Tuesday, September 13, 2011

Obscuring a URL

Have you ever encountered a Web page address that looked like this: http://209.143.212.20/?

Yes? It was featured prominently in spam you got? Well, of course.

And of course you thought that spammers are so stupid they cannot even type a numerical URL right. Out of curiosity, you followed the link nonetheless -- and it worked!

Why do spammers use such obscure URLs instead of their normal, easy to remember alphanumeric form (in which the URL above would read http://about.com//)? They do not want you to remember them. They do not even want you to know them.

If they used regular notation for URLs, they could easily be identified via a whois query that lists who owns a domain name. This is why they try to hide by applying all kinds of tricks to their domain name.

As you probably know, when you type a domain name (like "about.com") in your browser's address field and press enter, the browser translates that easy to remember name into a series of numbers called an IP address. The IP address for "about.com" is "209.143.212.20", for example.

Your browser does not only translate the usual domain names to IP addresses, it can also translate other strings to the same IP address. One example is "20695733268", which also turns out to become "209.143.212.20" as well. There are a number of tricks you play on a domain name and still have the Web browser translate it to the same IP address (although some modifications do not work with all browsers).

If your browser can translate the obscure URLs used by spammers into IP addresses that make sense, you can do that, too. Then you can get the domain name corresponding to the IP address, and you can complain to the spammer's ISP.

Please check out this website (http://www.pc-help.org/obscure.htm) and try obscuring the Bunker Hill webpage address. Post your results here.

12 comments:

  1. rob here

    http://bit.ly/abGjzp

    ReplyDelete
  2. Well, I used funkyfilters.com (just playing around) and it converted it to http://3493896546

    BUT when I click on that I get a 400 Bad Request. Further research is needed...

    ReplyDelete
  3. Best I can do for now is http://tinyurl.com/6jo95gs

    ReplyDelete
  4. http://1208929383/ It is merely the Dword for google I have decided that obscuring the url to bhcc website is a lost cause.

    http://tinyurl.com/Notblackboard
    And a url shortener that brings you right back to here

    ReplyDelete
  5. http://1249735016@1249735016 < google

    ReplyDelete
  6. rob, here
    bunker%2Eded%2Etechevolution%2Ecom

    ReplyDelete
  7. Amazon:
    http://www.barnesandnoble.com@1209390000

    ReplyDelete
  8. A lot of websites, after finding and entering their IP address into a web browser failed to load, produced an error, etc. Any insight into this, and perhaps why some websites don't have this issue?

    ReplyDelete