You probably already know about I.P. addresses. They are the numbers of any Internet connected or any TCP/IP connected device. You probably recognize the format. For example 66.51.103.36 is the dedicated IP address for this website, computer-forensic-technician.com.

A friend recently received a phishing email with a strange address. It was a series of hexadecimal numbers. The friend said I knew it was a fraud because it wasn’t a real IP address. Well actually, it was a real IP address.

The are several valid formats for an IP address that have been around since the foundation of the Internet, when it was a collection of machines at Universities. The vaild formats most computers understand are:

• Decimal (The common format we are familiar with)
• Dotless or Integer
• Hexadecimal
• Octal

Since most people are familiar with domain names (ie paypal.com), and many tech savvy people with recognize a decimal IP address, Often scammers, spammers, and phishers will use integer or hexadecimal addresses in an attempt to confuse people. This is the practice is known as IP obfuscation.

Let’s take computer-forensic-technician.com for example. The domain name is mapped to an IP address or Internet Address which is 66.51.103.36. Which means you could access this website by going directly to http://66.51.103.36

You could also access this website by going to:

http://1110664996
http://0×42.0×33.0×67.0×24
http://0102.063.0147.044

pretty tricky eh? Don’t worry hexadecimal and octal addresses used in phishing attempts won’t confuse computer forensic technicians with tools to translate and track down the location of the server.

APA Citation:
Smith, Nathan. M. (2007). What is IP obfuscation? About decimal and hex IP addresses.
Retrieved September 8, 2008, from http://www.computer-forensic-technician.com/wordpress/what-is-ip-obfuscation-about-decimal-and-hex-ip-addresses/.