There are lots of ways to obscure IP addresses, which can be useful in getting web requests to bypass filters with issues such as SSRF.
These obscuring methods come from the fact that IP addresses are numbers, which can be interpreted in multiple ways.
It is possible to put an @ symbol before a domain or IP in a URL and pretty much everything (except a forward slash!) between http:// and @ is irrelevant to the request made to a webserver:
Is just https://google.com. There is a popup in browsers asking if going to that site is intentional, potentially to avoid phishing.
Expressing an IP in base-8. This needs to be preceded by at least one zero, but as many zeros as desired can be added. For example:
127.0.0.1 = 0177.0000.0000.0001 18.104.22.168 = 0316.0277.0236.067 = 0000000000000316.0277.000236.00000000000067
Using 0x** can allow for hex numbers to be used in IP addresses, which can use dots or not use dots, like the following:
127.0.0.1 = 0x7f000001 127.0.0.1 = 0x7f.0x00.0x00.0x01 0x1337beef = 22.214.171.124 0xCE.0xBF.0x9E.0x37 = 126.96.36.199
This also works on URLs. It is possible to URL encode the hostname or IP address, as follows:
https://303sec.com = https://%33%30%33%73%65%63%2E%63%6F%6D
An IP address can be converted to its decimal equivalent, such as:
127.0.0.1 = 2130706433 10.0.0.1 = 167772161
These techniques can be used together to create frankenstein IPs. The following IP address is just 127.0.0.1: