Topic: Evasive URLs in Spam (Read 260 times)
Hacker and scammer will always discover new different ways to trap people. All we need to do is stay careful. This is the simplest way to protect our information from them. Occasionally I receive spam messages in my mailbox. The message contains attractive offers with a suspicious link. I never click on those link, cause I know about the fact. I don't need any scammer offer to give them my valuable information
As someone who doesn't have technical knowledge with the URLs and those types, I wouldn't click a link that I don't have an idea. If it's something suspicious, I'll ignore it for real as I don't want to be threatened by those links that I have no idea what they are.
Same here, I would not click an url be it integer, hexadecimal, plain numbers, or even in the normal letters in a mail if I think something is off.
If I'm not expecting something from the services I use and there is a suddenly alert about them in a mail I usually go directly to the website and check directly their support page, it's definitely possible for even their legit mailing service to get hacked and send malicious emails.
Saving 3 seconds because it's easier to click on a link can bring you days of extra work trying to get all your accounts back and in a lot of cases, you won't be able to save them all.
As for mails from services I haven't head about, I find it hard to say but gmail does a pretty good job at keeping my box empty, I can't remember when I last stumbled upon a spam mail, most of the time I have to search for legit mail in the spambox.
We already need to perform validations on the regular domain named URLs que use/receive, but doing so over IPs such as those exemplified in the OP is an overkill.
Sincerely, rather than going through all the trouble of checking and doublechecking the IP and domains for letters and numbers and Punycode attacks I would most likely grab my phone and call support!
As someone who doesn't have technical knowledge with the URLs and those types, I wouldn't click a link that I don't have an idea. If it's something suspicious, I'll ignore it for real as I don't want to be threatened by those links that I have no idea what they are.
Having add-ons like NoScript helps immensely for less technical people, just in case they trip up and click something suspicious by accident. It's not going to help against clone phishing sites (there are also add-ons for that though), but it should at least block most attempts to auto-download malware.
That being said, regardless of what protection you may have, it's still best not to risk potentially losing your crypto just for curiosity. If a stranger is trying to get you to click something, you're likely not going to want to see it anyway.
Although, I'm very aware and vigilant as someone who's not technically versed on it. I'd like to be away from those automatic downloads of malware, spyware or any suspicious which they might inject to my PC.
This is what I need.
the methods used by scammers or hackers are already evolving. so more and more money victims will be deceived by URL methods like this. when I see an email message. in SPAM I never click on it because I know we will be redirected to a dangerous page. better interrupt SPAM messages. But not only in SPAM email messages in the main message, sometimes you also encounter suspicious URL messages even though I never registered for the website. must remain careful not to fall into the trap that the scammer has designed.
As someone who doesn't have technical knowledge with the URLs and those types, I wouldn't click a link that I don't have an idea. If it's something suspicious, I'll ignore it for real as I don't want to be threatened by those links that I have no idea what they are.
Having add-ons like NoScript helps immensely for less technical people, just in case they trip up and click something suspicious by accident. It's not going to help against clone phishing sites (there are also add-ons for that though), but it should at least block most attempts to auto-download malware.
That being said, regardless of what protection you may have, it's still best not to risk potentially losing your crypto just for curiosity. If a stranger is trying to get you to click something, you're likely not going to want to see it anyway.
Good share OP, I am not aware on this and I should be more careful next time not get malware in my device system or get into fake sites even if I had no funds to secure at all. It is still better to get secure for who knows one day I might be able to get a good blessings to secure. Hackers and scammers are really exhausting in scamming and some of them were relatively taken some money from other users. Sad to say that this is becoming trend in cryptocurrency.
If I just may add though, criminals are getting sophisticated by the day. But if you'll just have to look at it, but the key to avoid this kind of attacks is to have a good security practices that has been discussed so many time already. I know that no one should be falling for this trick, however, people don't do the necessary steps on their part to make sure that they won't be a victim of ransomware, email spams that will compromise our pc's or laptops.
We already need to perform validations on the regular domain named URLs que use/receive, but doing so over IPs such as those exemplified in the OP is an overkill. Rather than try to pass as imperceptible, as domain names with punycode or letter permutation/alteration do, these URL references standout like a warning beacon, so they seem a worse alternative to use for malefactors.
Having to go the extra mile to derive the IP or domain name is a discovery phase that is not called for in day-to-day usage, but may server its purpose for those investigating the nature of a given url expressed as those in the OP.
Having to go the extra mile to derive the IP or domain name is a discovery phase that is not called for in day-to-day usage, but may server its purpose for those investigating the nature of a given url expressed as those in the OP.
So the next time you see an email coming from like https://0xD83AC74E.
We should know what IP comes from by using the converting tool https://www.browserling.com/tools/hex-to-ip then scaning it into virustotal tool, but it does not totally safe, your pc still have risk when the link has the backdoor.
Long story short is people should avoid clicking direct links from any place, or at least, open them in a pc that doesn't really contain any personal information to make sure that nothing gets leaked, even if the said links came from your family or friends. Simply look up the links yourselves in search engines, which may take more time, yes, but at least it guarantees safety. I would've said that most wouldn't even click said link since it's full of numbers and letters, but a lot of people out there are either ignorant or just plainly don't care which are honestly odd, so for those who at least don't want their safety compromised, take the necessary steps even if it makes your search take more time.
I do not really understand this. But, I did noticed before I started being careful of the internet, I did click on links that can redirect me to two or three sites at a time. Which means, it is possible to install a malware from such redirect websites which could be from malacious actors. I get that point.
