Pages:
Author

Topic: Punycode Phishing attacks - how to stay safe - Spoofed URLs and fake websites! - page 3. (Read 1175 times)

legendary
Activity: 2576
Merit: 1655
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
I activated the Punycode config change on Firefox mentioned in the OP some months ago, and have seen it at work once in my day to day when it displayed a weird looking url that was impersonating another one. I’m pretty vigilant on what I do, but even so, stuff like this can slip under the radar if one is not extremely careful. Strange that Firefox requires a manual override; most people will not perform it due to lack of awareness.

I tried to see if I could locate some stats on punycode being used on phishing sites, bute the closest I managed to retrieve is this (see https://www.infosecurity-magazine.com/news/fake-homograph-domains-iincrease/):
Quote
Its research around IDN lookalike domain names (also called Homographs) over a 12-month period focused on 466 top global brands across 11 vertical sectors. From this, it found 8000 IDN Homographs representing or containing a top global brand name, and 91% offering some sort of webpage and “clear violations of the ICANN Guidelines for the Implementation of Internationalized Domain Names.”
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
So if I understood it correctly every browser displayed a warning that the site might be a fake one. But Chrome, Firefox and Opera actually displayed the fake apple.com site in their address bar?
I assume changing the punnycode settings would be enough for the real address to be displayed by Firefox, that just leaves Chrome and Opera showing the fake apple.com site in the address bar.
It does not right, because browsers only show Warning if there are people reported those fake sites to them, and their team verified those reports and took actions.
In general, people have to secure their devices and their accounts by themselves by being as careful as possible.
Relying on supports from browers and community's reports are too late to protect them from threats, and attackers might steal their money in minutes.
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
So if I understood it correctly every browser displayed a warning that the site might be a fake one. But Chrome, Firefox and Opera actually displayed the fake apple.com site in their address bar?

Yes, you are correct and these browsers are still vulnerable. This is clear to see on the post I quoted above in OP with the fake Binance web page.

I will try to find additional information about these vulnerable browsers and maybe provide a solution if there is any and I will be able to find them.

I assume changing the punnycode settings would be enough for the real address to be displayed by Firefox...

Exactly is enough to adjust the settings in FF:

...that just leaves Chrome and Opera showing the fake apple.com site in the address bar.

Google has already fixed this issue in Chrome Canary 59, and a permanent fix is from Chrome Stable 58.

As I said already I will do a research today and try to find solutions for vulnerable browsers and publish here in the thread.
legendary
Activity: 2730
Merit: 7065
So if I understood it correctly every browser displayed a warning that the site might be a fake one. But Chrome, Firefox and Opera actually displayed the fake apple.com site in their address bar?
I assume changing the punnycode settings would be enough for the real address to be displayed by Firefox, that just leaves Chrome and Opera showing the fake apple.com site in the address bar.
full member
Activity: 236
Merit: 117
Nice and informative article @wwzsocki. I found an article where it says how to avoid Punycode attacks and also who all are affected by that. I would like to include that here. Some of the examples of Punycode attacks with big brands -






Check the 7 Ways to avoid a Punycode attack -

  • Be cautious if the site presses you to do something quickly. This is a classic strategy by hackers to rush their potential victims so that they are less likely to notice anything suspicious. Often they will offer a ‘limited time only’ deal, and make it difficult to exit the page with ‘are you sure you want to exit’ pop ups: these are all tactics to make you stay on their site longer and give them your details.
  • If you are being offered a deal, go to the original company site and check if it’s available there as well, if not it’s mostly likely a scam doing it’s best to mimic the established brand and trick visitors into handing over their details.
  • If some of the letters in the address bar look weird, or the website design looks different, rewrite it or visit the original company URL in a new tab to compare. The letters in the address bar looking strange is a key indicator that punycode is being used to trick you into thinking you are visiting a well-established brand site when in fact you are being taken to a malicious site.
  • Use a password manager; this reduces the risk of pasting passwords into dodgy sites.
  • Force your browser to display Punycode names, this option is available in Firefox.
  • Click on the padlock to view and inspect the HTTPS certificate.
  • Use a mobile security solution and artificial intelligence to monitor all data traffic and to detect and block phishing links.


Source: Punycode attacks - the fake domains that are impossible to detect
legendary
Activity: 2310
Merit: 4085
Farewell o_e_l_e_o
You actually spent significant amount of time to make the thread, that gives some information I did not know.
Despite there are some powerful built-in features from Browsers like Firefox to protect users when they modify some options, I think you should leave an important warning for all crypto enthusiasts.
"Always keep your computer screen as clean as possible"
Because it will help you to see strange dot (.) or anything else like that. One does not clean their computer screen, by hands or by special cleaning solvent spray might be more easily to fall in to traps of Punny codes. They will don't realize strange 'minor' things on computer screen, between 'punny' dots and real dust.
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
UPDATED 1.12.2024

Punycoder - Punycode converter or an IDN converter, a tool for Punycode to Text/Unicode and vice-versa conversion.


Punycode - system for converting words that can't be written in ASCII (American Standard Code for Information Interchange), such as in Ancient Greek the phrase ΓNΩΘIΣEAYTON, once converted into ASCII characters, looks like this: xn--mxadglfwep7amk6b. This conversion system allows International Domain Names (IDNs), which include non-ASCII characters, to be displayed using only the Roman letters A to Z, the digits 0 to 9 and the hyphen (-) character.

Punycode is useful, because the world-wide Domain Name System (DNS), which turns readable server names into computer-friendly network numbers, can only recognize limited subset of ASCII characters in domain names. Some of the letters in the Roman alphabet are the same shape as letters in the Greek and other alphabets. Examples are the letters I, E, A, Y, T, O, and N.



A malicious site can imitate a legitimate URL and display it which leaves us with very few ways to tell if we are being tricked by an imposter. Attackers who trick people into loading the fake page can easily obtain personal information because the site is an exact copy of original one.

Many years ago, the Internet Corporation for Assigned Names and Numbers (ICANN) allowed non-ASCII (Unicode) characters to be included in web domains. It didn't take long for them to realize that this decision was going to cause problems. Certain characters from different languages can be confused for Unicode since they look the same when displayed in a browser. This is used as a tool by cybercriminals to spoof URLs and target unsuspecting victims.



To counteract the issue, ICANN developed Punycode as a way of specifying actual domain registrations by representing Unicode within the limited character subset of ASCII used for internet hostnames. The idea was that browsers would first read the Punycode URL and then transform it into displayable Unicode characters inside the browser.

However, just like with Unicode, Punycode could also hide phishing attempts, using characters found in different languages. To combat this, Web browser vendors introduced add-on filters to render URLs as Punycode, instead of Unicode, if they contained characters from different languages.

Punycode Problems

By default, many web browsers use Punycode encoding to represent Unicode characters in the URL to defend against Homograph phishing attacks (where the website address looks legitimate, but is not, because a character or characters have been replaced deceptively with Unicode characters).

For example, the Chinese domain "短.co" is represented in Punycode as "xn--s7y.co" and the German city of "München" becomes in the Punycode "xn--mnchen-3ya" because the letter ü is not available in English. There are quite a few Unicode characters represented in alphabets such as Greek, Cyrillic, and Armenian, which look almost identical to Latin letters at a glance but are treated very differently by computers when resolving the different web addresses.

Homograph attacks - extremely difficult to detect based on their deployment method. Some of these steps will also protect you from other types of online attacks as well.

Example of Punycode Phishing (Homograph) attack:

The most tricky phising website i've heard was this one. Looks like Binance.com but there are no "n". This is strange n with dot at the bottom.


source
How to deal with such a phishing address? Those dots are almost unnoticeable.

Another great example of Punycode Homograph Phishing attack. This time Poloniex exchange is targeted. Just look at how similar it looks compared to the original page.



Difference between original page and malicious one is that the hacker misspelled the phrase "Sign in" as "Sing in" a couple of times.

also different in this attack is that the SSL certificate is shown as valid:



Not all browsers are vulnerable

Of all the browsers tested, three rendered the page using Unicode characters, as appӏe.com. These are Chrome, Firefox, and Opera.



Other browsers, such as Edge, Internet Explorer, Safari, Vivaldi, and Brave, did not render the page using Unicode characters and displayed the Punycode URL. There's a filter that checks if the Punycode URL is in the same character set as the user's default OS settings.



Google has already fixed this issue in Chrome Stable 58.

