Recently, some new gTLDs like .zip have been getting a lot of attention, with people pointing out how easily they can be used to mislead users. One the ways this can be done is to use the @ symbol and characters like ∕ (U+2215 DIVISION SLASH): https://download.kde.org∕stable∕krita∕5.1.5∕@kritax64515.zip The above URL leads to a domain called kritax64515.zip – what looks like a path on the download.kde.org domain to an unsuspecting user is merely the userinfo subcomponent of that URL. It is probably a good idea to try and detect this.