Clever ‘File Archiver In The Browser’ phishing trick uses ZIP domains


Level 27
Thread author
Aug 17, 2017
A new 'File Archivers in the Browser' phishing kit abuses ZIP domains by displaying fake WinRAR or Windows File Explorer windows in the browser to convince users to launch malicious files. Earlier this month, Google began offering the ability to register ZIP TLD domains, such as, for hosting websites or email addresses. Since the TLD's release, there has been quite a bit of debate over whether they are a mistake and could pose a cybersecurity risk to users. While some experts believe the fears are overblown, the main concern is that some sites will automatically turn a string that ends with '.zip,' like, into a clickable link that could be used for malware delivery or phishing attacks.

For example, if you send someone instructions on downloading a file called, Twitter will automatically turn into a link, making people think they should click on it to download the file. When you click on that link, your browser will attempt to open the | Alexander Jäger site, which could redirect you to another site, show an HTML page, or prompt you to download a file. However, like all malware delivery or phishing campaigns, you must first convince a user to open a file, which can be challenging. Security researcher mr.d0x has developed a clever phishing toolkit that lets you create fake in-browser WinRar instances and File Explorer Windows that are displayed on ZIP domains to trick users into thinking they are opened .zip file.

Zero Knowledge

Level 20
Top Poster
Content Creator
Dec 2, 2016
Wow! Bad actors and hackers use malicious domains. Who would of thought they could be so sinister :rolleyes:?

I wish I would have registered, or they would be worth some money now.
  • Applause
  • Like
Reactions: vtqhtr413 and Nevi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.