Tuesday, September 13, 2011

Obscuring a URL

Have you ever encountered a Web page address that looked like this: http://209.143.212.20/?

Yes? It was featured prominently in spam you got? Well, of course.

And of course you thought that spammers are so stupid they cannot even type a numerical URL right. Out of curiosity, you followed the link nonetheless -- and it worked!

Why do spammers use such obscure URLs instead of their normal, easy to remember alphanumeric form (in which the URL above would read http://about.com//)? They do not want you to remember them. They do not even want you to know them.

If they used regular notation for URLs, they could easily be identified via a whois query that lists who owns a domain name. This is why they try to hide by applying all kinds of tricks to their domain name.

As you probably know, when you type a domain name (like "about.com") in your browser's address field and press enter, the browser translates that easy to remember name into a series of numbers called an IP address. The IP address for "about.com" is "209.143.212.20", for example.

Your browser does not only translate the usual domain names to IP addresses, it can also translate other strings to the same IP address. One example is "20695733268", which also turns out to become "209.143.212.20" as well. There are a number of tricks you play on a domain name and still have the Web browser translate it to the same IP address (although some modifications do not work with all browsers).

If your browser can translate the obscure URLs used by spammers into IP addresses that make sense, you can do that, too. Then you can get the domain name corresponding to the IP address, and you can complain to the spammer's ISP.

Please check out this website (http://www.pc-help.org/obscure.htm) and try obscuring the Bunker Hill webpage address. Post your results here.
Posted by at

12 comments:

  1. Monica PooleSeptember 13, 2011 at 3:02 PM

    Stuff here.

    ReplyDelete
  2. AnonymousSeptember 13, 2011 at 3:07 PM

    rob here

    http://bit.ly/abGjzp

    ReplyDelete
  3. Observant CommuterSeptember 13, 2011 at 3:13 PM

    Well, I used funkyfilters.com (just playing around) and it converted it to http://3493896546

    BUT when I click on that I get a 400 Bad Request. Further research is needed...

    ReplyDelete
  4. AnonymousSeptember 13, 2011 at 3:32 PM

    vinny here

    ReplyDelete
  5. Observant CommuterSeptember 13, 2011 at 3:34 PM

    Best I can do for now is http://tinyurl.com/6jo95gs

    ReplyDelete
  6. Loudmouth SquawkboxSeptember 13, 2011 at 3:42 PM

    www.yahoo.com@208.64.161.98

    -Marie

    ReplyDelete
  7. ommederiSeptember 13, 2011 at 7:16 PM

    http://snurl.com/v4fcz

    ReplyDelete
  8. Guy with Toothpick AKA CarlSeptember 13, 2011 at 9:36 PM

    http://1208929383/ It is merely the Dword for google I have decided that obscuring the url to bhcc website is a lost cause.

    http://tinyurl.com/Notblackboard
    And a url shortener that brings you right back to here

    ReplyDelete
  9. J.Sacco1990September 13, 2011 at 10:36 PM

    http://1249735016@1249735016 < google

    ReplyDelete
  10. AnonymousSeptember 15, 2011 at 12:29 AM

    rob, here
    bunker%2Eded%2Etechevolution%2Ecom

    ReplyDelete
  11. sbenson09September 15, 2011 at 2:12 PM

    Amazon:
    http://www.barnesandnoble.com@1209390000

    ReplyDelete
  12. sbenson09September 15, 2011 at 2:13 PM

    A lot of websites, after finding and entering their IP address into a web browser failed to load, produced an error, etc. Any insight into this, and perhaps why some websites don't have this issue?

    ReplyDelete

Subscribe to: Post Comments (Atom)