22

Let us try to access

http://yahoo.com@3627729518

with any browser. We get redirected to google.com.

3627729518 is the decimal representation of 11011000.00111010.11000010 .01101110 without dots. What's the reason of such behavior?

Note: I've changed the url so it's universal, but still, there is http://domain@ip. Originally it was local bank url and a scam-service's ip.

xenteros
  • 15,586
  • 12
  • 56
  • 91

4 Answers4

20

It's a malicious url, abusing the http://username:password@hostname support to make it LOOK like a yahoo url.

But it's actually taking you to that IP address (yes, an IP address is just a number, and can be represented by an integer). So that url is effectively:

http://yahoo.com@216.58.194.110

which reverse DNSs to

http://yahoo.com@dfw06s48-in-f14.1e100.net

so probably a Google Fibre customer in Dallas/Fort Worth.

Marc B
  • 356,200
  • 43
  • 426
  • 500
7

It's a very old type of URL format still supported by some browsers.

@ was used in specifying a user name and password sent via Basic Authentication to the web site on the right hand site of the @. For example;

http://username:password@example.com

would have sent the username of username, and the password of (you've guessed it) password to example.com. This meant if you created that as a bookmark you wouldn't have to login, it'd be sent for you. Not the most secure idea.

blowdart
  • 55,577
  • 12
  • 114
  • 149
  • You make it sound like it isn't used anymore ; while I've never seen it used with HTTP, I use it from time to time to log in FTP servers. It's especially useful in scripts or other software interacting with an FTP server to avoid the user / password prompt interactivity. – Aaron Oct 04 '16 at 12:41
  • Was this recent? I could have sworn I used an up-to-date chrome or firefox browser to log into an ftp server with such an url in the last 1 or 2 years ! I'll try to research it myself if I find the time to, but if you have some source to support your statement I'll be glad to read it. – Aaron Oct 04 '16 at 13:24
  • It still works fine for HTTP, but browsers will spit out a "you're trying to log into X with username Y"-type warning, exactly to warn the user about this kind of abuse. – Marc B Oct 04 '16 at 14:12
-2

it is added to identify the service provider If it is @yahoo.com it will be redirected to yahoo server. In case of gmail to google mail server Some web hosting sites such as wix provide free hosting and domain But it will always end at webname@wix.com indicating that what ever be the web name it will be redirected to the wix server. It can be said that it is used to create custom subdomain inside a domain.Webname has no independent existence outside the domain

Abhishek
  • 25
  • 9
-2

@ is basically DNS it specifies the address

Bhavna Malhi
  • 3