www.ghacks.net
Open in
urlscan Pro
104.26.1.250
Public Scan
Submitted URL: http://www.delloite.zip/
Effective URL: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Submission: On May 25 via manual from IN — Scanned from US
Effective URL: https://www.ghacks.net/2023/05/15/googles-zip-top-level-domain-is-already-used-in-phishing-attacks/
Submission: On May 25 via manual from IN — Scanned from US
Form analysis 3 forms found in the DOM
GET https://www.ghacks.net/
<form role="search" method="get" class="search-form" action="https://www.ghacks.net/">
<label wfd-id="97">
<span class="screen-reader-text">Search for:</span>
<input id="search-site" type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>POST https://www.ghacks.net/wp-comments-post.php
<form action="https://www.ghacks.net/wp-comments-post.php" method="post" id="commentform" class="kinsta-form--whitebg kinsta-form" novalidate="">
<p class="comment-form-comment"><label for="comment">Comment</label><textarea required="required" id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea></p><input type="checkbox" name="privacy" value="privacy-key"
class="privacyBox" aria-req="true"><span style="padding-left:6px;padding-top:3px;" class="pprivacy">Check the box to consent to your data being stored in line with the guidelines set out in our
<a target="blank" href="https://hello.softonic.com/privacy-policy/" data-wpel-link="external" rel="nofollow external noopener noreferrer">privacy policy</a><br><br>We love comments and welcome thoughtful and civilized discussion. Rudeness and
personal attacks will not be tolerated. Please stay on-topic.<br>Please note that your comment may not appear immediately after you post it.<br><span>
<div class="row gutter--small mt--20 comment-fields">
<div class="col-xs-12 col-sm-6">
<p class="comment-form-author"><label for="author">Name</label> <input id="author" required="required" name="author" type="text" value="" size="30"></p>
</div>
<div class="col-xs-12 col-sm-6">
<p class="comment-form-email"><label for="email">Email</label> <input id="email" required="required" name="email" type="email" value="" size="30"></p>
</div>
</div>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next
time I comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="194771" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
</span></span>
</form>GET https://www.ghacks.net/
<form role="search" method="get" class="search-form" action="https://www.ghacks.net/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Search …" value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>Text Content
Softonic uses own and third-party cookies to show personalized content and ads
on Softonic’s properties and other sites, to provide social media features, to
create an anonymous profile based on browsing behavior (visited pages,
frequency, time) and to analyze how our services are used.
You can decide what type of cookies you accept or withdraw the consent at any
time.
With your agreement, we and our partners use cookies or similar technologies to
store, access, and process personal data like your visit on this website.
You can withdraw your consent or object to data processing based on legitimate
interest at any time by clicking on "Learn More" or in our Privacy Policy on
this website.
We and our partners do the following data processing:Display personalized ads,
Personalised ads and content, ad and content measurement, audience insights and
product development, Precise geolocation data, and identification through device
scanning, Store and/or access information on a device
Learn More →Agree and close
ghacks.net
* Home
* Windows
* Linux
* Software
* Firefox
* Chrome
* Internet
* Mobile Computing
* Companies
* Email
* Misc
* Deals
*
* Home
* Windows
* Windows 11 News
* Windows 11 Help
* Windows 10
* Windows 8
* Windows 7
* Windows tips
* Windows Update
* Linux
* Linux Mint
* Software
* Antivirus
* Backup
* Data Recovery
* Encryption
* File Sharing
* Microsoft Office
* Security
* Firefox
* Firefox add-ons
* Chrome
* Chrome Extensions
* Internet
* Brave
* Internet Explorer
* Microsoft Edge
* Opera
* Pale Moon
* Vivaldi
* VPNs
* Google Maps
* Search
* Mobile Computing
* Google Android
* Apps
* iOS
* Companies
* Amazon
* Apple
* Facebook
* Google
* Microsoft
* Twitter
* Yahoo
* Youtube
* Email
* Gmail
* Outlook
* Thunderbird
* Misc
* Crypto & Blockchain
* Development
* Games
* Hardware
* Music and Video
* Network
* Tutorials
* Deals
Search for:
GOOGLE'S .ZIP TOP LEVEL DOMAIN IS ALREADY USED IN PHISHING ATTACKS
Martin Brinkmann
May 15, 2023
Security
|
7
Google released the top-level domain .zip to the public recently, which means
that interested organizations and users may register .zip domains. Cyber
criminals are already using .zip domains in phishing campaigns.
ADVERTISEMENT
According to the SANS Internet Storm Center, about 1230 names have been
registered so far. The top level domain was approved in 2014 but it took Google
until May 2023 to unlock it for public registration alongside seven other domain
extensions.
It seems that Google has reduced the registration price to $15 per year for a
.zip domain last week, which appears to be less than halve the previous price.
The price drop appears to have increased interest for .zip domains, and some new
registrations are already used in phishing campaigns.
The .zip extension allows cyber criminals to run phishing campaigns that abuse
the fact that .zip is a popular file extension and also a top level domain.
Domains such as officeupdate.zip or microsoft-office.zip have already been used
in phishing campaigns. The latter is still online but safe browsing should warn
users prior to accessing the site in question. Several of the registered domains
could be used in phishing campaigns, while others may be used for legitimate
purposes. The makers of archiving software might register a matching domain name
for their products.
Most of the registered domains have not been set up to display web content. The
message "the site can't be reached" or similar messages are displayed in this
case.
The Microsoft phishing site displays a Microsoft sign-in prompt when it is
accessed. Users should never see the page, but if they override the warning
message, should not enter any data on the page.
Use in phishing campaigns is just one new option that cyber criminals have when
it comes to .zip domains. Some applications may attach hyperlinks to ZIP file
names now, which may lead to the firing of DNS queries and the leaking of
information to the .zip domain.
The ICSS recommends to disable access to .zip domains entirely until the dust
settles and risks can be accessed. Internet users need to take a closer look at
.zip links and zip file extensions that may also be displayed as links in some
applications.
For now, there is little reason to access .zip domains; this may change if
legitimate companies and software developers announce that their products are
now also available on a specific .zip domain.
Another one of Google's recently launched new top level domains might cause
similar issues. The top level domain .mov is also available for public
registration, and it too is also a file extension, albeit not as popular as
.zip.
Now You: do you access sites that use newer top level domains regularly?
Summary
Article Name
Google's .zip Top Level domain is already used in phishing attacks
Description
Google's .zip top level domain has been opened up for public registration, and
criminals are already using .zip sites in phishing campaigns.
Author
Martin Brinkmann
Publisher
Ghacks Technology News
Logo
Advertisement
ABOUT MARTIN BRINKMANN
Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News
Back in 2005. He is passionate about all things tech and knows the Internet and
computers like the back of his hand. You can follow Martin on Facebook or
Twitter, and read his weekly tech newsletter on Substack
View all posts by Martin Brinkmann →
RELATED CONTENT
PASSWORD MANAGER BITWARDEN WILL SOON BE ABLE TO STORE PASSKEYS
DO YOU KNOW WHICH DATA BREACHES YOU HAVE FALLEN VICTIM TO?
YOUR KEEPASS MASTER PASSWORD MAY BE AT RISK, BUT A FIX IS COMING
237,000 US GOVERNMENT EMPLOYEES AFFECTED BY DATA BREACH
VIRUSTOTAL EXPANDS AI SECURITY SCANS TO AUTOHOTKEY AND OTHER SCRIPTS
MICROSOFT'S CLOUD SERVICES ARE SCANNING PASSWORD PROTECTED ZIP ARCHIVES
Previous Post: « Data breach alert: Intel confronts massive security incident
Next Post: « Toyota Japan confirms decade-long security breach
COMMENTS
1. John G. said on May 15, 2023 at 3:02 pm
Reply
One of the worst ideas by Google! Next idea will be the domain .Trojan, LOL.
1. Andy Prough said on May 16, 2023 at 11:19 pm
Reply
How about .doc, .xls, .pdf, and .msg, John G.? Those would be real
winners. Or .jpg, .gif, and .bmp.
1. Amat said on May 23, 2023 at 9:28 pm
Reply
They do already have .phd which i immediately misread as .pdf because
i wasn’t paying enough attention.
2. Tony said on May 15, 2023 at 6:00 pm
Reply
I already have them blocked on our network. Thanks for the heads up.
3. Tom Hawack said on May 15, 2023 at 6:57 pm
Reply
I already block several gTLDs and visit regularly ‘Spamhaus – The Top 10
Most Abused TLDs’ at [https://www.spamhaus.org/statistics/tlds/]
For deeper information regarding TLds and gTLDs I visit ‘IANA – Root Zone
Database’ at [https://www.iana.org/domains/root/db]
I’m adding .zip and .mov gTLDs to my DNS blocklist. I’ll maybe add ‘Google’s
101 originally applied for strings, separated by contested and
non-contested’ available at [https://icannwiki.org/Google#New_gTLDs]
Any gTLD using a file extension is relevant of its owners’ questionable
integrity in my view. Corroborates my extreme caution when it comes to
Google.
1. Pablo W. said on May 16, 2023 at 10:31 pm
Reply
“Any gTLD using a file extension is relevant of its owners’ questionable
integrity in my view. Corroborates my extreme caution when it comes to
Google.” <– Ditto that!
I'm using Firefox extension 'Block Site' where I added *.zip and *.mov
for blocking. Works great! Easy to test too.
https://webextension.org/listing/block-site.html
4. Anonymous said on May 18, 2023 at 7:03 pm
Reply
Google’s motto went from “Don’t be evil” to “Evil is good”
LEAVE A REPLY CANCEL REPLY
Comment
Check the box to consent to your data being stored in line with the guidelines
set out in our privacy policy
We love comments and welcome thoughtful and civilized discussion. Rudeness and
personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.
Name
Email
Save my name, email, and website in this browser for the next time I comment.
Search for:
ADVERTISEMENT
SPREAD THE WORD
GHACKS NEWSLETTER SIGN UP
Please click on the following link to open the newsletter signup page: Ghacks
Newsletter Sign up
ADVERTISEMENT
HOT DISCUSSIONS
* Firefox 113.0.2 fixes a crash on Windows and some other issues
* Windows 11 will soon extract RAR, 7z and other archive formats natively
* Samsung Knox Matrix: your fridge may soon help protect your smartphones
* You may now communicate with an Ai called Aria in Opera's web browsers
ADVERTISEMENT
RECENTLY UPDATED
* Microsoft says Chinese state-sponsored hackers penetrate critical U.S.
infrastructure
* Google Play Games for PC launched in Europe
* KB5026446 for Windows 11 brings new features, but not for everyone
* Project Q: Sony announces new gaming handheld
* Apple could transform the iPhone lock screen to a smart display in iOS 17
* Here's a look at Microsoft's new Windows Backup app
* PowerToys 0.70: control 4 PCs with one mouse and keyboard
* Year of Inefficiency: Meta is laying off employees, again...
* AMD to enter the world of cars
* How to choose the perfect VPN service for yourself
LATEST FROM SOFTONIC
* Binge-Worthy Alert: Get Ready for an Epic Week of New Content on Netflix,
Disney Plus, HBO Max, and Amazon Prime Video
* Apple Keynote 2023: schedule, date and how to watch WWDC
* Saying Goodbye to Tradition: ‘Final Fantasy XVI’ Marks the Possible
Conclusion of the Iconic Series
* Unleashing the Mexican John Wick: A New Challenger Emerges, Equally
Indomitable
ADVERTISEMENT
ABOUT GHACKS
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann.
It has since then become one of the most popular tech news sites on the Internet
with five authors and regular contributions from freelance writers.
* About
* RSS Feeds
* Legal Information
* Terms of use
* Privacy Policy
* Cookie Policy
* Cookie settings
* Advertise with Us
* Martin Brinkmann
* Mike Turcotte
* Ashwin
* We Use
The name and logo of Ghacks are copyrights or trademarks of SOFTONIC
INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2023 - All rights reserved
* Home
* Windows
* Linux
* Software
* Firefox
* Chrome
* Internet
* Mobile Computing
* Companies
* Email
* Misc
* Deals