The new ".zip" domain is being used almost solely for malware. Some of the clicks are very deceptive, even to technically knowledgeable people. See the attached image for an example.
You can block all zip domains with the following uBlock Origin rule under My Filters:
||zip^
Tell everyone you know.
@suprjami What browser are you seeing the @ URL treat v1.27.1.zip as the domain in?
I can only get it to work with pretty trivial URLs; as soon as there's a slash in the username portion, it's detected as the domain/path portion by chrome/safari/curl.
As far as I can tell, https://[email protected] can be used for phishing,
but anything more complicated, like the example you posted, cannot -- e.g. https://github.com/[email protected]
Jamie
owls
Lisa