Preventing Homograph Phishing Attacks in Firefox

Firefox users can complete the following steps to manually apply temporary protection against Punycode Phishing (Homograph) attacks:

  • Open a new tab in Firefox
  • Type about:config in address bar and press Enter.
  • Click the I accept the risk! button.
  • Type Punycode in the search bar.
  • A Preference Name titled: IDN_show_punycode will be displayed Right-Click and select Toggle to change the Value field from False to True.
  • Close the about:config tab.

  • Set Firefox to display Punycode names. See steps above for changing the about: config settings in Firefox.
  • Click on the padlock to display the HTTPS certificate. This will show the domain name that the certificate was issued in ASCII-only format. If the name starts with xn it is a Punycode domain, no matter what it looks like in the address bar
  • Check the legitimacy of URLs by copying them out of the web browser and pasting them into a text editor. A spoofed URL only appears legitimate, but it actually uses an address beginning with www.xn-- which will be revealed for what it actually is once taken outside the browser?s address bar.
  • Use a Password Manager. The software will automatically enter in your login credentials for the actual domains they are linked to,
  • Always manually type website URLs in the address bar for important sites like Gmail or banking websites, instead of clicking any link from a website or email.

Suspected Facebook phishing website, another Punycode Homograph Phishing attack.



This time is much easier to see that something is wrong with these Facebook pages, even for an untrained eye, because both of the SSL certificates are bad and displayed in red.



I hope that all these examples will help to identify Punycode phishing attacks. One has to check everything three times to be safe online today, there are no shortcuts. This is very scary and I already have been on such malicious websites, only thanks to my password manager and other tools I was able to identify them soon enough but to be honest nobody is safe. I see hackers getting better and more greedy every day.

Look at the list I gathered, with already known Punycode websites, for sure this is only a small percentage of what exists already. We have to imagine that every day hundreds of new phishing websites are created and we have to do all what possible to protect ourselves.

...Check the 7 Ways to avoid a Punycode attack

  • Be cautious if the site presses you to do something quickly. This is a classic strategy by hackers to rush their potential victims so that they are less likely to notice anything suspicious. Often they will offer a ‘limited time only’ deal, and make it difficult to exit the page with ‘are you sure you want to exit’ pop-ups: these are all tactics to make you stay on their site longer and give them your details.
  • If you are being offered a deal, go to the original company site and check if it’s available there as well, if not it’s most likely a scam doing it’s best to mimic the established brand and trick visitors into handing over their details.
  • If some of the letters in the address bar look weird, or the website design looks different, rewrite it or visit the original company URL in a new tab to compare. The letters in the address bar looking strange are a key indicator that Punycode is being used to trick you into thinking you are visiting a well-established brand site when in fact you are being taken to a malicious site.
  • Use a password manager; this reduces the risk of pasting passwords into dodgy sites.
  • Force your browser to display Punycode names, this option is available in Firefox.
  • Click on the padlock to view and inspect the HTTPS certificate.
  • Use a mobile security solution and artificial intelligence to monitor all data traffic and to detect and block phishing links.

Punycode Domain Detection - developed by Phish.ai and released as Google Chrome extension that can detect when users are accessing domains spelled using non-standard Unicode characters and warn about the potential of a homograph attack.





Punycoder - Punycode converter or an IDN converter, tool for Punycode to Text/Unicode and vice-versa conversion.

Service called Gluee with multiple tools for webmasters and developers.


https://www.gluee.com/tools/

First one called Punycoder is a tool that converts text with special characters (UNICODE) to the Punycode encoding (just ASCII) and vice versa.

This is tool to check all suspicious Phishing Punycode URLs. Just copy and paste the needed link.


https://www.punycoder.com/



DON'T USE ANY OF THESE LINKS - MALICIOUS WEBSITES!!!

List of already known Punycode Phishing URLs:

ns1.xn--aobe-l6b.com.                 -->        ns1.aɗobe.com.
ns2.xn--aobe-l6b.com.                 -->        ns2.aɗobe.com.
mail.xn--adoe-x34a.com.               -->    mail.adoḅe.com.
xn--adob-yva.com.                     -->    adobė.com.
xn--adoe-x34a.com.                    -->    adoḅe.com.
xn--aobe-qua.com.                     -->    aďobe.com.
xn--dobe-p5b.com.                     -->    ɑdobe.com.

