Request to Unblock domains - qrcodes.pro, qr-codes.io, qr.tapnscan.me, linkpages.pro #997

arp-joy · 2025-01-07T05:43:19Z

What is the problem you are experiencing?

I am experiencing a problem where...

Your security solution has flagged our domain URL [mentioned below], owned by Uniqode, as a phishing/malware site. This is causing significant issues for our users, preventing them from accessing the domain through various network providers.

Please note that thousands of enterprise customers rely on us for our service. We service over 50000 customers who rely heavily on our service. This significantly impacts our business, millions of users scanning our secure QR codes, and businesses that own those QR Codes.

We kindly request your assistance whitelisting the blocked domain and restoring full access for our users. We are a SOC® 2, ISO27001, and GDPR-compliant provider of QR Code codes known by the name Uniqode (uniqode.com), and you can find additional details on our trust portal (http://trust.uniqode.com). We already have our security infrastructure, which is continuously removing malicious URLs from our system. Please let me know if you need more information to get this sorted.

How can we reproduce the problem?

To reproduce the problem:

Log in to VirusTotal at https://www.virustotal.com.
Go to the URL tab and enter the blocked URLs (qrcodes.pro, qr-codes.io, qr.tapnscan.me, linkpages.pro).
Press Enter.
You'll see a list of vendors blocking the URL.

Do you have a screenshot?

Screenshot

What did you expect to happen?

Could you please take the necessary action to unblock the domain when you can?

Is there a workaround?

There is none at the moment because the vendor has to unblock this.

Additional context

NA

Log information

Click to expand

Paste your log file here between the back tics.

The text was updated successfully, but these errors were encountered:

emidaniel · 2025-01-07T08:28:22Z

The second one (qr-codes.io) is often abused by phishers generating thousands of Google Docs drawings and presentations with redirects to Amazon phishing pages.

Redirection is active, destination is down:
https://www.phishtank.com/phish_detail.php?phish_id=8929741
https://www.phishtank.com/phish_detail.php?phish_id=8929740
https://www.phishtank.com/phish_detail.php?phish_id=8823393
https://www.phishtank.com/phish_detail.php?phish_id=8807812

Both active:
https://qr-codes.io/Vooiuu -> https://renewaccmangesupportpaymentsverifyng.madad.org.in/?yyy
https://www.phishtank.com/phish_detail.php?phish_id=8930922
https://www.phishtank.com/phish_detail.php?phish_id=8930921

spirillen · 2025-01-07T15:19:24Z

@emidaniel thanks a bunch for your comment ❤️

We service over 50000 customers who rely heavily on our service. This significantly impacts our business

Can't care less as long you serves badware, like at all!!

I find a bunch of records in the database, and I'm not gonna test them all. Those tested, are found clean.

