MalwareTips
Security Review

Is qr.link legit or a scam?

Our verdict:Dangerous· 25/100

Legitimate QR redirect service with documented use in phishing attacks; the domain itself is safe but individual shortened URLs may be malicious.

Top reasons
Three antivirus engines flag the domain as phishing, indicating known association with phishing campaigns.Documented use of qr.link short URLs in a quishing (QR code phishing) attack reported by Trellix in 2023.Short URL redirect service can be weaponized by attackers to mask malicious destinations behind QR codes.
qr.linkScanned 8h ago
Post Facebook
0
Trust score
DANGEROUS
Heuristics 0·MT 42
Category tags
qr code redirect service#Phishing72% MT confidence
Technical red flags (1)
3 of 92 engines flagged

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
3/92
Engines flagged this URL
Domain Age
8 years old
Registered Aug 1, 2018
MT Intelligence
Suspicious
Moderate likelihood · 72% confidence
DANGEROUS

Critical risk detected

3 of 92 antivirus engines flag this page as malicious. Multiple independent checks — antivirus engines, browser safety blocklists, and threat databases — flagged this site. Don't enter personal information, deposit money, or download files.

Website Preview

Screenshot of qr.link
LIVE RENDER
qr.link
1Professional, consistent branding with QR.io logo and green color scheme throughout the page

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

8
/ 100
Low visual risk

Visual red flags detected in the screenshot

The page presents as a legitimate informational landing page for QR.io's qr.link product, with professional design, standard footer links, and no observable scam indicators.

Visual risk8/100

What our vision model saw

5 signals

Professional, consistent branding with QR.io logo and green color scheme throughout the page

Footer contains standard legal links (Terms, Privacy, Report Abuse, Contact Us) and social media icons

Copyright notice references DENSO WAVE INCORPORATED trademark acknowledgment, indicating legitimate QR code service awareness

Page explains qr.link as a dynamic QR code product of QR.io — informational content with no urgency or pressure tactics

No suspicious forms, countdown timers, fake trust badges, or credential-harvesting elements visible

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Moderate scam likelihoodengineMT · Guardiantrust42/100
MT AgentLive web researchVisual inspection
0%
Confidence
qr.link is a 7.9-year-old domain operated by QR.io to create and track dynamic QR codes. The landing page is professionally designed, contains no credential-harvesting forms, and clearly explains the service's purpose. However, three antivirus engines flag the domain as phishing or malicious, and our research found a documented instance where a qr.link short URL was used in a quishing (QR code phishing) campaign reported by Trellix in 2023. The domain itself is not a scam, but its shortener functionality makes it a vector for phishing attacks — attackers can create QR codes that redirect to credential-theft pages while the qr.link domain remains legitimate. The lack of business registration details and the absence of dedicated scam reports suggest the domain operates as a service provider rather than a direct fraud operation. The moderate risk stems from the documented phishing use case, not from the landing page or operator intent.
Full dossier
Analysis complete

Page Content

The landing page is an informational resource explaining qr.link as a dynamic QR code product. It contains professional branding, a clear value proposition, and standard footer links (Terms, Privacy, Report Abuse, Contact Us). No login forms, countdown timers, fake trust badges, or pressure tactics are present. The page explicitly credits QR.io as the operator and links to their main service for code creation.

Infrastructure

The domain uses valid SSL (Google Trust Services, 55 days to expiry), is hosted on IP 172.67.164.79 with a clean abuse score (0/100), and has no reported abuse history. The hosting infrastructure shows no signs of compromise or malicious operation.

Domain History

Registered 2877 days ago (~7.9 years) via Namecheap with privacy protection disabled. The long registration history and stable operation indicate a mature service, not a newly-created fraud domain. No homoglyph, IDN, or cross-domain redirect tricks detected.

Web Reputation

Three antivirus engines (Chong Lua Dao, Criminal IP, Gridinsoft) flag the domain as phishing or malicious. Browser blocklists are clean. Our research identified one documented instance of a qr.link short URL used in a quishing campaign (Trellix, 2023). No dedicated scam reports, complaints, or negative reviews targeting qr.link itself were found. The flagging likely reflects the domain's known use as a phishing vector rather than malicious operation of the landing page.

