Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: strange domain name in phishing email

From: "Alice Bryson" <abryson () bytefocus com>
Date: Tue, 14 Mar 2006 09:36:38 +0800
Yes, this is only a way of expressing an IP address.
Try the following C code, you would find out the answer.

#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int main()
{
    printf("%lu\n", htonl(inet_addr("83.211.166.179")));
    return 0;
}

it prints out 1406379699.


2006/3/11, Brian Dessent <brian () dessent net>:

Jianqiang Xin wrote:


I received several phishing emails. One interesting thing is the link
to phishing website has the link:
http://1406379699/dbweb/ws/ebay/index.htm


This is a very old technique.  Most people think that dotted-quad
decimal is the only way to express an IP address but they can in fact be
written in a variety of formats - octal, hexadecimal, and/or combined as
a single 32 bit word.  Read <http://www.pc-help.org/obscure.htm> for
more.

Brian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




--
Homepage:http://www.lwang.org
We collect spam for research at:
mailto:abryson () bytefocus com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: