Spammers opt for hexadecimal IP addresses to avoid detection

avoid detection

New attacks have been uncovered that have http://0xD83AC74E in place of the conventional “domain.com.” A spam group has adopted the tactic, and it allows them to circumvent security systems and email filters. This bypassing technique enables the spammers to breach more inboxes than usual numbers.  The method relies on loopholes like RFC791, which is a standard used to describe the Internet Protocol (IP).

Read More: Automation, AI, and ML – The Heroes in the World of Payment Fraud Detection

IP addresses can be written in three formats: Octal, Hexadecimal, and DWORD/Integer. The spam group has adopted the trick and started using hexadecimal IP addresses since mid-2020 to evade detection. The group has sent emails with links to the relevant sites with weird URLs instead of a traditional “spam-website.com.”

Source: Zdnet