Alleviating Risks .zip and Similar Domains Could Pose via DNS Intel | WhoisXML API

Threat Reports

Alleviating the Risks .zip and Similar Domain Extensions Could Pose via DNS Intelligence

Google’s announcement of the ngTLD .zip’s launch last month was met by a lot of debate. Many believe threat actors could abuse it for phishing and other malicious campaigns since it could be easily confused with the .zip file name extension.1 They weren’t wrong to be concerned since their fear has already come to fruition.2

To help organizations avoid the potential perils that the .zip and similarly confusing ngTLD extensions (i.e., .app, .cab, .cam, .mobi, .mov, .pub, .rip, and .win) may pose, the WhoisXML API research team scoured the DNS for such domains created between 1 January and 31 May 2023 to see if any of them should be avoided. We uncovered:

  • 21,035 .app, .mov, and .zip domains (managed by Google), 33 of which may have already been used maliciously
  • 26,961 .cab, .cam, .mobi, .pub, .rip, and .win domains (managed by other registries), 130 of which may have already figured in malware attacks

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
  • [2] https://news.netcraft.com/archives/2023/05/17/phishing-attacks-already-using-the-zip-tld.html
Try our WhoisXML API for free
Get started