Curly braces in a URL

Posted on

QUESTION :

Often I have came across URLS like the following:

http://www.isthisahacker.com/{7B643FB915-845C-4A76-A071-677D62157FE07D}.htm

Do the curly braces in the URL above indicate some kind of attempt to access the registry, or is that a legitimate URL? It looks kind of suspicious to me.

ANSWER :

That’s just a GUID, a randomly-generated string that’s unique to roughly 1 in 4 billion. Could be anything, but a hacker would probably use a less suspicious URL.

No, { } are legitimate characters to have an a URL, although it probably should be escaped, so

http://www.isthisahacker.com/{7B643FB915-845C-4A76-A071-677D62157FE07D}.htm

..should technically be:

http://www.isthisahacker.com/%7B7B643FB915-845C-4A76-A071-677D62157FE07D%7D.htm

(where %7B and %7D are the URL encoded equivalents to { and })

There’s nothing evil about the symbols, nor the {7B643FB915-845C-4A76-A071-677D62157FE07D} string. As tsilb says, it is a GUID (Globally Unique Identifier) – a standardised way of generating random/unique strings.

It’s no different to URL like http://www.isthisahacker.com/4345.htm

Leave a Reply

Your email address will not be published. Required fields are marked *