But, I do not notice such site again, maybe because I am too conscious of the internet nowadays. It is very good to be mindful of the sites we do visit. There are many sites that operate like this, installing malware into peoples devices. I am now even getting to the point I do not use the device that I have my wallet, crypto exchange and banking apps for other online reasons than to be used for only the specified purposes.
I'm sure you'll know it soon. I have seen some sites that you need an Ip address to access the site. I spotted it when I read one of the thread in the gambling thread. Using different devices is also one way to keep yourself and your crypto safe from people who would phishing sites or malwares. But, I do not notice such site again, maybe because I am too conscious of the internet nowadays. It is very good to be mindful of the sites we do visit. There are many sites that operate like this, installing malware into peoples devices. I am now even getting to the point I do not use the device that I have my wallet, crypto exchange and banking apps for other online reasons than to be used for only the specified purposes.
And this is what these criminals are expecting though, people who don't have the technical knowledge, you just click any links and don't have a good security practice. I wouldn't be surprised if we hear that someone was victimised by this very sophisticated trick. Even if they see a suspicious "*.domain name", people are still clicking though, so what more of a hexa email?
And speaking of email, did you guys heard that Tutanota DDoS attack recently? So there's a lot of things going on as cyber criminals are building up attacks.
And speaking of email, did you guys heard that Tutanota DDoS attack recently? So there's a lot of things going on as cyber criminals are building up attacks.
As someone who doesn't have technical knowledge with the URLs and those types, I wouldn't click a link that I don't have an idea. If it's something suspicious, I'll ignore it for real as I don't want to be threatened by those links that I have no idea what they are.
Using the Hexa type adds curiosity for those receivers and they might really get a victim out of it. Thanks for the share.
Using the Hexa type adds curiosity for those receivers and they might really get a victim out of it. Thanks for the share.
It's getting more and more complicated now when it comes to these scammers doing illicit activivities. Usually when you are reading emails you will just always look for grammar mistakes, the email address, and the links being provided by the email now you must be aware of what type of URLs are now they are sending which I personally is not aware of. Now it makes me wary too look at my emails until I learn more about these types of URLs or until email services will provide some kind of solution for blocking spam messages.
It's no doubt scammers would continue to exist and the wise will always elude them. I'm very skeptical on the URL I click. It's simple, if it's just about curiosity then, why the heck should I click it? Being curious on what's behind a code is kind of wrong except, it's an article or publication of whose source your quite aware of.
You don't just click a link because it pumped up and you've got data. Mails are often there target and once they get control or into your mail even just once, your risk is just immeasurable as our mails is a link to almost documents and recovery password medium for most platforms we are linked with.
Don't let your curiosity drive you to your doom.
You don't just click a link because it pumped up and you've got data. Mails are often there target and once they get control or into your mail even just once, your risk is just immeasurable as our mails is a link to almost documents and recovery password medium for most platforms we are linked with.
Don't let your curiosity drive you to your doom.
This is another way of Phishing, right? in that case we need some more information on how this fraud works. You're right, time passed, we will see such tricks by the scammers are evolving every year and to follow on how to avoid their past tricks, we can easily distinguish those spams from real one. Because we already know how the fraud works base on what they've done in the past. Thankfully we have some people like the OP who always keen and fast to tell people about this kinds of frauds. That's why, people who always read are the ones who lessly falls to this trick.
I do not really understand this. But, I did noticed before I started being careful of the internet, I did click on links that can redirect me to two or three sites at a time. Which means, it is possible to install a malware from such redirect websites which could be from malacious actors. I get that point.
But, I do not notice such site again, maybe because I am too conscious of the internet nowadays. It is very good to be mindful of the sites we do visit. There are many sites that operate like this, installing malware into peoples devices. I am now even getting to the point I do not use the device that I have my wallet, crypto exchange and banking apps for other online reasons than to be used for only the specified purposes.
But, I do not notice such site again, maybe because I am too conscious of the internet nowadays. It is very good to be mindful of the sites we do visit. There are many sites that operate like this, installing malware into peoples devices. I am now even getting to the point I do not use the device that I have my wallet, crypto exchange and banking apps for other online reasons than to be used for only the specified purposes.
Criminals is still evolving up to this day and applying another new technique which is using a hexa decimal IP address to obfuscation in email messages.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-urls-in-spam/
So the next time you see an email coming from like https://0xD83AC74E. Better not click it because of curiously, otherwise you might fall for this spam and you could potentially fall to a fake redirection website and could get spread malwares in your machine.
Quote
While web browsers accept domain names or dotted-decimal IPs as a URL in the address bar, clicking on any of the above links will direct you to Google.com as most browsers also accept these different IP formats as valid, which of course they are. The browser will automatically convert the hexadecimal or other IP format to a dotted-decimal IP address and browse it to the final page at that IP address.
Any threat actor equipped with this knowledge can craft an obscure looking URL like the ones shown above and send it via email with a convincing message to deceive the email gateway and the victim and lure them to click and open a site controlled by the attacker.
Any threat actor equipped with this knowledge can craft an obscure looking URL like the ones shown above and send it via email with a convincing message to deceive the email gateway and the victim and lure them to click and open a site controlled by the attacker.
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-urls-in-spam/
So the next time you see an email coming from like https://0xD83AC74E. Better not click it because of curiously, otherwise you might fall for this spam and you could potentially fall to a fake redirection website and could get spread malwares in your machine.
Jump to: