Home > News

Hexadecimal IP Addresses Creatively Used in Spam Attacks

By Laura Tucker
News Hexadecimal Scam Featured

As mentioned before in this space, it seems nearly impossible to stay on top of cybercriminals. They seem to always be a step ahead, forcing everyone else to always remain on their toes. One of the newest efforts of spammers is to use hexadecimal IP addresses in spam attacks.

What Is a Hexadecimal IP Address

Websites are accessed on the Internet through IP addresses, a combination of numbers, letters, and punctuation. These are too difficult to remember, so domain names are assigned instead, and a DNS service translates that back to the IP address.

IP addresses can be:

  • Dotted – a serious of numbers separated by periods.
  • Octal – each decimal number is converted to decimal
  • Hexadecimal – each decimal number is converted to hexadecimal
  • Integer or DWORD – each hexadecimal is converted to integer

A hexadecimal number works on a base 16 system instead of base 10, so instead of having 1 through 0, you have 1 through 0 plus A through F.

News Hexadecimal Scam Keyboard

Browsers will automatically convert all these formats to a dotted IP address. You’ll still get to that final landing site just as you would with a domain name.

Hexadecimal Addresses Used in Spam

While we are getting craftier looking for spam, spammers are getting craftier avoiding us. If we encounter a domain name that looks fishy, we’re going to avoid it. No one is going to click on a link with a domain of spam.thisisfishy.com. However, replace that with a hexadecimal numbering system, and we don’t know what to think and may be lured into clicking it when it appears in an email.

The first spam attack that was observed using the hexadecimal IP addresses is selling fake pharmaceutical products. The campaign sells pills for cholesterol, anti-fungal, anti-aging, anti-inflammatory, metabolism, etc. And in the age of the coronavirus pandemic, we’re all looking to stay healthy through any means possible. This campaign started this past July, and figures show it led to an increase in spam being delivered overall.

The email subject and body look convincing enough and ask the unsuspecting victims to click on a hexadecimal IP address. The links look slightly different depending on email client, whether it was Thunderbird, Outlook, etc.

News Hexadecimal Scam Laptop

Clicking on the link opens it in the victim’s browser. The browser converts the hexadecimal IP to a decimal IP, which sends the victim to a fake pharmaceutical site with marketing videos and testimonials and leads to an e-commerce gateway selling the fake pills.

Of course, it is probably never a good idea to buy pharmaceutical products on a whim off a random email. But should you be lured into doing so, do not by snowed by a hexadecimal IP address, as it’s even more likely to be spam. Be alert when you see such an address in any email whether it be advertising pharmaceutical products or something else.

Read on to learn how to blacklist or whitelist an IP address in Gmail.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox

Laura Tucker Avatar
Laura Tucker
Laura has spent more than 20 years writing news, reviews, and op-eds, with the majority of those years as an editor as well. She has exclusively used Apple products for the past 35 years. In addition to writing and editing at MTE, she also runs the site’s sponsored review program.

Read next

When the SS Great Eastern laid the first working transatlantic telegraph cable in 1866, a message that had taken ten days by steamship suddenly crossed the ocean in minutes, and the financial markets of London and New York were forced, within a single trading week, to invent the modern concept of synchronised global price.
From below of blue starry sky over radio telescope and trees with leaves
The Big Ear telescope was scanning at 1420.4056 megahertz on the night of 15 August 1977, the exact frequency at which hydrogen atoms vibrate across the universe, because Giuseppe Cocconi and Philip Morrison had argued years earlier that any species trying to be found would broadcast on that channel — and then, for 72 seconds, something did.
In 2016, archaeologists dated two rings of snapped stalagmites in France’s Bruniquel Cave to 176,500 years ago, evidence that Neanderthals had walked 336 metres into darkness with fire and built architecture deep underground long before modern humans reached Europe
Otto von Bismarck was 74 when Germany adopted the world’s first national old-age social insurance program in 1889, setting the pension age at 70 after years of fighting socialists with bans, laws, and a promise few workers would live long enough to use
When cosmonaut Valeri Polyakov stepped out of his Soyuz capsule in March 1995 after 437 consecutive days aboard Mir, doctors recorded him at several centimetres above his pre-flight height, and his spine had become so unaccustomed to gravity that the recovery team carried him to a chair rather than risk the compression of letting him walk.
When Bell Labs engineer Karl Jansky pointed a rotating antenna at the sky in 1932 looking for sources of transatlantic radio static, he kept picking up a faint hiss that peaked every 23 hours and 56 minutes, and he eventually realized he had become the first human to hear the center of the Milky Way.
A contemplative scene with two scientists in a vintage laboratory setting.
When Harvard astronomer Cecilia Payne submitted her 1925 doctoral thesis arguing that the Sun was made almost entirely of hydrogen, the field’s senior figure Henry Norris Russell talked her into adding a line calling the result ‘almost certainly not real,’ and then published the same conclusion himself four years later to widespread acclaim.
When seismic waves from the Chicxulub impact reached what is now North Dakota roughly ten minutes after the asteroid struck, they appear to have triggered a ten-metre standing wave in an inland river that flung fish onto the bank and buried them under glass beads still falling from the sky.