Looks like Google just removed us from the blacklist. Maybe somebody from Google saw this or maybe I got reviewd quickly but I couldn't be happier.
Here are a few things I did
- Removed all inline images (As mentioned in my other comments a lot of virus sites were tagging me base64 embedded due to inline images)
- Disabled test uploads for now. I will probably make the test file expire after 2 mins and never host them on the same domain
- Moving the external scripts to another domain. You never know what can get you blacklisted so best to keep customer facing part separate from main domain.
I cannot be more thankful to all the people who replied and offered suggestions. You guys rock!
P.S. In case you guys still seeing the red screen of death, please let me know.
If that is the case, that is where you are vulnerable. Free hosting of a file at a trusted domain is worth something.
If people are not intended to be able to download their test files, check your logs, someone might have found a way around it.
That's the best I can think of.
I will probably delete files after 2 mins instead of 24 hours.
Another option is I ask for credit card details before I let them try the demo. This can get rid of letting anyone misusing the demo features.
Where does the upload go when your customers use it on their site though? Maybe what's deceptive is that if HN shows an upload area in an iframe or whatever, and I upload something, I expect that I'm giving it to HN, but really it's gone straight to you at Uploader.win?
(Fwiw I also think uploader.win is not a great name, your search result looks like it's a good tool, but the name sounds sort of scammy, like the kind of thing you'd get if you searched 'free download exe' or something.)
Also it always opens-up a file popup so it can't be used deceptively.
Regarding the name it's short form of 'Uploader window' like Filer Picker. Really can't do much about that.
Thanks for helping it in reporting it as incorrect.
One thing I did notice, is that you have your jpg's inline. McAfee and other virus protection apps are completely trigger happy anytime you encode a substantial amount of "code" (yes it's an image). I would try removing the inline images and linking them and see if that makes any difference.
Yes I too believe this could be one of the cause as I've mentioned below in another comment, virustotal site says 'base64-embedded'.
Those are just svg images I've embedded in the html to reduce the number of requests. But I'm not taking chances and making them seperate files.
FYI your domain seems to be blacklisted by Firefox, McAfee, Sophos among others 
Here is a screenshot of webmaster tools(1). The pages it lists are html pages and I've checked the source code and there are no script or anything on them.
Also the virustotal site says 'base64-embedded'. Those are just svg images I've embedded in the html to reduce the number of requests. That can't be a trigger right?
They're telling people that your business is dangerous and could harm them.