The new ".zip" domain is being used almost solely for malware. Some of the clicks are very deceptive, even to technically knowledgeable people. See the attached image for an example.
You can block all zip domains with the following uBlock Origin rule:
||zip^
Tell everyone you know.
@suprjami
The slashes in the path part of the first url look different than the slashes in the scheme and everywhere in the second url. So my guess is that the first url is the malicious one.
I would have missed it if I hadn't been looking for a difference though. Thanks for the info.