New attacks have been uncovered that have http://0xD83AC74E in place of the conventional “domain.com.” A spam group has adopted the tactic, and it allows them to circumvent security systems and email filters. This bypassing technique enables the spammers to breach more inboxes than usual numbers. The method relies on loopholes like RFC791, which is a standard used to describe the Internet Protocol (IP).
IP addresses can be written in three formats: Octal, Hexadecimal, and DWORD/Integer. The spam group has adopted the trick and started using hexadecimal IP addresses since mid-2020 to evade detection. The group has sent emails with links to the relevant sites with weird URLs instead of a traditional “spam-website.com.”