For legit cover:
http://mcaf.ee
http://ow.ly/url/shorten-url
tinyurl.com
Here you can find some info about bad QR
https://appsec-labs.com/portal/security-assessment-of-mobile-qr-readers-%E2%80%93-a-comparison/
http://www.zdnet.com/blog/security/hackers-using-qr-codes-to-push-android-malware/9522
http://www.h-online.com/security/news/item/Android-trojan-hides-behind-QR-code-1353160.html
I like the idea of mixing the tracking of the victim IP with evil QRs
Warning:The example included live tracking of your IP.
For my example,I decided to take an article, about the new uses of QRs in Israel,this to get history background about the street names:
http://www.israelhayom.co.il/article/222131
lets make it short
http://mcaf.ee/jk7p0
until now it's seems legit..
now its the time to track it:
hXXp://blasze.tk/JSHM7K
from here you can track logs:
http://blasze.tk/track/WAUURZ/
Lets cover it with another shorten url service
hXXp://ow.ly/C5MTg
alternative (included QR ad a bonus)
hxxp://bit.do/ONE-PLUS-ONE-FREE-INVITE
From here you can track the logs
hXXp://bit.do/ONE-PLUS-ONE-FREE-INVITE-
Next step,lets see what Facebook did to my link
Sept. 29, 2014, 9:54 p.m. 37.187.88.123 Click to Map 37.187.88.123 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 ns3367955.ip-37-187-88.eu
Sept. 29, 2014, 9:59 p.m. 31.13.102.122 Click to Map 31.13.102.122 facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Sept. 29, 2014, 9:59 p.m. 31.13.102.122 Click to Map 31.13.102.122 facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Sept. 29, 2014, 9:59 p.m. 31.13.102.118 Click to Map 31.13.102.118 facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Solutions:
Be paranoid
Ill mention couple of services,which might be helpfull:
1. Unfurlr
(track the link redirecting
unfurlr.com
http://itunes.apple.com/us/app/unfurlr/id522402427?mt=8
https://play.google.com/store/apps/details?id=com.mailchimp.unfurlr&feature=nav_result#?t=W251bGwsMSwxLDMsImNvbS5tYWlsY2hpbXAudW5mdXJsciJd
2.Secure QR reader (you can read AppSec article)
3.https://www.virustotal.com
(focus on viruses more then tracking)
4.http://onlinelinkscan.com/(focus on viruses more then tracking)
P.S
As a tip, you might use an Iphone apps for emails, which allows you to track the reader IP, it's called iTrackMail.
Doing so,can give you the Geolocation of the target.
The solution,is to block images view in your iPhone/Android or any other phone. (as well as in your PC)
https://itunes.apple.com/app/id533886215?mt=8&ign-mpt=uo%3D4mail.com
http://mcaf.ee
http://ow.ly/url/shorten-url
tinyurl.com
Here you can find some info about bad QR
https://appsec-labs.com/portal/security-assessment-of-mobile-qr-readers-%E2%80%93-a-comparison/
http://www.zdnet.com/blog/security/hackers-using-qr-codes-to-push-android-malware/9522
http://www.h-online.com/security/news/item/Android-trojan-hides-behind-QR-code-1353160.html
I like the idea of mixing the tracking of the victim IP with evil QRs
Warning:The example included live tracking of your IP.
For my example,I decided to take an article, about the new uses of QRs in Israel,this to get history background about the street names:
http://www.israelhayom.co.il/article/222131
lets make it short
http://mcaf.ee/jk7p0
until now it's seems legit..
now its the time to track it:
hXXp://blasze.tk/JSHM7K
from here you can track logs:
http://blasze.tk/track/WAUURZ/
Lets cover it with another shorten url service
hXXp://ow.ly/C5MTg
alternative (included QR ad a bonus)
hxxp://bit.do/ONE-PLUS-ONE-FREE-INVITE
From here you can track the logs
hXXp://bit.do/ONE-PLUS-ONE-FREE-INVITE-
Next step,lets see what Facebook did to my link
Sept. 29, 2014, 9:54 p.m. 37.187.88.123 Click to Map 37.187.88.123 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11 ns3367955.ip-37-187-88.eu
Sept. 29, 2014, 9:59 p.m. 31.13.102.122 Click to Map 31.13.102.122 facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Sept. 29, 2014, 9:59 p.m. 31.13.102.122 Click to Map 31.13.102.122 facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Sept. 29, 2014, 9:59 p.m. 31.13.102.118 Click to Map 31.13.102.118 facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)
Solutions:
Be paranoid
Ill mention couple of services,which might be helpfull:
1. Unfurlr
(track the link redirecting
unfurlr.com
http://itunes.apple.com/us/app/unfurlr/id522402427?mt=8
https://play.google.com/store/apps/details?id=com.mailchimp.unfurlr&feature=nav_result#?t=W251bGwsMSwxLDMsImNvbS5tYWlsY2hpbXAudW5mdXJsciJd
2.Secure QR reader (you can read AppSec article)
3.https://www.virustotal.com
(focus on viruses more then tracking)
4.http://onlinelinkscan.com/(focus on viruses more then tracking)
P.S
As a tip, you might use an Iphone apps for emails, which allows you to track the reader IP, it's called iTrackMail.
Doing so,can give you the Geolocation of the target.
The solution,is to block images view in your iPhone/Android or any other phone. (as well as in your PC)
https://itunes.apple.com/app/id533886215?mt=8&ign-mpt=uo%3D4mail.com