This is a proof of concept for hiding a .zip domain (newly released TLD) in a URL and tricking a browser to browse to a site a threat actor controls.
Don't worry, this is a test page and is not phishing but if you see it, please talk to your security team about the .zip domain.
Copy and paste this in your browser to trigger:
https://microsoft.com∕update∕tags∕@defender365.zip