Blacklisting Google .mov and .zip TLDs
Google has made the .zip and .mov top-level domains available for public registration, and cybercriminals are already using them in phishing campaigns. It might be a good idea to block them all together for now: here are the steps for PiHole users.
Log into your PiHole admin interface
Click on the " RegEx filter" tab
In the "Regular Expression" field, write ^.*\.(zip|mov)$
Click on "Add to Blacklist"
![pihole-google-zip-mov-blocking](/_next/image?url=https%3A%2F%2Fres.cloudinary.com%2Fdbit9v7da%2Fimage%2Fupload%2Ff_auto%2Fq_auto%2Fv1684856101%2Fosr-dev%2Farticles%2Fpihole-google-zip-mov-blocking_jw64o8.jpg&w=1080&q=80)
Screenshot of the PiHole web interface at /admin/groups-domains.php
You can make sure the filtering is working by accessing somethingfishy.zip or notamoviefile.mov. If everything is setup correctly, you should get an ERR_ADDRESS_INVALID from your browser.
![chrome-invalid-address](/_next/image?url=https%3A%2F%2Fres.cloudinary.com%2Fdbit9v7da%2Fimage%2Fupload%2Ff_auto%2Fq_auto%2Fv1684857149%2Fosr-dev%2Farticles%2Fchrome-invalid-address_gxgp8p.jpg&w=1080&q=80)
Screenshot of Chrome's ERR_ADDRESS_INVALID error.
You should also see the following on your PiHole query logs:
![pihole-logs-mov-zip](/_next/image?url=https%3A%2F%2Fres.cloudinary.com%2Fdbit9v7da%2Fimage%2Fupload%2Ff_auto%2Fq_auto%2Fv1684856821%2Fosr-dev%2Farticles%2Fpihole-logs-mov-zip_uqoem8.jpg&w=1080&q=80)
Screenshot of the PiHole web interface at /admin/queries.php