www.ghacks.net
Open in
urlscan Pro
104.26.1.250
Public Scan
Submitted URL: http://www.delloite.zip/
Effective URL: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Submission: On May 25 via manual from IN — Scanned from US
Effective URL: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Submission: On May 25 via manual from IN — Scanned from US
Form analysis
3 forms found in the DOMGET https://www.ghacks.net/
<form role="search" method="get" class="search-form" action="https://www.ghacks.net/">
<label wfd-id="97">
<span class="screen-reader-text">Search for:</span>
<input id="search-site" type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>
POST https://www.ghacks.net/wp-comments-post.php
<form action="https://www.ghacks.net/wp-comments-post.php" method="post" id="commentform" class="kinsta-form--whitebg kinsta-form" novalidate="">
<p class="comment-form-comment"><label for="comment">Comment</label><textarea required="required" id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea></p><input type="checkbox" name="privacy" value="privacy-key"
class="privacyBox" aria-req="true"><span style="padding-left:6px;padding-top:3px;" class="pprivacy">Check the box to consent to your data being stored in line with the guidelines set out in our
<a target="blank" href="https://hello.softonic.com/privacy-policy/" data-wpel-link="external" rel="nofollow external noopener noreferrer">privacy policy</a><br><br>We love comments and welcome thoughtful and civilized discussion. Rudeness and
personal attacks will not be tolerated. Please stay on-topic.<br>Please note that your comment may not appear immediately after you post it.<br><span>
<div class="row gutter--small mt--20 comment-fields">
<div class="col-xs-12 col-sm-6">
<p class="comment-form-author"><label for="author">Name</label> <input id="author" required="required" name="author" type="text" value="" size="30"></p>
</div>
<div class="col-xs-12 col-sm-6">
<p class="comment-form-email"><label for="email">Email</label> <input id="email" required="required" name="email" type="email" value="" size="30"></p>
</div>
</div>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next
time I comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="194771" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
</span></span>
</form>
GET https://www.ghacks.net/
<form role="search" method="get" class="search-form" action="https://www.ghacks.net/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>
Text Content
Softonic uses own and third-party cookies to show personalized content and ads on Softonic’s properties and other sites, to provide social media features, to create an anonymous profile based on browsing behavior (visited pages, frequency, time) and to analyze how our services are used. You can decide what type of cookies you accept or withdraw the consent at any time. With your agreement, we and our partners use cookies or similar technologies to store, access, and process personal data like your visit on this website. You can withdraw your consent or object to data processing based on legitimate interest at any time by clicking on "Learn More" or in our Privacy Policy on this website. We and our partners do the following data processing:Display personalized ads, Personalised ads and content, ad and content measurement, audience insights and product development, Precise geolocation data, and identification through device scanning, Store and/or access information on a device Learn More →Agree and close ghacks.net * Home * Windows * Linux * Software * Firefox * Chrome * Internet * Mobile Computing * Companies * Email * Misc * Deals * * Home * Windows * Windows 11 News * Windows 11 Help * Windows 10 * Windows 8 * Windows 7 * Windows tips * Windows Update * Linux * Linux Mint * Software * Antivirus * Backup * Data Recovery * Encryption * File Sharing * Microsoft Office * Security * Firefox * Firefox add-ons * Chrome * Chrome Extensions * Internet * Brave * Internet Explorer * Microsoft Edge * Opera * Pale Moon * Vivaldi * VPNs * Google Maps * Search * Mobile Computing * Google Android * Apps * iOS * Companies * Amazon * Apple * Facebook * Google * Microsoft * Twitter * Yahoo * Youtube * Email * Gmail * Outlook * Thunderbird * Misc * Crypto & Blockchain * Development * Games * Hardware * Music and Video * Network * Tutorials * Deals Search for: GOOGLE'S .ZIP TOP LEVEL DOMAIN IS ALREADY USED IN PHISHING ATTACKS Martin Brinkmann May 15, 2023 Security | 7 Google released the top-level domain .zip to the public recently, which means that interested organizations and users may register .zip domains. Cyber criminals are already using .zip domains in phishing campaigns. ADVERTISEMENT According to the SANS Internet Storm Center, about 1230 names have been registered so far. The top level domain was approved in 2014 but it took Google until May 2023 to unlock it for public registration alongside seven other domain extensions. It seems that Google has reduced the registration price to $15 per year for a .zip domain last week, which appears to be less than halve the previous price. The price drop appears to have increased interest for .zip domains, and some new registrations are already used in phishing campaigns. The .zip extension allows cyber criminals to run phishing campaigns that abuse the fact that .zip is a popular file extension and also a top level domain. Domains such as officeupdate.zip or microsoft-office.zip have already been used in phishing campaigns. The latter is still online but safe browsing should warn users prior to accessing the site in question. Several of the registered domains could be used in phishing campaigns, while others may be used for legitimate purposes. The makers of archiving software might register a matching domain name for their products. Most of the registered domains have not been set up to display web content. The message "the site can't be reached" or similar messages are displayed in this case. The Microsoft phishing site displays a Microsoft sign-in prompt when it is accessed. Users should never see the page, but if they override the warning message, should not enter any data on the page. Use in phishing campaigns is just one new option that cyber criminals have when it comes to .zip domains. Some applications may attach hyperlinks to ZIP file names now, which may lead to the firing of DNS queries and the leaking of information to the .zip domain. The ICSS recommends to disable access to .zip domains entirely until the dust settles and risks can be accessed. Internet users need to take a closer look at .zip links and zip file extensions that may also be displayed as links in some applications. For now, there is little reason to access .zip domains; this may change if legitimate companies and software developers announce that their products are now also available on a specific .zip domain. Another one of Google's recently launched new top level domains might cause similar issues. The top level domain .mov is also available for public registration, and it too is also a file extension, albeit not as popular as .zip. Now You: do you access sites that use newer top level domains regularly? Summary Article Name Google's .zip Top Level domain is already used in phishing attacks Description Google's .zip top level domain has been opened up for public registration, and criminals are already using .zip sites in phishing campaigns. Author Martin Brinkmann Publisher Ghacks Technology News Logo Advertisement ABOUT MARTIN BRINKMANN Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter, and read his weekly tech newsletter on Substack View all posts by Martin Brinkmann → RELATED CONTENT PASSWORD MANAGER BITWARDEN WILL SOON BE ABLE TO STORE PASSKEYS DO YOU KNOW WHICH DATA BREACHES YOU HAVE FALLEN VICTIM TO? YOUR KEEPASS MASTER PASSWORD MAY BE AT RISK, BUT A FIX IS COMING 237,000 US GOVERNMENT EMPLOYEES AFFECTED BY DATA BREACH VIRUSTOTAL EXPANDS AI SECURITY SCANS TO AUTOHOTKEY AND OTHER SCRIPTS MICROSOFT'S CLOUD SERVICES ARE SCANNING PASSWORD PROTECTED ZIP ARCHIVES Previous Post: « Data breach alert: Intel confronts massive security incident Next Post: « Toyota Japan confirms decade-long security breach COMMENTS 1. John G. said on May 15, 2023 at 3:02 pm Reply One of the worst ideas by Google! Next idea will be the domain .Trojan, LOL. 1. Andy Prough said on May 16, 2023 at 11:19 pm Reply How about .doc, .xls, .pdf, and .msg, John G.? Those would be real winners. Or .jpg, .gif, and .bmp. 1. Amat said on May 23, 2023 at 9:28 pm Reply They do already have .phd which i immediately misread as .pdf because i wasn’t paying enough attention. 2. Tony said on May 15, 2023 at 6:00 pm Reply I already have them blocked on our network. Thanks for the heads up. 3. Tom Hawack said on May 15, 2023 at 6:57 pm Reply I already block several gTLDs and visit regularly ‘Spamhaus – The Top 10 Most Abused TLDs’ at [https://www.spamhaus.org/statistics/tlds/] For deeper information regarding TLds and gTLDs I visit ‘IANA – Root Zone Database’ at [https://www.iana.org/domains/root/db] I’m adding .zip and .mov gTLDs to my DNS blocklist. I’ll maybe add ‘Google’s 101 originally applied for strings, separated by contested and non-contested’ available at [https://icannwiki.org/Google#New_gTLDs] Any gTLD using a file extension is relevant of its owners’ questionable integrity in my view. Corroborates my extreme caution when it comes to Google. 1. Pablo W. said on May 16, 2023 at 10:31 pm Reply “Any gTLD using a file extension is relevant of its owners’ questionable integrity in my view. Corroborates my extreme caution when it comes to Google.” <– Ditto that! I'm using Firefox extension 'Block Site' where I added *.zip and *.mov for blocking. Works great! Easy to test too. https://webextension.org/listing/block-site.html 4. Anonymous said on May 18, 2023 at 7:03 pm Reply Google’s motto went from “Don’t be evil” to “Evil is good” LEAVE A REPLY CANCEL REPLY Comment Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic. Please note that your comment may not appear immediately after you post it. Name Email Save my name, email, and website in this browser for the next time I comment. Search for: ADVERTISEMENT SPREAD THE WORD GHACKS NEWSLETTER SIGN UP Please click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up ADVERTISEMENT HOT DISCUSSIONS * Firefox 113.0.2 fixes a crash on Windows and some other issues * Windows 11 will soon extract RAR, 7z and other archive formats natively * Samsung Knox Matrix: your fridge may soon help protect your smartphones * You may now communicate with an Ai called Aria in Opera's web browsers ADVERTISEMENT RECENTLY UPDATED * Microsoft says Chinese state-sponsored hackers penetrate critical U.S. infrastructure * Google Play Games for PC launched in Europe * KB5026446 for Windows 11 brings new features, but not for everyone * Project Q: Sony announces new gaming handheld * Apple could transform the iPhone lock screen to a smart display in iOS 17 * Here's a look at Microsoft's new Windows Backup app * PowerToys 0.70: control 4 PCs with one mouse and keyboard * Year of Inefficiency: Meta is laying off employees, again... * AMD to enter the world of cars * How to choose the perfect VPN service for yourself LATEST FROM SOFTONIC * Binge-Worthy Alert: Get Ready for an Epic Week of New Content on Netflix, Disney Plus, HBO Max, and Amazon Prime Video * Apple Keynote 2023: schedule, date and how to watch WWDC * Saying Goodbye to Tradition: ‘Final Fantasy XVI’ Marks the Possible Conclusion of the Iconic Series * Unleashing the Mexican John Wick: A New Challenger Emerges, Equally Indomitable ADVERTISEMENT ABOUT GHACKS Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers. * About * RSS Feeds * Legal Information * Terms of use * Privacy Policy * Cookie Policy * Cookie settings * Advertise with Us * Martin Brinkmann * Mike Turcotte * Ashwin * We Use The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A. Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2023 - All rights reserved * Home * Windows * Linux * Software * Firefox * Chrome * Internet * Mobile Computing * Companies * Email * Misc * Deals