![[SpamCop.net - protecting the internet through technology]](/images/05logo.png){kind=small}
SpamCop FAQ : General information about SpamCop : Non-SpamCop information :
Example: http://%4a%55%53%54%49%43%45@%33%35%31%37%37%31%32%39%30%35/
There are three things you need to know about to decode these URLs. They're not actually bogus; they're just made hard to read.
% encoding is normally used to encode characters that aren't legal in URLs; the spammers encode all (or at least some of) the characters, including the legal ones, to make them hard to read.
Each character is represented as a '%' followed by a two digit hex number, which corresponds to the ASCII code for the character. e.g. %4a is J
for your URL this gives us:
http://JUSTICE@3517712905/
Everything before the last @ sign in the URL is authentication information, which is ignored by most servers for most pages anyway. For the purposes of identifing the host, we can chop this off to get
http://3517712905/
This refers to the root page / on host IP 3517712905.
This large number is the IP address of the host, but written as one large decimal number rather than four smaller numbers as is normally the case. To convert it we first need to convert to hex, which gives us
D1AC0A09
Then we break this into two digit pieces:
D1.AC.0A.09
and convert to decimal:
209.172.10.9
SpamCop's hosttracker will do the same thing, and if you receive a SpamCop
report for a URL, you can click the "see how SpamCop tracked this" link to
see the steps it took.
When an e-mail is encoded @ 64 bits the HTML code is not tracked by spamcop bot: the code appear as if it was encoded @ 7 bits and no HTML tags are found.
What can be done then?
[Append to This Answer]