Spammers use hexadecimal IP addresses to evade detection

A spam group has picked up a pretty clever trick that has allowed it to bypass email filters and security systems and land in more inboxes than usual. The trick relies on a quirk inRFC791— a standard that describes the Internet Protocol (IP). Among the various technical details, RFC791 is also the standard that describes how IP addresses look.

We mostly know them in their most prevalent form of dotted-decimal address (for example, 192.168.0.1). However, IP addresses can also be written in three other formats: Octal – 0300.0250.0000.0001 (by converting each decimal number to the octal base)Hexadecimal – 0xc0a80001 (by convert each decimal number to hexadecimal)Integer/DWORD – 3232235521 (by converting the hexadecimal IP to integer)

Source: zdnet.com