JamieMay 17, 2023

The new ".zip" domain is being used almost solely for malware. Some of the clicks are very deceptive, even to technically knowledgeable people. See the attached image for an example.

You can block all zip domains with the following uBlock Origin rule under My Filters:

||zip^

Tell everyone you know.

Show threadbjb  May 17, 2023

@suprjami

The slashes in the path part of the first url look different than the slashes in the scheme and everywhere in the second url. So my guess is that the first url is the malicious one.

I would have missed it if I hadn't been looking for a difference though. Thanks for the info.

Show threadtizilogicJun 7, 2023

@bjb @suprjami so basically this is yet another occasion where unicode hurts instead of actually helping.. why can someone register a domain with deceptive symbols in it??
#letsgobacktoasciionly

EDIT: my mistake that everything before the @ is the username, got rightly pointed out to me multiple times. Doesn't make me blame unicode less though, because afaik a forward slash is not allowed in such a username and in this case unicode allows this to look like a "valid" url regardless...

Show threadWilliam / HestenettetDK
@tizilogic @bjb @suprjami actually here everything before the @ is actually the username one is trying to connect to on the malicious .zip domain.
Jun 7, 2023 at 7:43pmWeb