JamieMay 17, 2023

The new ".zip" domain is being used almost solely for malware. Some of the clicks are very deceptive, even to technically knowledgeable people. See the attached image for an example.

You can block all zip domains with the following uBlock Origin rule under My Filters:

||zip^

Tell everyone you know.

Show threadbjb  May 17, 2023

@suprjami

The slashes in the path part of the first url look different than the slashes in the scheme and everywhere in the second url. So my guess is that the first url is the malicious one.

I would have missed it if I hadn't been looking for a difference though. Thanks for the info.

Show threadEnara Jun 7, 2023
@bjb @suprjami ooooh I hadn't notice that detail! I was going for the @ in the address
Show threaddragonfrog
@EnaWasHere @bjb @suprjami it's the @. Everything between http(s):// and @ in interpreted as a username and potentially a password, the part after the @ is the host and path.
Jun 7, 2023 at 2:20pmWeb
Show threadJon RibbensJun 7, 2023
@dragonfrog @EnaWasHere @bjb @suprjami That's not quite right, the username/password part cannot contain (amongst other things) forward slashes. This attack is relying on using a unicode character that looks like a forward slash but isn't one.
Show threaddragonfrogJun 7, 2023
@jribbens @EnaWasHere @bjb @suprjami I see, it's both the @ and the pseudo-slashes. Thanks for pinning that out.