APPLE

mail.xn--pple-zna.com.                -->        mail.?pple.com.
ns1.xn--appl-ou5a.com.                -->        ns1.applẹ.com.
ns2.xn--appl-ou5a.com.                -->        ns2.applẹ.com.
www.xn--le-m1aa24e.com.               -->        www.ɑƿƿle.com.
www.xn--pple-9na.cf.                  -->        www.âpple.cf.
www.xn--ppl-hla7b.cf.                 -->        www.âppl?.cf.
xn--ppl-hla7b.cf.                     -->        âppl?.cf.
www.xn--app-mra30o.com.               -->        www.appɩė.com.
xn--aple-csa.com.                     -->        ap?le.com.
xn--appl-8va.com.                     -->        applę.com.
xn--appl-yva.com.                     -->        applė.com.
www.xn--le-m1aa24e.com.               -->        www.ɑƿƿle.com.

AMAZON

www.xn--amazo-7l1b.com.               -->        www.amazoṇ.com.
www.xn--amazo-vl1b.com.               -->        www.amazoṅ.com.
www.xn--amzon-ucc.com.                -->        www.amȧzon.com.
www.xn--mazon-2qa.de.                 -->        www.âmazon.de.
www.xn--mazon-2qa.eu.                 -->        www.âmazon.eu.
www.xn--mazon-wqa.com.                -->        www.ámazon.com.
www.xn--mzn-plab3i.com.               -->        www.ämäzön.com.
xn--amaon-6y1b.com.                   -->        amaẓon.com.
xn--amaon-7hb.com.                    -->        amaźon.com.
xn--amazo-sta.com.                    -->        amazo?.com.
xn--amazo-vl1b.com.                   -->        amazoṅ.com.
xn--amzon-sqa.com.                    -->        am?zon.com.
xn--amzon-ucc.com.                    -->        amȧzon.com.

BANK OF AMERICA

www.xn--bakofamerica-qfc.com.         -->        www.baŋkofamerica.com.
mail.xn--bnkofmeric-q5aef.com.        -->    mail.bänkofämericä.com.
secure.xn--bakofamerica-qfc.com.      -->    secure.baŋkofamerica.com.
www.xn--ankofamerica-70c.com.         -->    www.ƅankofamerica.com.
www.xn--bakofamerica-qfc.com.         -->    www.baŋkofamerica.com.
www.xn--banofamerica-p7b.com.         -->    www.banĸofamerica.com.
www.xn--bnkofamerica-pob.com.         -->    www.bąnkofamerica.com.
www.xn--bnkofmeric-ggeef.com.         -->    www.bɑnkofɑmericɑ.com.
www.xn--bnkofmeric-q5aef.com.         -->    www.bänkofämericä.com.
xn--ankofamerica-70c.com.             -->    ƅankofamerica.com.
xn--bakofamerica-qfc.com.             -->    baŋkofamerica.com.
xn--banofamerica-p7b.com.             -->    banĸofamerica.com.
xn--bnkofamerica-pob.com.             -->    bąnkofamerica.com.
xn--bnkofmeric-ggeef.com.             -->    bɑnkofɑmericɑ.com.
xn--bnkofmeric-q5aef.com.             -->        bänkofämericä.com.

BITTREX

xn--bitrex-rkb.com.                   -->        bitţrex.com.
xn--bittex-zx7b.com.                  -->        bittṛex.com.
xn--bittrx-7ua.com.                   -->        bittr?x.com.
www.xn--bitrex-rkb.com.               -->        www.bitţrex.com.
www.xn--bittrx-7ua.com.               -->        www.bittr?x.com.
xn--ittrex-hrb.com.                   -->        ƅittrex.com.
www.xn--ittrex-hrb.com.               -->        www.ƅittrex.com.
xn--bttx-vpa4unq.com                  -->        bíttŕēx.com
CISCO

xn--csco-lza.com.                     -->        cısco.com.
xn--csco-qpa.com.                     -->        c?sco.com.
xn--csco-vpa.com.                     -->        císco.com.
xn--n1afa3fe.net.                     -->        cisco.net.

