False Positive | uqr.to

[MauroCasula]

What are the subjects of the false-positive (domains, URLs, or IPs)?

• uqr.to

Why do you believe this is a false-positive?

I am Mauro Casula, CTO of QRCodeKit.com, responsible for the domain uqr.to. Your service is incorrectly flagging https://uqr.to/ as malicious. We request an immediate review and reclassification.

As a trusted URL shortener and QR generator used by Fortune 500 companies, governments, and institutions, blocking our entire domain disrupts legitimate operations.

We ask that:

• uqr.to be reclassified as a "URL Shortener" to prevent full-domain blacklisting. Only specific URLs be flagged, not the entire domain.
• We receive alerts at [email protected] when malicious activity is detected, allowing us to act immediately.

Given the high-profile nature of our clients, security and reliability are our top priorities, as millions of QR code scans depend on our domain’s uninterrupted operation.

Our Security Measures:

• Our platform is secured with HTTPS and hosted on Amazon Web Services (AWS).
• We have robust anti-phishing systems in place to ensure QR code integrity and prevent abuse.
• We are ISO 27001 certified, demonstrating our commitment to the highest standards of data protection and security.
• We kindly request that you review the reputation of qrkit.co and remove it from your blacklist. If any additional information is required to facilitate this review, I would be happy to provide it.

Please correct this classification urgently. Let me know if further details are needed.

Best regards,
Mauro Casula
CTO, Mobile Leaves CORP
https://qrcodekit.com

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

I discovered this false-positive by VirusTotal

Have you requested a review from other sources?

No, I'have not.

Do you have a screenshot?

No response

Additional Information or Context

I have also noticed that...

[spirillen]

Dude.... it's all trackware...

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>QR Code KIT </title>
    <meta name="viewport" content="initial-scale=1.0, viewport-fit=cover">
    <meta name="robots" content="noindex,nofollow">
    <meta name="norton-safeweb-site-verification" content="je75g434ghro3o05fpjwon2dr4vdnm38yv479phjmxggw0sxv0cizbop1a7gk3pf2cgec0x7x72k1fhgn-nyxu4kz7slsu5xkq7-tqi6gcwg-q8vx35nxugvcgo7qbax" />
    <meta name="norton-safeweb-site-verification" content="owddlf4dccjmrs7ywwrlmd6yazx219t3ttwl0czrucxe49xyquv0vj3u3qj6qx-24iidiuqb5nbfia1o2moa4q4d942n4ocvpawlswerdexgwfxt4gi28h8lbvyd5zkw" />
    <meta name="norton-safeweb-site-verification" content="ino4pkueggegziroc5xakzg1gfvnq43j7549qicgj36jmze7j6l81nnsbp3pk4o40ofcyafyrkkyx0l8l3u-con7t49oxn9wlpcls4og1ke3fhd2d56aa-ygcx5sh1dz" />


            

<script>
    var uqtdl = window.uqtdl || (window.uqtdl = []);

    uqtdl.push({
        "event": "qrPageView",
                            });

    setTimeout(function () {
        if (typeof redirectToContent === "function") {
            redirectToContent();
        }
    }, 5000);

</script>

    <!-- Google Tag Manager Production -->
    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
                new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
                j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
                '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
        })(window,document,'script','uqtdl','GTM-NSZ7GSJ');</script>
    <!-- End Google Tag Manager -->
    
    <link href="[//fonts.googleapis.com/css?family=Raleway:400,300,600](view-source:https://fonts.googleapis.com/css?family=Raleway:400,300,600)" rel="stylesheet" type="text/css">

    
    <link rel="shortcut icon" href="[/favicon.ico](view-source:https://uqr.to/favicon.ico)">
    <link rel="apple-touch-icon-precomposed" sizes="57x57" href="[/bundles/app/icons/apple-icon-57x57.png](view-source:https://uqr.to/bundles/app/icons/apple-icon-57x57.png)" />
    <link rel="apple-touch-icon-precomposed" sizes="72x72" href="[/bundles/app/icons/apple-icon-72x72.png](view-source:https://uqr.to/bundles/app/icons/apple-icon-72x72.png)" />
    <link rel="apple-touch-icon-precomposed" sizes="114x114" href="[/bundles/app/icons/apple-icon-114x114.png](view-source:https://uqr.to/bundles/app/icons/apple-icon-114x114.png)" />
    <link rel="apple-touch-icon-precomposed" sizes="144x144" href="[/bundles/app/icons/apple-icon-144x144.png](view-source:https://uqr.to/bundles/app/icons/apple-icon-144x144.png)" />
    
                        <link rel="stylesheet" href="[/css/compiled/qrfront3.css?v=5](view-source:https://uqr.to/css/compiled/qrfront3.css?v=5)"/>
            

            <link rel="stylesheet" href="[https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/css/intlTelInput.css?v3](view-source:https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.12/css/intlTelInput.css?v3)">
</head>
<body class="landing ">
        <!-- Google Tag Manager (noscript) Production -->
    <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-NSZ7GSJ"
                      height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
    <!-- End Google Tag Manager (noscript) -->


