Hexadecimal IP Addresses, the Latest Spam Strategy

One of the most frequent problems that we can see on the Internet is Spam. It is very present when we receive emails, surf the net, enter social networks … Sometimes it can just be abusive, annoying advertising, but at other times it can even be a danger to the security of the equipment. In this article we echo a new trick in which they use hexadecimal IP addresses .

They use hexadecimal IP addresses to improve Spam

The formulas that we find to detect spam are improving more and more. Mail services have more modern features to filter spam, abusive advertising on social networks is more controlled by the platforms themselves, messages from bot profiles, etc.

Hexadecimal IP Addresses

However, hackers are also constantly perfecting their techniques to achieve their goals. We are talking about attacks on the network or, as in this case, improving Spam. This time they have used a new trick in which they use hexadecimal IP addresses to achieve it.

What does this mean? Instead of the domain appearing as we read and write it, it would appear in hexadecimal . The hack is based on a quirk of RFC791, a standard that describes the Internet Protocol (IP).

Within the technical details we can say that basically RFC791 is the standard that describes how IP addresses are seen. For the most part, we know them in their most common dotted decimal address form (for example, 192.168.0.1). But of course, these addresses can also be written in other formats: octal, DWORD and hexadecimal.

What it does in the latter case is to convert each decimal number of the IP into hexadecimal. Now a group of spammers have proven that this is possible and have taken advantage of it. What they have done is use hexadecimal IP addresses for their Spam campaigns. This is something they have been doing for two months.

Cómo recopilan nuestra dirección para enviar spam

Emails with links to your Spam sites

Otherwise it is not very different from spam in general. What they do is send emails with links to their Spam sites, but this time instead of carrying the common domain name (www.web-page.com) it carries a URL that looks strange to users, but that is effective to avoid filters .

Spammers host the entire structure on those hexadecimal IP addresses . Browsers can interpret these IP addresses and therefore load the sites, however it seems that this trick is enough to pass certain filters.

As we can see, once again they have found a way to bypass security measures or, as in this case, filters to detect spam. It is vital that we always keep in mind the importance of protecting our systems and not making mistakes that compromise us.

We leave you an article where we talk about AnonAddy, an open source tool to prevent Spam. It is one more way to deal with this problem that can compromise us in the network.