As mentioned before in this space, it seems nearly impossible to stay on top of cybercriminals. They seem to always be a step ahead, forcing everyone else to always remain on their toes. One of the newest efforts of spammers is to use hexadecimal IP addresses in spam attacks.
What Is a Hexadecimal IP Address
Websites are accessed on the Internet through IP addresses, a combination of numbers, letters, and punctuation. These are too difficult to remember, so domain names are assigned instead, and a DNS service translates that back to the IP address.
IP addresses can be:
- Dotted – a serious of numbers separated by periods.
- Octal – each decimal number is converted to decimal
- Hexadecimal – each decimal number is converted to hexadecimal
- Integer or DWORD – each hexadecimal is converted to integer
A hexadecimal number works on a base 16 system instead of base 10, so instead of having 1 through 0, you have 1 through 0 plus A through F.
Browsers will automatically convert all these formats to a dotted IP address. You’ll still get to that final landing site just as you would with a domain name.
Hexadecimal Addresses Used in Spam
While we are getting craftier looking for spam, spammers are getting craftier avoiding us. If we encounter a domain name that looks fishy, we’re going to avoid it. No one is going to click on a link with a domain of spam.thisisfishy.com. However, replace that with a hexadecimal numbering system, and we don’t know what to think and may be lured into clicking it when it appears in an email.
The first spam attack that was observed using the hexadecimal IP addresses is selling fake pharmaceutical products. The campaign sells pills for cholesterol, anti-fungal, anti-aging, anti-inflammatory, metabolism, etc. And in the age of the coronavirus pandemic, we’re all looking to stay healthy through any means possible. This campaign started this past July, and figures show it led to an increase in spam being delivered overall.
The email subject and body look convincing enough and ask the unsuspecting victims to click on a hexadecimal IP address. The links look slightly different depending on email client, whether it was Thunderbird, Outlook, etc.
Clicking on the link opens it in the victim’s browser. The browser converts the hexadecimal IP to a decimal IP, which sends the victim to a fake pharmaceutical site with marketing videos and testimonials and leads to an e-commerce gateway selling the fake pills.
Of course, it is probably never a good idea to buy pharmaceutical products on a whim off a random email. But should you be lured into doing so, do not by snowed by a hexadecimal IP address, as it’s even more likely to be spam. Be alert when you see such an address in any email whether it be advertising pharmaceutical products or something else.
Read on to learn how to blacklist or whitelist an IP address in Gmail.