Various Methods for Obscuring URLs

by Ed Skoudis, Internet Storm Center

Note that this list is _not_ comprehensive, but a handy reference for some of the tricks bad guys use to fool users.

Each method looks like it goes to, but really points to Note that not all methods work for all browsers. Modern versions of IE do not like the %01, %00, @, and related tricks.


Subversion (Say, link to





Decimal IP addr: 3639552355:

Hex IP addr: 0xd8ef2963:

Hex IP addr with dots: 0xd8.0xef.0x29.0x63:

URL Encoding as ASCII in Hex: http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D:

URL Encoding as Unicode:

URL Encoding as Unicode with @:

URL Shortener at

URL Shortener at

Mixed ASCII and Unicode:

Octal: 0330.0357.0051.0143:

Octal Long form: 000330.000357.000051.000143: