John Mark Ockerbloom on Nostr: A worked-out example of how the ".zip" domain that Google has opened to registrants ...
A worked-out example of how the ".zip" domain that Google has opened to registrants can be used in phishing attacks. The URL with the @ sign, and the characters that look like forward-slashes but aren't, looks like it goes to Github to download a zip file, but it actually goes to a server the phisher has registereed with the address "v1.27.1.zip".
The trick can also be pulled with other TLDs, but the .zip domain may make the URL look more like an expected file download.
https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
The trick can also be pulled with other TLDs, but the .zip domain may make the URL look more like an expected file download.
https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5