect chains
✓ Campaign URLs
✓ Browser-side behavior
During onboarding
Before campaign launch
Continuously after activation
Built for Network Quality and Compliance Workflows
Built for Network Quality and Compliance Workflows
-
Onboarding
Scan publisher domains before approval -
Campaign QA
Validate landing pages and redirect chains -
Live Monitoring
Detect post-approval behavior changes -
Pre-Payout Validation
Score attribution risk before commission approval
Structured Risk Signals for Fast Decisions
Reduces manual work and speeds decisions.
- Risk scoreEach partner, landing page, and redirect chain is assigned a structured risk score based on detected behavior, script activity, and domain reputation.
Scores are continuously updated as conditions change—giving your team a real-time view of partner risk. - Threat ClassificationDetected issues are categorized into clear threat types, including malicious redirects, injected JavaScript, cloaked content, and suspicious third-party behavior.
This allows teams to quickly understand the nature and severity of each risk. - Flexibility
Each risk signal includes a recommended action to support fast decision-making and consistent enforcement across the network.
✓ Approve
✓ Review
✓ Block
Used in High-Volume Affiliate Environments
Used by global affiliate platforms processing hundreds of partner domains daily
-
300-500
Domains validated daily -
10,000 +
Scans per month -
~ 90%
Reduction in manual review -
✓ No malicious redirects reaching users
✓ Continuous monitoring across all partners
✓ Risks detected before campaign impact
When partner domains drift from safe to risky:
- advertisers escalate issues
- campaigns are paused or terminated
- EPC and performance metrics degrade
- user trust is impacted
- network reputation is at risk
API-Based Integration
API-Based Integration
- Integrates into
onboarding pipelines
campaign QA workflows
monitoring systems
- Supportsreal-time + batch validation
structured responses
scalable inspection
Understand the Validation Model
Understand the Validation Model
Explore the full framework, threat models, and validation layers.
Close the Affiliate Validation Gap
Prevent malicious partners from entering—and staying—in your network.