Category
Blog
📅 30 April 2023
Today I'm gonna describe a URL obfuscation technique. If you click on the below URL then you'll go to LinkedIn rather than Facebook-
https://facebook.com@linkedin.com/This is because, if you write an URL which contains 2 domain names separated by @ sign then the URL will redirect you to the 2nd domain. We can also use an IP address like below-
https://facebook.com@142.250.191.46Here I wrote the IP address of Google. So, if you click on it, you'll go to Google. But, what about the below URL?
https://facebook.com@2398797614This URL will also redirect you to Google. But how? Because, here I converted the IP address to decimal format.
Now what if cyber criminals use this technique in URL and write malicious IP address in decimal format? And what if your security solution doesn't convert that decimal to IP address to check its reputation?
Even the technique is also abused in Smokeloader campaign (details). This is just an obfuscation technique.