1. Most “safe browsing” browser features do this to some extent
2. Any browser or mail extension with access to the URL might also do this
(1) and (2) might be done by remote servers, even in remote countries.
This is one of the reasons why you should avoid magic links (like login links or bearer tokens like S3 signed URLs), because you may inadvertently be handing them to other parties.
1. Most “safe browsing” browser features do this to some extent
2. Any browser or mail extension with access to the URL might also do this
(1) and (2) might be done by remote servers, even in remote countries.
This is one of the reasons why you should avoid magic links (like login links or bearer tokens like S3 signed URLs), because you may inadvertently be handing them to other parties.