Are they just an issue with wefwef or trying to use an exploit
2 points
since .zip and .mov are recognizable file extensions, a url of the form google.com.docs.zelensky.zip could make people think that the domain is google.com pointing to a zip instead of the true domain, zelensky (dot) zip which probably would serve malicious content under that subdomain.