http://qr-codes.io/OTGhjI
http://qrcodes.pro/2902
http://qrcodes.pro/31s7qr
http://qrcodes.pro/CQhwrl
http://qrcodes.pro/HAi1TD
https://linkpages.pro/2RTZ8b
https://linkpages.pro/bI8ipp
https://linkpages.pro/GoUS1j
https://linkpages.pro/Iy1kOK
https://linkpages.pro/SY5UmL
https://linkpages.pro/uiTYAx
https://linkpages.pro/x9kyjq
https://linkpages.pro/zSijX1
https://qr-codes.io/FPtfeE
https://qr-codes.io/ls68tr
https://qr-codes.io/LwFxFm
https://qr-codes.io/OTGhjI
https://qr-codes.io/qDQypH
https://qr-codes.io/qsp3t4
https://qr-codes.io/td2EYv
https://qr-codes.io/TEIyq5
https://qr-codes.io/unPek2
https://qr-codes.io/vIFxV3
https://qrcodes.pro/17GXSe
https://qrcodes.pro/agUoL3
https://qrcodes.pro/BpDxs8?mc_phishing_protection_id=28048-cktj4qn9a9tcqlnjamo0
https://qrcodes.pro/ClJz4a?preview=true
https://qrcodes.pro/cppi90
https://qrcodes.pro/H64Kyu
https://qrcodes.pro/HmIp5F
https://qrcodes.pro/Irm1yA
https://qrcodes.pro/kOYq0l
https://qrcodes.pro/kVGKdO
https://qrcodes.pro/LCEnmI
https://qrcodes.pro/oU3Zib
https://qrcodes.pro/Pr3ypZ
https://qrcodes.pro/PSRZfk?mode=resetPassword&oobCode=8_X-7pF2vdAnRC9hTegvsbR2-fh68z0tHgxuMwi1Aq8AAAGMuwc-DQ&apiKey=AIzaSyDm9HNCkqXzZ9Ra27sijNt6JEBuUEu18bI&lang=en
https://qrcodes.pro/R8vjPy
https://qrcodes.pro/securedattachments
https://qrcodes.pro/txK5BG
https://qrcodes.pro/yVtztw
https://qrcodes.pro/YWeAig
https://qrcodes.pro/ztCYTS
https://qr.tapnscan.me/31s7qr
https://qr.tapnscan.me/74pn1Z
https://qr.tapnscan.me/e33385bbf1a841b095cd0a443162272faqsedge
https://qr.tapnscan.me/HrpAKo
https://qr.tapnscan.me/N?preview=true
https://qr.tapnscan.me/S3v8FQ

However, as to all other redirection/URL_shorten, I say the same, make proper HTTP code 410, when a link no longer are active, or will be activated.

I will work toward, to make a special rule to @PyFunceble once you response with http code 410

HTTP response status codes 410 Gone
Indicates that the resource requested was previously in use but is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_client_errors

I'm not adding any more URL_shorten service to the whitelist, this is only the potential evil path, to have you target, by even more evil forces, if you become a safe heaving for PuPs, phishing, malicious etc.

Team note: this is related to https://github.com/orgs/Phishing-Database/discussions/4

phishing-database-bot · 2025-05-04T09:21:43Z

Closing.

Domain(s) or IP(s) not found in the Phishing.Database project: qr-codes.io, linkpages.pro, qr.tapnscan.me, qrcodes.pro.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

arp-joy added the bug Something isn't working label Jan 7, 2025

arp-joy assigned funilrys and mitchellkrogza Jan 7, 2025

github-project-automation bot moved this to 🆕 New in Phishing Database Backlog Jan 7, 2025

github-project-automation bot added this to Phishing Database Backlog Jan 7, 2025

spirillen added WIP and removed bug Something isn't working labels Jan 7, 2025

phishing-database-bot added the false positive Should not be listed label Apr 26, 2025

phishing-database-bot closed this as completed May 4, 2025

github-project-automation bot moved this from 🆕 New to ✅ Done in Phishing Database Backlog May 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Request to Unblock domains - qrcodes.pro, qr-codes.io, qr.tapnscan.me, linkpages.pro #997

Request to Unblock domains - qrcodes.pro, qr-codes.io, qr.tapnscan.me, linkpages.pro #997

arp-joy commented Jan 7, 2025

emidaniel commented Jan 7, 2025 •

edited

Loading

spirillen commented Jan 7, 2025

phishing-database-bot commented May 4, 2025

Request to Unblock domains - qrcodes.pro, qr-codes.io, qr.tapnscan.me, linkpages.pro #997

Request to Unblock domains - qrcodes.pro, qr-codes.io, qr.tapnscan.me, linkpages.pro #997

Comments

arp-joy commented Jan 7, 2025

What is the problem you are experiencing?

How can we reproduce the problem?

Do you have a screenshot?

What did you expect to happen?

Is there a workaround?

Additional context

Log information

emidaniel commented Jan 7, 2025 • edited Loading

spirillen commented Jan 7, 2025

phishing-database-bot commented May 4, 2025

emidaniel commented Jan 7, 2025 •

edited

Loading