BADFILE.ZIP

Watch Out!

New .zip domains trick people into downloading malicious files

Can you spot BAD Links?

https://github.com/YathishGP003
0/10

All you need to know

1

Look out for @ signs

Check if there is an @ sign in front of the .zip portion of the link.

https://dropbox.com/@badfile.zip

2

Hover over Links

Browsers display where a link leads in the lower left corner.

3

E-Mails require additional care

E-Mails enable attackers to use a wide array of styling options. Attackers can change the font size of the @ sign and make it incredibly small. This results in an invisible @.

e-mail client screenshot, e-mail with link, where @ sign is not visible

4

Know your slashes

To craft a bad link, scammers need to use unicode characters U+2044 ⁄ and U+2215 ∕ in the link. They look slightly different to the correct slash /.

The correct slash is slightly longer and has a different angle. The bad slash is shorter and has a steeper angle.

/

Test a link

Feel free to check a link by entering it below

Made with ❤️ on a cozy weekend

Share this page. Tell your parents and friends. Bad files on your PC are bad times.

This page doesn’t track you. There are no ads.

Had a good time?

Further readings & sources

The dangers of Google’s .zip TLD
Zip Bombs
Supply Chain Attacks
Watering Hole Attacks