COINBASE

xn--cinbase-10a.com.                  -->         c?inbase.com.
xn--cinbase-90a.com.                  -->         cöinbase.com.
xn--cinbase-d0a.com.                  -->         c?inbase.com.
xn--cinbase-t0a.com.                  -->         côinbase.com.
xn--coibase-6za.com.                  -->         coi?base.com.
xn--coibase-r13c.com.                 -->         coiṇbase.com.
xn--coinbae-fqb.com.                  -->         coinbaşe.com.
xn--coinbas-8xa.com.                  -->         coinbas?.com.
xn--coinbas-pya.com.                  -->         coinbas?.com.
xn--coinbas-z8a.com.                  -->         coinbasė.com.
xn--coinbse-9wa.com.                  -->         coinbäse.com.
xn--coinbse-lwa.com.                  -->         coinbáse.com.
xn--conbase-0ya.com.                  -->         co?nbase.com.
xn--conbase-feb.com.                  -->         coīnbase.com.
xn--conbase-hza.com.                  -->         coînbase.com.
xn--conbase-pza.com.                  -->         co?nbase.com.
xn--conbase-sfb.com.                  -->         coınbase.com.
xn--oinbase-l5a.com.                  -->         ĉoinbase.com.
xn--oinbase-txa.com.                  -->         çoinbase.com.

CREDIT SUISSE

xn--crditsuisse-cbb.at.               -->         créditsuisse.at.
xn--crditsuisse-cbb.ch.               -->         créditsuisse.ch.
xn--crditsuisse-cbb.com.              -->         créditsuisse.com.
xn--crditsuisse-cbb.de.               -->         créditsuisse.de.
xn--crditsuisse-cbb.dk.               -->         créditsuisse.dk.
xn--crditsuisse-cbb.eu.               -->         créditsuisse.eu.
xn--crditsuisse-cbb.net.              -->         créditsuisse.net.
xn--crdit-suisse-ceb.at.              -->         crédit-suisse.at.
xn--crdit-suisse-ceb.ch.              -->         crédit-suisse.ch.
xn--crdit-suisse-ceb.com.             -->         crédit-suisse.com.
xn--crdit-suisse-ceb.de.              -->         crédit-suisse.de.
xn--crdit-suisse-ceb.dk.              -->         crédit-suisse.dk.
xn--crdit-suisse-ceb.net.             -->         crédit-suisse.net.
xn--credit-sisse-klb.com.             -->         credit-süisse.com.

EBAY

xn--bay-ema.com.                      -->         ?bay.com.
xn--eby-fla.com.                      -->         ebáy.com.
xn--eby-bla.com.                      -->         eb?y.com.
xn--eby-hsb.com.                      -->         ebɑy.com.
xn--eby-jla.com.                      -->         ebây.com.
xn--80aj7b8a.com.                     -->         eьay.com.

FACEBOOK

www.xn--acebook-js3c.com.             -->         www.ḟacebook.com.
www.xn--acebook-w1b.net.              -->         www.?acebook.net.
www.xn--aceook-dg7b2i.com.            -->         www.ḟaceḃook.com.
xn--acebook-js3c.com.                 -->         ḟacebook.com.
xn--aceook-dg7b2i.com.                -->         ḟaceḃook.com.
xn--faboo-5xa8ftm.eu.                 -->         faċėbooķ.eu.
xn--fabook-qva9w.eu.                  -->         faċëbook.eu.
xn--facboo-k4a3x.eu.                  -->         facėbooķ.eu.
xn--facbook-4xa.com.                  -->         fac?book.com.
xn--facbook-lya.fr.                   -->         fac?book.fr.
xn--facbook-v8a.eu.                   -->         facėbook.eu.
xn--facebok-50a.fr.                   -->         faceb?ok.fr.
xn--facebok-60a.tk.                   -->         facebo?k.tk.
xn--facebok-h0a.eu.                   -->         faceb?ok.eu.
xn--facebok-x0a.fr.                   -->         facebôok.fr.
xn--faceboo-jhb.com.                  -->         facebooĸ.com.
xn--faceboo-jhb.net.                  -->         facebooĸ.net.
xn--faceook-pm3c.com.                 -->         faceḅook.com.
xn--faebok-xua7j.fr.                  -->         façeboök.fr.
xn--faebook-35a.com.                  -->         faċebook.com.
xn--fcbook-w0a9l.eu.                  -->         fącėbook.eu.
xn--fcebook-8va.com.                  -->         f?cebook.com.
xn--fceboo-w0a91b.eu.                 -->         fącebooķ.eu.
www.xn--fabook-41a0h.eu.              -->         www.faċėbook.eu.
www.xn--fabook-xua89a.eu.             -->         www.façėbook.eu.
www.xn--facebok-60a.tk.               -->         www.facebo?k.tk.
www.xn--facebok-e1a.com.              -->         www.faceböok.com.
www.xn--facebok-h0a.fr.               -->         www.faceb?ok.fr.
www.xn--facebok-i0a.eu.               -->         www.facebo?k.eu.
www.xn--faceok-sg7bq0e.com.           -->         www.faceḅọok.com.
www.xn--faceook-1yb.com.              -->         www.faceƅook.com.
www.xn--faebook-35a.com.              -->         www.faċebook.com.
www.xn--faebook-64a.eu.               -->         www.faćebook.eu.
www.xn--fcebook-s3a.tk.               -->         www.fācebook.tk.
m.xn--80akppap2f62a.com.              -->         m.ғaceьooк.com.
xn--80akppap2f62a.com.                -->         ғaceьooк.com.

