Over the past few days I had been getting phishing email asking me about my ebay auction.
For the record, I had not use or even visited eeeBay ever since their E-grade customer service lose me as a customer.
So naturally I did not click on the link to respond to the non-existent enquiry. But what I found was some much more interesting.
The URL to the link was not the usual URL. I though what a stupid scammer to even get the URL wrong. Then I copied it to the URL bar and hey it work!
Seen one of a URL like this before?
http://0x42ce0afa/
Any clue how it works?
does the link maybe also contain an onclick()? Or maybe the e-mail contains some other javascript that catches clicks on the link, and then opens the correct URL?
No. If you copy the above URL and paste it on Firefox, it actually works. (Well, for me it does.)