I just received a phishing email with a URL that begins with this: http:// 0307.032047462 / The spaces are there so I don't make it an active link. . . but there's a lot more to the phishing URL, I only want to know how I can tell the domain name or IP address for the site that is hosting this fake ebay login page. Obviously when you go to the above URL it takes you to a college, but I would like to see the domain name or at least IP address behind this. . . I just don't get it. If anyone could help me out? Thanks.
Thanks for the response. I couldn't figure it out - even after an hour of searching. Normally I try and hook up these phishers with an abundance of logins/passwords to try out . BUT - I wanted to know what the domain was & who owned the server before I flooded them with an onslaught of usernames/passwords for them to sift through. This time I didn't get to mess with them. . . Thanks again.
I`d say its an IP address that is represented in octal form (from base 8). Its for sure not IPv6 and not a hexadecimal form. Good phishing idea, that way its easier to avoid spam filters and lure users into clicking links like hxxp://0370.7502.086234.324/paypal.com.html/index.php You can PM me the full URL, i`m curious if there can be obscured URL that cant be manually de-obscured. Keep flooding their DBs with fake login/pass, good idea.
I don't know what it is: but I think that it'd might help get past spam filters, and it does look more legit than others. I get 5-7 phishing emails per week usually for eBay/PayPal & I'd never seen a url formatted like this before. I'll PM you the URL in a minute if I still have it. When I get a spoofed URL like that, depending on the phishers setup, I wrote a script that auto posts false info: but I have to configure the variables manually for whatever they're requiring. I am working on building a local database of this info - right now I just filter through a few variations of the same username/pass to post.
The reason I was trying to decode the URL was so that I could inform the hosting company/manager of the webesite of the issue. I do throw some data at the forms, but I don't throw enough at it to overload it in almost any case unless the sever can't handle 4-5 users at a time. I did notice that the URL the main domain redirected to was a college website, but I don't know if the main, number based URL is from the same location.