It has been six months since Netcraft first reported on abuse of the new .zip TLD, outlining the fraudulent activity we detected and blocked. Within weeks of its launch, Netcraft had detected many fresh .zip domain registrations designed to exploit confusion between the new TLD and the .zip file extension for ZIP archives.
So, what has changed in the last 6 months? Not much, it seems.
.zip registrations
The rate of new .zip domains registrations has declined since our previous blog post. Despite this, there are now:
- 16,705 registered .zip domains (a threefold increase since our previous post)
- 8,432 .zip domains with A records in total (a fourfold increase)
- 4,421 .zip domains with MX records in total, only 619 of which don’t also have A records
- 4,196 distinct IP addresses for .zip domains in total (a fivefold increase)
- 417 .zip domain names that mention ‘installer’ or ‘update’ (a twofold increase)
Out of these domains, we discovered 5 serving zip bombs. In addition, the larger number of distinct IP addresses (1 for every 4 domains now, compared to 1 for every 6 domains six months ago) suggests that .zip domains are becoming more diverse.
Malicious websites
Netcraft has blocked 50 malicious .zip domains since the previous post on 17 May 2023, bringing the total to 56. These domains mostly impersonate Microsoft, Google, and Steam, as the following figure illustrates:
Other notable attacks include:
- Apecoin[.]zip, first seen on 9th August 2023, is a crypto drainer scam impersonating a cryptocurrency platform. It purports to add cryptocurrency to a user’s wallet, but when authorisation is given
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from NetcraftRead the original article: