Soycow: Website Address Obfuscation

Website Address Obfuscation:

Spammers love to harvest all of your public information (like your e-mail address), but they hate it when you try to track them down. One technique that spammers use to try to cover their tracks is to obfuscate any website addresses they list in their spam.

Below are some common website address obfuscation techniques used by spammers. All of the website addresses listed below should take you to http://www.google.com/. Note: Google may (will) change the IP address of their website at any time, so the examples below may (will) stop working at some point. Another note: not all of the examples seem to work on the Macintosh.

http://216.239.37.101/

The normal IP address representation of www.google.com.

http://0xd8.0xef.0x25.0x64/

The same IP address represented in hexidecimal format.

http://0330.0357.045.0144/

The same IP address represented in octal format.

http://472.495.293.356/

The same IP address with the number 256 added to each octet.

http://3639556452/

The same IP address represented as a dword. The dword in this example was constructed as so: (2563 * 216) + (2562 * 239) + (256 * 37) + 101.

http://www.yahoo.com@3639556452/

The same address as the one above, except this time a fake address is added before the '@' sign. Remember that web browsers will ignore anything before the '@' sign unless the web server is requesting authentication.

For more info:

A more comprehensive list of examples can be found at pc-help.org.

Add a comment