GOOGLE

www.xn--oole-9pb06e.com.              -->        www.ǥooɡle.com.
ww25.xn--gogle-uob.com.               -->        ww25.gơogle.com.
xn--ggle-lqaa.com.                    -->        g??gle.com.
xn--gogl-1nd42e.com.                  -->        google.com.
xn--gogle-7ta.com.                    -->        goôgle.com.
xn--gogle-jua.com.                    -->        göogle.com.
xn--gogle-kua.com.                    -->        goögle.com.
xn--gogle-uta.com.                    -->        g?ogle.com.
xn--gogle-vob.com.                    -->        goơgle.com.
xn--googl-n0a.com.                    -->        googlę.com.
xn--oogl-epa71n.com.                  -->        ǵooglé.com.
xn--oogle-v1a.xyz.                    -->        ġoogle.xyz.
xn--oole-9pb06e.com.                  -->        ǥooɡle.com.
www.xn--ggl-8la1ca.com.               -->        www.g??gl?.com.
www.xn--ggle-lqaa.com.                -->        www.g??gle.com.
www.xn--gogle-uta.com.                -->        www.g?ogle.com.
www.xn--googl-n0a.com.                -->        www.googlę.com.

KRAKEN

xn--80afhrc5a.com.                    -->    кгaкeп.com.
xn--krken-nra.com.                    -->    kr?ken.com.
xn--raken-gnb.com.                    -->    ƙraken.com.
xn--raken-n5a.com.                    -->    ķraken.com.

