Saved in:
Bibliographic Details
Main Authors: Despotovic, Predrag, Mishra, Pranab, Rossel, Kevin, Avgetidis, Athanasios, Ma, Zane
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2604.04805
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917388290621440
author Despotovic, Predrag
Mishra, Pranab
Rossel, Kevin
Avgetidis, Athanasios
Ma, Zane
author_facet Despotovic, Predrag
Mishra, Pranab
Rossel, Kevin
Avgetidis, Athanasios
Ma, Zane
contents The namespace for filenames and DNS names has overlapped since the introduction of DNS in 1985: \texttt{.com} was the original binary format used for DOS and CP/M systems. Recently the introduction of gTLDs such as \texttt{.zip} and \texttt{.mov}, coupled with the growing prevalence of web resources, has ignited new concerns about potential issues related to DNS and filename confusion. Thus far, the discourse on DNS/filename confusion has been piecemeal and hypothetical, making it unclear what, if any, security concerns credibly exist. To address this gap, we provide the first enumeration of how DNS/filename confusion can be abused. We then perform the first empirical case studies of DNS/filename confusion in the wild, which highlights suspected confusion across a wide range of software. Finally, based on our preliminary findings, we provide suggestions and guidance for future research on this topic.
format Preprint
id arxiv_https___arxiv_org_abs_2604_04805
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Unpacking .zip: A First Look at Domain and File Name Confusion
Despotovic, Predrag
Mishra, Pranab
Rossel, Kevin
Avgetidis, Athanasios
Ma, Zane
Cryptography and Security
The namespace for filenames and DNS names has overlapped since the introduction of DNS in 1985: \texttt{.com} was the original binary format used for DOS and CP/M systems. Recently the introduction of gTLDs such as \texttt{.zip} and \texttt{.mov}, coupled with the growing prevalence of web resources, has ignited new concerns about potential issues related to DNS and filename confusion. Thus far, the discourse on DNS/filename confusion has been piecemeal and hypothetical, making it unclear what, if any, security concerns credibly exist. To address this gap, we provide the first enumeration of how DNS/filename confusion can be abused. We then perform the first empirical case studies of DNS/filename confusion in the wild, which highlights suspected confusion across a wide range of software. Finally, based on our preliminary findings, we provide suggestions and guidance for future research on this topic.
title Unpacking .zip: A First Look at Domain and File Name Confusion
topic Cryptography and Security
url https://arxiv.org/abs/2604.04805