Risk Factors
5
  • Three antivirus engines flag the domain as phishing, indicating known association with phishing campaigns.
  • Documented use of qr.link short URLs in a quishing (QR code phishing) attack reported by Trellix in 2023.
  • Short URL redirect service can be weaponized by attackers to mask malicious destinations behind QR codes.
  • No business registration or legal entity details found; domain operates as a service provider without public ownership transparency.
  • No contact email, phone, or postal address listed on the landing page.
Positive Signals
5
  • Domain age of 2877 days indicates long-term, stable operation as a legitimate QR code service.
  • Professional page design with consistent branding, legal footer links, and trademark acknowledgment.
  • Valid SSL certificate and clean hosting IP reputation (0 abuse reports).
  • Landing page contains no credential-harvesting forms, malware, or scam indicators.
  • Explicitly credits QR.io as the operator and provides clear service explanation.
AI Recommendation
Do not enter sensitive information on qr.link itself — the landing page is safe. However, exercise caution when scanning QR codes from untrusted sources, as qr.link short URLs can redirect to phishing pages. If you encounter a qr.link URL in an unexpected context (unsolicited email, poster, text), verify the sender's legitimacy before scanning.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for qr.link, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
7.9 yrs
Registered Aug 2018
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
1 scam report
Key findings
7 headline facts from open-web research
  • qr.link is a short domain operated by QR.io for dynamic QR codes that redirect to websites, landing pages, or app content while tracking scans.
  • The landing page at https://qr.link/ explicitly states it is brought to you by QR.io and links to qr.io for creation.
  • One documented instance in a 2023 Trellix report lists a qr.link short URL (qr.link/UJTwgC) as part of a quishing/phishing campaign.
  • No dedicated scam reports, Trustpilot, ScamAdviser, or Reddit threads specifically targeting qr.link as malicious were found.
  • QR.io itself has multiple user complaints (Reddit, ProductHunt) about deceptive free-to-paid model where dynamic codes deactivate after a trial, requiring subscription.
  • Domain age of 2877 days (~7.9 years) indicates it has been in use long-term as a QR redirect service.
  • General rise in quishing scams documented across FTC, news, and security blogs, but no specific tie to this domain beyond the single IoC.
Scam reports (1)
Direct quotes from public scam databases, forums, and news.
  • Trellix Researchopen

    "hxxps:// qr[.]link /UJTwgC"

Research summary
Narrative write-up from our AI analyst, grounded on the facts above

Our research found one documented instance of a qr.link short URL weaponized in a phishing attack (Trellix, 2023). However, no dedicated scam reports, consumer-review sites, or complaints specifically targeting qr.link as a fraudulent service were identified. The domain operates as a legitimate QR code shortener; the phishing risk stems from the service's redirect functionality being misused by attackers, not from the operator's intent. QR.io (the parent company) has received user complaints about a deceptive free-to-paid model, but this is a separate business practice issue unrelated to qr.link's core function.

Antivirus Engines

Detection matrix · live
3 engines flagged this URL

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. Each detection is listed below by engine name — even a single hit is a meaningful signal.

3Malicious0Suspicious57Harmless92Engines
0
of 92
Chong Lua Dao
Malicious· malicious
Criminal IP
Malicious· phishing
Gridinsoft
Malicious· phishing

3 antivirus engines flagged this URL. Even a single detection is a meaningful signal — treat this site with extra caution and avoid entering credentials, payment info, or downloading any files.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles3
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.
  • Links to 3 social profiles.

Domain & Encryption

Domain History
Age8 years old
RegistrarNAMECHEAP
RegisteredAug 1, 2018
ExpiresAug 1, 2026
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerGoogle Trust Services · WE1
ExpiresAug 12, 2026 (55d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS
Web servercloudflare

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://qr.link/
  • 2200https://qr.link/

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Avoid this site

Our automated review flagged enough risk that you should treat this site as unverified.

  • Do not interact with qr.link

    Do not enter credentials, deposit money, download files, or install browser extensions from this site.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
ListedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

qr.iox.comfacebook.comlinkedin.comwhos.amung.usstatic.cloudflareinsights.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review flags qr.link as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
  • No — qr.link scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
  • Yes. qr.link presents a valid TLSv1.3 certificate issued by Google Trust Services · WE1, expiring in 55 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • qr.link is 7.9 years old, registered on 8/1/2018 through NAMECHEAP. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • 3 out of 92 antivirus engines in our malware network flagged qr.link as malicious or suspicious (3 outright malicious). Even one detection is a meaningful signal.
  • No. qr.link is not currently listed on the major browser blocklist feeds that modern browsers use.
  • qr.link resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 17, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around qr.link have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·qr.link
DANGEROUS

qr.link is a legitimate QR code shortener operated by QR.io, but the domain has been weaponized in documented phishing campaigns. While the landing page itself is safe, short URLs from this service can redirect to malicious content.

Do not enter sensitive information on qr.link itself — the landing page is safe. However, exercise caution when scanning QR codes from untrusted sources, as qr.link short URLs can redirect to phishing pages. If you encounter a qr.link URL in an unexpected context (unsolicited email, poster, text), verify the sender's legitimacy before scanning.

AV engines
92
MT passes
2
Net signals
1
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Dangerous reports

Browse all reports
Dangeroustrust1
login.offlcecommonauthcommonportal.click
23m ago
Read the review
Dangeroustrust1
thesofaairdrop.pages.dev
23m ago
Read the review
Dangeroustrust1
e-kmj.org
1h ago
Read the review
Dangeroustrust1
activationmobile.top
1h ago
Read the review
Dangeroustrust16
sageonlinesolution.com
1h ago
Read the review
Dangeroustrust42
annas-archive.is
1h ago
Read the review
Dangeroustrust1
niwayosisaiseki.com
1h ago
Read the review
Dangeroustrust1
pl27830620.effectivegatecpm.com
2h ago
Read the review
Dangeroustrust49
mystrikingly.com
3h ago
Read the review
Dangeroustrust18
special-girls.com
4h ago
Read the review
Dangeroustrust1
allegrolokalnie.prywatne-ogloszenie830102.shop
5h ago
Read the review
Dangeroustrust1
hnghnff.weebly.com
5h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.