<div class="table-container">
    <div class="table-block first">
            Nothing to show here
    <br />
    <a href="[https://qrcodekit.com?utm_source=uqr.to&utm_medium=brand-network&utm_content=root-domain](view-source:https://qrcodekit.com/?utm_source=uqr.to&utm_medium=brand-network&utm_content=root-domain)" rel="nofollow">QR Code KIT</a>
    </div>
    <div class="table-block footer">
            </div>
</div>

<script defer src="[/bundles/app/js/svgxuse.js](view-source:https://uqr.to/bundles/app/js/svgxuse.js)"></script>
<script defer src="[https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015](view-source:https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015)" integrity="sha512-ZpsOmlRQV6y907TI0dKBHq9Md29nnaEIPlkf84rnaERnq6zvWvPUqr2ft8M1aS28oN72PdrCzSjY4U6VaAw1EQ==" data-cf-beacon='{"rayId":"91cf09438b82e507","serverTiming":{"name":{"cfExtPri":true,"cfL4":true,"cfSpeedBrain":true,"cfCacheStatus":true}},"version":"2025.1.0","token":"f35c540df01f4dda95f7f9ae49af7887"}' crossorigin="anonymous"></script>
</body>
</html>

[spirillen]

Comments

DNS Check

DNS lookup

fatima.ns.cloudflare.com.
rob.ns.cloudflare.com.

Known phishing records

What can you tell me about these records, known to us from the PD project?

Subject                                                                                              Status      Source     Expiration Date   HTTP Code  Checker       Tested At          
---------------------------------------------------------------------------------------------------- ----------- ---------- ----------------- ---------- ------------- -------------------
https://usps.com-trackuqr.top/i                                                                      INACTIVE    DNSLOOKUP  Unknown           Unknown    AVAILABILITY  08. Mar 2025 03:01:55
https://uqr.to/verificationprocesss6lq                                                               INACTIVE    STDLOOKUP  Unknown           404        AVAILABILITY  08. Mar 2025 03:01:55
http://uqr.to/1tqi1                                                                                  INACTIVE    STDLOOKUP  Unknown           404        AVAILABILITY  08. Mar 2025 03:01:55
http://uqr.to/applerzgy                                                                              INACTIVE    STDLOOKUP  Unknown           404        AVAILABILITY  08. Mar 2025 03:01:55

Execution Time: 00:00:00:45.867516



Status      Percentage   Amount      
----------- ------------ ------------
ACTIVE      0%           0           
INACTIVE    100%         4           
INVALID     0%           0

Verdict

Crimeflare, not touching it

---

Thank you for reaching out. I want to clarify that I am not the owner of this project nor user of it. I assist with the whitelisting of domains to the best of my ability, but I do this as an unpaid volunteer in my free time. Your understanding and patience are greatly appreciated.
Additionally, I would like to share that I occasionally struggle with a mild degree of PTSD, which means I tend to forget even small details, like did I have breakfast this morning. So please bare with me, if I'm loosing the thread sometimes. Your understanding and patience in this matter are greatly appreciated.

If you feel inclined to buy me a cup of coffee, it would certainly help speed up the process, but please know that it will not influence my decisions or verdicts in any way.

Additionally, I want to be very clear: I do not access any Cloudflare, CloudFront, or Google networks. This is a matter of principle for me, as I believe in upholding human rights, the right to online privacy, and network security. These services often intercept traffic to collect personally identifiable information (PII), which I believe compromises our autonomy and makes us all puppets to the big tech puppeteers.

Thank you for your understanding!

Best regards.

[MauroCasula]

Dear Spirillen,

First and foremost, we sincerely appreciate your time and efforts in reviewing our request. At QRCodeKit.com, we have been creating QR codes for over 10 years, constantly working to ensure that our short URLs are not misused for malicious purposes. The URLs you mentioned were blocked at the time they were reported, and, in fact, our domain does not appear in any phishing databases.

We do not understand the hesitation in adding uqr.to to a whitelist and using our established security channels to notify us in case of any abuse within our system. This is a process we have successfully implemented for years with various anti-phishing systems to help maintain online safety.

That being said, we have noticed that our original request has not been directly addressed. QRCodeKit.com serves hundreds of thousands of customers worldwide, including Fortune 500 companies and government institutions. Flagging our entire domain as malicious, without clear justification or concrete evidence, is a fundamental flaw in any security system that aims to combat phishing effectively.

We kindly reiterate our request:

• That uqr.to be correctly classified as a legitimate URL shortener rather than being fully blacklisted.
• That only specific URLs be reviewed and blocked if necessary, rather than applying a blanket ban on the domain.
• That we be notified of any suspicious activity at [email protected] so we can take immediate action.

So far, no valid reason has been provided to justify the blocking of our entire domain. The mentioned links are inactive and return a 404 error, which should not be grounds to classify a well-established and secure service as malicious.

We greatly appreciate the work being done to protect users online and are more than willing to collaborate to ensure the integrity of our domain. However, we kindly request a clear technical explanation for this classification and an immediate resolution.

Looking forward to your response.

Best regards,
Mauro Casula
CTO, Mobile Leaves CORP
https://qrcodekit.com/