Malicious Punycode Look-alike Domain

Punycode is a special encoding scheme for internationalized domain names, which makes it possible to register domains with foreign characters. It works by converting strings of Unicode (UTF-8) to American Standard Code for Information Interchange (ASCII) format. For example, the domain "xn--domain.com" is equivalent to "㯙㯜㯙㯟.com"

Using punycode, it's possible to register a domain like ‘xn--80ak6aa92e.com’, which clearly looks like ‘apple.com’ in the browser. This means that a user can be lead to a fake phishing website that simply appears to be “apple.com” because its registered in Unicode form. Such domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters. These domains then can be used for phishing attacks as the domain names can trick the users.

For further details, click the download button below!

Share this post

back to top