Report a malicious QR code

Found a QR code that leads to phishing, scams, or other harmful content — and you believe it was made with this site? Here is what we can do, what we cannot, and who can actually help.

What we cannot do (and why)

QR Code Zebra generates static QR codes: the destination address is encoded directly into the printed pattern. There is no account behind a code, no redirect through our servers, and no record of who created it — by design, the same property that protects every legitimate user's privacy.

That means we cannot disable an existing QR code. The code is, in itself, just the destination URL written as squares. Disabling it would require controlling the destination website, which we do not.

Who can take it down

• Google Safe Browsing — report the destination URL at safebrowsing.google.com. This gets the URL flagged in Chrome, Safari, and most scanners — usually the fastest, most effective action.
• The destination's hosting provider — a WHOIS lookup of the domain shows the host; most have an abuse contact that can remove phishing content.
• Your national CERT — most countries run a computer emergency response team that handles phishing reports (e.g. CERT PL, US CISA).

What we will do

If you email us the decoded destination URL and where you found the code, we will document the report and cooperate with any lawful investigation. Our terms of service prohibit using the generator for phishing, impersonation, or unlawful content.

Tip: you can safely see where a code leads without opening it using our browser-based scanner — it shows the destination and flags lookalike domains.

Contact: via the contact page. Include the decoded URL, a photo of the code if possible, and where it was posted.