The new ".zip" domain is being used almost solely for malware. Some of the clicks are very deceptive, even to technically knowledgeable people. See the attached image for an example.
You can block all zip domains with the following uBlock Origin rule under My Filters:
||zip^
Tell everyone you know.
@suprjami I just wrote about those obfuscation techniques:
URL Obfuscation time! I recently read Nick Simonian's [post](https://www.mandiant.com/resources/blog/url-obfuscation-schema-abuse), at Mandiant, about the "Don't @ Me Url Obfuscation" technique. It's a very interesting technique, but it seems to me that the "@" sign in the URL still looks very suspicious, don't you think? ``` http://google.com@3264653699 ``` But what if we could take this technique to the next level? If we could add a slash right next to the fake URL it would look much better. But if we simply add a slash to the example above, the browser will of course navigate to google.com. What if we could find a character that looks just like a slash but is interpreted as a regular character? We can and you guessed it: we can use Unicode characters anywhere before the @ sign and the browser will consider it to be part of the username portion of the URL. Let's use the character U+2215, a division slash, that looks pretty much a regular slash. The unicode character really makes a difference. Look at the URLs below. They look pretty legit, but if you copy any them to your web browser, you will be taken to the web page of Phrack magazine: ``` http://google.com∕@3264653699 http://google.com∕support∕@3264653699 http://twitter.com∕elonmusk∕status∕@3264653699 ``` Chrome/Chromium will simply navigate to the obfuscated address (the IP address of phrack.org in decimal format is 3264653699). Firefox, though, shows a warning that you are trying to log in to the obfuscated IP with a weird username. That should be enough to grab your attention. I think Firefox is doing the right thing, warning the user, and other browsers should also add some protection against this kind of attack. It's easy to fall for this trap, even if you're an experienced computer person. The IP in the address bar should actually raise an alarm in your brain, but what if you just don't notice it? What if you're in a hurry and don't pay attention to it? Browsers can prevent this. #infosec #cybersecurity #obfuscation #phishing
Jamie
madcap 