Phishing Help (HOW TO MAKE YOUR URL LOOK LEGIT)

[Iamheretoleech]

First and foremost, this is my first ever proper thread on these forums. I am posting this merely for educational purposes. And, please read it before posting your moronic questions, as they will not be answered and will be seen as spam through my eyes.



Ever see unintelligible url's when looking through things?

Eh, to explain this better than words, heres an example.

345%[email protected]/forums/wow-scams/174238-phishing-help-how-make-your-url-look-legit.html

Copy it into your browser You'll come straight back to this page. These types of URL's are usually used to mask the real url and has been abused by scammers and spammers...

Now's your turn.

HOW YOU'LL USE THIS

Basically, anything BEFORE the @ sign is irrelevant. So, let's see how you can take advantage of this.

Okay now let's say you post on a forum, (hopefully not this one) your phishing url, you could be a moron and write "www.***********-whateverthehellyounamedyoursite" or whatever, or you could be smart, and go, "http://beta.worldofwarcraft.com-account-creation-start.xml-addawholelotofrandomsht@0xCE.0x47.0x99.0xF5/forums/wow-scams"

Hopefully now your getting the jist of my idea.

OHH KAY, seeing this, you'll want to know how to convert your (for example phishing site, which is being expressed as the sites IP, in hexadecimal form)site's url into hex.

Using this site, SamSpade.org you can get the IP for that web address just by typing it in!

As an example for this, i'll use MMOwned's IP. It being 206.71.153.245. (Before you do this, tap your Calculator button near your num pad, and go View > Scientific making sure the "Dec" option is clicked in the upper left hand corner.)

Let's say the first number in the url is a, second is b, third is c, and fourth is d, E will be representing your solution. (AKA, the DWORD value, although, using just this won't work on most browsers.)

SO: a * 256 + b = * 256 + c = * 256 + d = E

For MMOwned, E = 3460798965.

Hit "Hex" in the upper left hand corner and you'll be left with CE4799F5, which is obviously the hexadecimal version of E.

To use this in an url, we do this: 0xCE.0x47.0x99.0xF5 / Whatever would normally come after the site url. So every for every two values have a 0x before, and a "." after. It'd also be good to note, that this can also be expressed as, (Still using the MMOwned example) "0xCE4799F5" but whatever floats your boat.

Lets recap.

SITE URL = (a * 256 + b = * 256 + c = * 256 + d = E) = 3460798965 (In this case) = CE4799F5 = 0xCE.0x47.0x99.0xF5

Okay, let's incorporate this with the use of @, to make it look like whatever you want. [email protected]/forums/wow-scams being one of my favourites. (:

Hopefully you understand what I wrote, and that I wasn't too vague, post with feedback, flames, whether it was a repost (Oh god what did I do?), and questions (As long as they aren't too stupid.)


(LOL IF YOU DONT GET IT, THIS BASICALLY MASKS URLS AS OTHER THINGS (YOU COULD USE WORLD OF WARCRAFT SITE) AND THEN SEND THEM TO YOUR SITE, THROUGH THE USE OF HEXADECIMAL WRITTEN IP OF YOUR SITE. )

*In before faggets, despite my name, I did not leech this. Also, I DO know there are other ways of expressing url's, octal, and DWORD, but I find this to be the simplest.*

NOTE: The so called 'fake' url you have before the "@" CANNOT have slashes in it.

- First and hopefully useful post.

[andr3w_91]

Err.. can u sum it up?

[Popc0rn]

Err.. can u sum it up?

rofl. yea plz do.

[cXm0d]

You wouldn't be able to sum it up if you didn't understand.

The guide is pretty common sense to the people who know how to do it, and pretty useless for the people who don't since they don't understand.
But good guide regardless, +rep.

[Megman]

Really nice guide , i will use this :P

[T1B]

This sucks, such a "encoded" url looks even more suspiscious then a free domain

[YoHf]

You wouldn't be able to sum it up if you didn't understand.

The guide is pretty common sense to the people who know how to do it, and pretty useless for the people who don't since they don't understand.
But good guide regardless, +rep.

My very thought.

[nothorde]

zomg this is teh best post ir haf evar seen!!11!! +2 repzor 2 u mai gud fwend

[kataldt]

This sucks, such a "encoded" url looks even more suspiscious then a free domain

I disagree completely. /shrug

People will glance at the URL. If they see some form of official Blizzard URL in there, rather than a free hosting site, they're more likely to do it.

[Iamheretoleech]

I disagree completely. /shrug

People will glance at the URL. If they see some form of official Blizzard URL in there, rather than a free hosting site, they're more likely to do it.

^ This.

And, I was trying to share some general knowledge with the community! Hope it helped! Fanx for the positive/neutral/negative feedback.

[ShAnX]

1.) Good thought, Nice guide.
2.) A downfall on this tho is for example, when i did this on my Phishing site, I got this as a pop up.


You are about to log in to the site "h1.*ripway" with the username "www%2Eworldofwarcraft%2Ecom-%3736483ge7433sr5tdg437dg463gd65dg374dg3846%u877", but the website does not require authentication. This may be an attempt to trick you.

Is "h1.ripway" the site you want to visit?

Anyway +rep For this being quite Ingenius anyway

[skruflol]

Confusing :S

[Iamheretoleech]

Confusing :S

Be more specific please so I can help you out, which part is confuddling you? :>

[ninjakiwi]

[COLOR="Red"]

(LOL IF YOU DONT GET IT, THIS BASICALLY MASKS URLS AS OTHER THINGS (YOU COULD USE WORLD OF WARCRAFT SITE) AND THEN SEND THEM TO YOUR SITE, THROUGH THE USE OF HEXADECIMAL WRITTEN IP OF YOUR SITE. )

I don't understand you say you are masking the real url to look like wow.com url but it still has all the other crap

sorry for me being a noob im just getting into this phishing and scam stuff : /

[Iamheretoleech]

I don't understand you say you are masking the real url to look like wow.com url but it still has all the other crap

sorry for me being a noob im just getting into this phishing and scam stuff : /

Okay, this doesnt completely mask the url as "worldofwarcraft.com"

It merely makes them more decieving, for example, if we were to do some roleplaying, and I said to you, there was a way to get a free wotlk beta account; which of the two would you be less suspicious of?

ripway.cm/wrathofthelickkingbeta

OR

http://beta.worldofwarcraft.com-acco...832@0xCE4799F5