Interesting spam... [Archive]

vizi

02-20-2001, 01:16 AM

Here's an interesting spam I got. The link told me to click on this: http://839.88.74.38-arhblto-dvxmt-hlpadwy.htm@00000000320.00000000223.0000000050.00000000146/

That is one hell of an address. Whats interesting is that http://00000000320.00000000223.0000000050.00000000146/ is a real address. I later found out it resolves to 208.147.40.102. I never saw an address as messed up as that above. Anyone have any idea what format thats in?

Chicken

02-20-2001, 02:15 AM

Yeah, there are conversions you can do but I don't post them on public boards (partly because I'd have to look through a million favorites to find it, and partly because it might be one of those things that shouldn't be posted).

projo

02-20-2001, 02:26 AM

It appears to be octal.

3x64 + 2x8 + 0x1 = 208 decimal
2x64 + 2x8 + 3x1 = 147

I leave the rest for you.

Gary

dektong

02-20-2001, 02:33 AM

Originally posted by vizi
That is one hell of an address. Whats interesting is that http://00000000320.00000000223.0000000050.00000000146/ is a real address. I later found out it resolves to 208.147.40.102. I never saw an address as messed up as that above. Anyone have any idea what format thats in?

Gee... I just know that this is possible!

It's an octed base system. From the conversion you gave:
208 (decimal) -> 320 (octet)
147 (decimal) -> 223 (octet)
40 (decimal) -> 50 (octet) ---> the clearest indication that octet based number is being used
102 (decimal) -> 146 (octet)

I found at that to access this octed based number, you need to type in at least one zero in front of the octet numbers (any additional zeroes still mean zero). For example: I have an IP pointing to http://216.74.122.43/, which I can access using octet based system as http://0330.0112.0172.053/, http://330.112.172.53/ (without the zeroes) will of course bring you nowhere (unless IPv6 is already implemented).

Hope this helps...

cheers,
:beer:

JTY

02-20-2001, 02:41 AM

cool.... although I do hate spam....

Lawrence

02-20-2001, 03:15 AM

I think sticking zeros in front of octal numbers is a fairly standard programming thing. And if you stick a one in front I think you get negative numbers.

I tried it in hexadecimal and it didn't work (unless you use something other than 0x to prefix them):

http://0xD0.0x93.0x28.0x66

Perhaps I'm just a little too adventurous with that one... :D

Duster

02-20-2001, 03:51 AM

The reason for the masked IP address is to slip through spam filters that block their IP address. A few spammers are really clever and pioneer dirty tricks such as this one. These are the ones that collectively, have about 98% of the IQ points of the entire spammer population.