Skip to main content
The new ".zip" domain is being used almost solely for malware. Some of the clicks are very deceptive, even to technically knowledgeable people. See the attached image for an example.

You can block all zip domains with the following uBlock Origin rule:

||zip^

Tell everyone you know.

Hypolite Petovan reshared this.

Andreas Kilgus
Andreas Kilgus  
@Jamie Content of image:
"Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe?

https://github.com/kubernetes/kubernetes/archive/refs/tags/@v1271.zip

https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.zip"
@Jamie
Hypolite Petovan
Hypolite Petovan  
@Andreas Kilgus @Jamie Funnily enough, your first URL isn’t what what written in the image. Notice how the forward slashes in the first path are more angled the first two after “http:”, which means they are special characters actually part of the domain name with the .zip top-level domain.
@Andreas Kilgus @Jamie
Andreas Kilgus
Andreas Kilgus  
@Hypolite Petovan @Jamie You are right, I didn't see this. Well, wanted to help and failed. 🤷
Seems to be the Fraction Slash ⁄ or the Division Slash ∕.
@Hypolite Petovan @Jamie
Hypolite Petovan
Hypolite Petovan  
@Andreas Kilgus @Jamie Oh no, you’re fine, it’s Google who should never had applied for this TLD in the first place!
@Andreas Kilgus @Jamie
this.ven
this.ven  

Content warning: Identifying the malicious link to .zip TLD

Hypolite Petovan
Hypolite Petovan  
@this.ven @Andreas Kilgus @Jamie Funnily enough #Friendica ‘s automatic URL linker in posts doesn’t match the malicious link:
#friendica @this.ven @Andreas Kilgus @Jamie
Martijn Vos
Martijn Vos  
Can we please, please just allow only alphanumeric characters in domain names? Or at the very least require that all characters come from the same character set?