Anyone who has invoice.zip on an email should see that as a clickable link if the url detection is right
Then for example you put a file on / of your domain that downloads a malicious .zip file
See where this is going?
And I don’t buy into .zip being made part of automatic URL detection in tools, for all the illegitimate reasons it’ll be used for. Vendors of email clients, messengers and chat applications tend to stick to a core of well-known TLDs.
Anyone who has invoice.zip on an email should see that as a clickable link if the url detection is right
Then for example you put a file on / of your domain that downloads a malicious .zip file
See where this is going?