@ariadne it might be worth blacklisting the entire .zip TLD with something like pi-hole