Understanding Alerts
Learn what the different RedPhish alerts and warnings mean and how to respond to them.
Last updated: February 2026Types of Alerts
RedPhish uses different alert types depending on the threat detected. This page explains each type and what action you should take.
Unsafe Link Badge
What It Looks Like
A red warning badge appears next to links that lead to known malicious destinations. The link text is grayed out and clicking is disabled.
What It Means
The link destination has been identified as malicious by threat intelligence. This could be a phishing site, malware distribution point, or known scam page.
What to Do
- Do not try to visit the link
- If you expected the link to be legitimate, verify the URL carefully
- If someone sent you this link, let them know it may be compromised
- Report the link if you believe it is incorrectly flagged
Social Engineering Site Block
What It Looks Like
A full-page overlay with a red shield icon and a warning title. The page content is hidden behind the warning to prevent you from interacting with the deceptive content.
What It Means
RedPhish detected a social engineering attack designed to trick you into running malicious commands on your computer. These attacks often disguise themselves as verification steps or security checks, but their real purpose is to install malware on your system.
What to Do
- Click "Go Back Safely" to leave the page
- Do not follow the instructions on the blocked page
- If you already ran a command, disconnect from the internet and run a security scan
- Consider how you reached this page (suspicious email, ad, or link) and avoid similar sources
Technical Details
The warning includes a "Technical Details" section you can expand. This information is useful if you want to report a false positive.
Parked Domain Warning
What It Looks Like
A full-page overlay with a red shield icon and the title "Parked Domain Page Detected". Similar appearance to the social engineering block but with different messaging.
What It Means
The page appears to be a parked domain showing generic ads or placeholder content. Parked domains are often used in phishing campaigns because attackers can quickly register many domains.
What to Do
- Click "Go Back Safely" to leave the page
- Do not click any links on parked pages
- If you expected to reach a real website, double-check the URL for typos
- If a link from an email led you here, the email may be a phishing attempt
Quota Exceeded Banner
What It Looks Like
A red banner at the top of web pages with the message "Scan limit reached. Upgrade your plan to keep RedPhish protection active." An "Upgrade Plan" button appears in the banner.
What It Means
You have used all the scans included in your current plan. Protection is paused until your quota resets (at the start of your next billing cycle) or you upgrade to a higher plan.
What to Do
- Click "Upgrade Plan" to see your options
- Or wait until your next billing cycle when your quota resets
- Be extra cautious while browsing without protection
Gray Toolbar Icon
What It Means
Protection is not currently active. This is not an alert per se, but an important status indicator.
Common Causes
- You are not signed in
- Your subscription has expired
- Your scan quota is exceeded
- There is a network connectivity issue
What to Do
Click the toolbar icon to see your status and resolve the issue. The popup will show what is preventing protection from being active.
False Positives
No detection system is perfect. If you believe a site was incorrectly blocked:
- Check the technical details in the block page
- Verify the URL is exactly what you expected
- Contact RedPhish support with the URL and detection details
We continuously improve our detection to reduce false positives while maintaining strong protection.
Related Topics
Was this helpful?
