Tag Archives: Campaign

Decimal IP Campaign

Published / by jeff / Leave a Comment

Saw this article today and its quite interesting.

https://blog.malwarebytes.com/cybercrime/2017/03/websites-compromised-decimal-ip-campaign/

A quick search of the string “1760468715” shows there are quite a few websites that have been compromised.

This is quite a clever but old technique that is referred to as Dotless IP’s.  A google search will find quite a few results, with several posts from around 15 or so years ago.

In order to work out the IP address the value represents you can perform a fairly straight forward calculation.

If you had the IP address 172.16.4.8

You can calculate this as follows

172 * 16777216 = 2885681152
16 * 65536 = 1048576
4 * 256 = 1024
8 * 1 = 8

Add the bold figures up.

2886730760

So if you were to enter this address in your browser http://2886730760

It would attempt to take you to 172.16.4.8

Just another way of hiding in plain sight.