QUESTION :
Often I have came across URLS like the following:
http://www.isthisahacker.com/{7B643FB915-845C-4A76-A071-677D62157FE07D}.htm
Do the curly braces in the URL above indicate some kind of attempt to access the registry, or is that a legitimate URL? It looks kind of suspicious to me.
ANSWER :
That’s just a GUID, a randomly-generated string that’s unique to roughly 1 in 4 billion. Could be anything, but a hacker would probably use a less suspicious URL.
No, { } are legitimate characters to have an a URL, although it probably should be escaped, so
http://www.isthisahacker.com/{7B643FB915-845C-4A76-A071-677D62157FE07D}.htm
..should technically be:
http://www.isthisahacker.com/%7B7B643FB915-845C-4A76-A071-677D62157FE07D%7D.htm
(where %7B and %7D are the URL encoded equivalents to { and })
There’s nothing evil about the symbols, nor the {7B643FB915-845C-4A76-A071-677D62157FE07D} string. As tsilb says, it is a GUID (Globally Unique Identifier) – a standardised way of generating random/unique strings.
It’s no different to URL like http://www.isthisahacker.com/4345.htm