Careful!
Example how a .zip phising link could look in webbrowser:
https://www.reddit.com∕r∕memes∕collections∕@dank-meme-collection-version.01x.zip
Or this one that looks like a legit download link from the Runelite Github page
https://github.com∕runelite∕launcher∕releases∕download∕0.1.x∕@runelite-client-version.01x.zip
Beware that any domain can be used this way, for example ".mov"
Want to learn more?
Check out: https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
List of registered .zip domains: https://github.com/trickest/zip/blob/main/zip-domains.txt