more of a one-liner - for untangling the BS server name/address part of web sites in SPAM.
perl -MSocket -e 'print inet_ntoa(inet_aton(nonsense here)) ."\n"'


perl -MSocket -e 'print inet_ntoa(inet_aton(0xFE00ACCA))."\n"'

[download]

Replies are listed 'Best First'.
Re: unobfuscate IPs
by hiseldl (Priest) on May 09, 2003 at 13:40 UTC

    Could you give an example of the text that this decodes and where in an email to look for the text?

    Cheers!

    --
    hiseldl
    What time is it? It's Camel Time!

[reply]
      It only "unobfuscates" things that are numeric, such as the example shown, which is a hexadecimal number, or decimal numbers such as '218020952'. This might appeaear in a URL as: http://218020952/dirty-pictures.html However, a persual of more recent spam shows few using this form any more. More typical examples also include HTML escaping, eg: 
      http://%77%77%77%2E%66%70%63%6D%61%67%61%7A%69%6E%65%2E%6E%65%74/

      [download]
      for this form, use 
      perl -MURI::Escape -e ' print uri_unescape("http://%77%77%77%2E%66%70%
+63%6D%61%67%61%7A%69%6E%65%2E%6E%65%74/") . "\n"'

      [download]
      where the preceding was all on one line.

      Bob Niederman, http://bob-n.com
[reply]
[d/l]
[select]

Back to Cool Uses for Perl