To translate from stealth format to a real IP:
divide by 16777216 (256^3) to get the first number. Above, 209.
Take that number * 16777216 and subtract from the first number.
Above: 3513713141 - (209 * 16777216) = 7274997, now the current
Divide the current number by 65536 (256^2) to get the second number.
Take that number * 65536 and subtract from the current number
7274997 - (111 * 65536) = 501, now the current number.
Divide the current number by 256 to get the third number. In this
Take that number * 256 and subtract from the current number for the
501 - (1 * 256) = 245.
Thus, the number above is 220.127.116.11.
To translate in the other direction, IP to "hidden", write out your whole
IP in binary, and use all 32 bits (i.e. leading zeros in a section if
18.104.22.168 thus is: 11010001.01101111.00000001.11110101
Just take out the dots, and convert that 32-bit number to binary (or hex,
or octal -- they all work in URLS), and you are in stealth mode.
Of course, it only takes ONE admin who knows what's going on to run a 2
second conversion on the URL, find the real IP, and do WHOIS on the
lamers, to report the site back to the ISP that needs to know who is
violating their TOS or AUP, which is really the only reason folks do
In this case, the folks who need to be told are not bloody likely to do
anything about the spam (you got that URL in spam, right?) in any case:
<smaller>[Query: 22.214.171.124, Server: whois.arin.net]
NETCOM On-Line Communications Services, Inc. (NETBLK-NETCOM-BLK4)
2 North 2nd Street, Plaza A
San Jose, CA 95113
Netblock: 126.96.36.199 - 188.8.131.52
NETCOM On-Line Communication Services, Inc. (NETCOM-HM-ARIN)
Fax- - -408-881-3336
Domain System inverse mapping provided by:
ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Record last updated on 17-Nov-98.
Database last updated on 30-Apr-99 16:14:20 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and nic.mil for NIPRNET Information.
[End of Whois message]
At 06:17 PM 5/2/99 -0500, you wrote:
>I recall someone posting on this before but I didn't save it. Could
>original poster put their message up again?
>I want to know how this type of URL works ( and therefore how you
>number to be used)
>It is ingenious for you can't readily tell the IP address of the site to
>up on it.