JamieMay 17, 2023

The new ".zip" domain is being used almost solely for malware. Some of the clicks are very deceptive, even to technically knowledgeable people. See the attached image for an example.

You can block all zip domains with the following uBlock Origin rule under My Filters:

||zip^

Tell everyone you know.

Show threadCharles ☭ is now tooting from queer.party
@suprjami which one is which?
Jun 7, 2023 at 12:57pmWeb
Show threadLe Néandertal se sent las, lasJun 7, 2023

@celesteh @suprjami see here, the / in the first url are not real /

https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5

The Dangers of Google’s .zip TLD

Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe?

Medium
Show threadTechronic9876Jun 8, 2023
@HydrePrever @celesteh @suprjami that’s wild. Took me way too long
Show threadErik AblesonJun 8, 2023

@HydrePrever @celesteh @suprjami Damn. That’s subtle. Unicode for the phishing win here…

That said, the domain is already blocked on my internal DNS servers, but now I’m more seriously thinking about forcing their use even when on public cellular internet connections

Show threadCreature Of The Hill  Jun 7, 2023
@celesteh @suprjami
Top one with the @ is potentially malicious. The domain is v1271.zip with the bit to the left of the @ as a username crafted to look like a URL.
An old trick with a slightly new twist as you can use .zip and .mov now, which allows it to look like a zip archive or a video file to a casual user.

*(Blocked both on our network via the piHole)*