MICROSOFT

ww8.xn--mcrosoft-tkb.com.             -->        ww8.mıcrosoft.com.
www.xn--mcrosoft-c2a.es.              -->        www.mícrosoft.es.
windows.xn--mcrosoft-c2a.com.         -->    windows.mícrosoft.com.
ww8.xn--mcrosoft-tkb.com.             -->    ww8.mıcrosoft.com.
www.xn--icrosoft-g89c.com.            -->    www.ṃicrosoft.com.
www.xn--mcosoft-rfb211a.com.          -->    www.mıcɾosoft.com.
www.xn--mcrosof-7ya00i.com.           -->    www.mícrosofť.com.
www.xn--mcrosoft-21a.ch.              -->    www.m?crosoft.ch.
www.xn--mcrosoft-21a.com.             -->    www.m?crosoft.com.
www.xn--mcrosoft-21a.eu.              -->    www.m?crosoft.eu.
www.xn--mcrosoft-21a.fr.              -->    www.m?crosoft.fr.
www.xn--mcrosoft-9ib.com.             -->    www.mīcrosoft.com.
www.xn--mcrosoft-c2a.com.             -->    www.mícrosoft.com.
www.xn--mcrosoft-c2a.de.              -->    www.mícrosoft.de.
www.xn--mcrosoft-c2a.es.              -->    www.mícrosoft.es.
www.xn--mcrosoft-c2a.eu.              -->    www.mícrosoft.eu.
www.xn--mcrosoft-g80d.com.            -->    www.mịcrosoft.com.
www.xn--mcrosoft-l2a.com.             -->    www.mîcrosoft.com.
www.xn--mcrosoft-tkb.com.             -->    www.mıcrosoft.com.
www.xn--mcrosoft-tkb.de.              -->    www.mıcrosoft.de.
www.xn--mcrosoft-u2a.com.             -->    www.m?crosoft.com.
www.xn--microsft-03a.com.             -->    www.microsóft.com.
www.xn--microsft-9fd.com.             -->    www.microsȯft.com.
www.xn--microsot-ez9c.com.            -->    www.microsoḟt.com.
www.xn--microsot-x9b.com.             -->    www.microso?t.com.
www.xn--micrsoft-y3a.com.             -->    www.micrósoft.com.
xn--icrosoft-g89c.com.                -->    ṃicrosoft.com.
xn--mcosoft-rfb211a.com.              -->    mıcɾosoft.com.
xn--mcrosof-7ya00i.com.               -->    mícrosofť.com.
xn--mcrosoft-21a.ch.                  -->    m?crosoft.ch.
xn--mcrosoft-21a.com.                 -->    m?crosoft.com.
xn--mcrosoft-21a.eu.                  -->    m?crosoft.eu.
xn--mcrosoft-21a.fr.                  -->    m?crosoft.fr.
xn--mcrosoft-9ib.com.                 -->    mīcrosoft.com.
xn--mcrosoft-c2a.com.                 -->    mícrosoft.com.
xn--mcrosoft-c2a.de.                  -->    mícrosoft.de.
xn--mcrosoft-c2a.es.                  -->    mícrosoft.es.
xn--mcrosoft-g80d.com.                -->    mịcrosoft.com.
xn--mcrosoft-l2a.com.                 -->    mîcrosoft.com.
xn--mcrosoft-tkb.com.                 -->    mıcrosoft.com.
xn--mcrosoft-tkb.de.                  -->    mıcrosoft.de.
xn--mcrosoft-u2a.com.                 -->    m?crosoft.com.
xn--micosoft-i0d.com.                 -->    micɾosoft.com.
xn--microoft-l9c.com.                 -->    microșoft.com.
xn--microsft-03a.com.                 -->    microsóft.com.
xn--microsft-9fd.com.                 -->    microsȯft.com.
xn--microsof-eyb.com.                 -->    microsofť.com.
xn--microsof-hk0d.com.                -->    microsofṭ.com.
xn--microsot-ez9c.com.                -->    microsoḟt.com.
xn--microsot-x9b.com.                 -->    microso?t.com.
xn--micrsoft-y3a.com.                 -->    micrósoft.com.

NETFLIX

xn--etflix-vwa.com.                   -->        ?etflix.com.
www.xn--netflx-0va.com.               -->        www.netfl?x.com.
ns1.xn--ntflix-iva.com.               -->    ns1.n?tflix.com.
ns2.xn--ntflix-iva.com.               -->    ns2.n?tflix.com.
ww1.xn--etflix-vwa.com.               -->    ww1.?etflix.com.
ww35.xn--etflix-vwa.com.              -->    ww35.?etflix.com.
ww8.xn--etflix-vwa.com.               -->    ww8.?etflix.com.
www.xn--etflix-vwa.com.               -->    www.?etflix.com.
www.xn--netflx-0va.com.               -->    www.netfl?x.com.
www.xn--netflx-7va.com.               -->    www.netflíx.com.
www.xn--netflx-7va.eu.                -->    www.netflíx.eu.
www.xn--netflx-f9a.com.               -->    www.netflįx.com.
www.xn--netflx-mwa.com.               -->    www.netfl?x.com.
www.xn--netflx-t9a.com.               -->    www.netflıx.com.
www.xn--netlix-5tb.com.               -->    www.net?lix.com.
www.xn--ntflix-bva.com.               -->    www.nétflix.com.
www.xn--ntflix-i4a.com.               -->    www.nėtflix.com.
www.xn--ntflix-iva.com.               -->    www.n?tflix.com.
xn--etflix-vwa.com.                   -->    ?etflix.com.
xn--netflx-0va.com.                   -->    netfl?x.com.
xn--netflx-7va.com.                   -->    netflíx.com.
xn--netflx-7va.eu.                    -->    netflíx.eu.
xn--netflx-f9a.com.                   -->    netflįx.com.
xn--netflx-mwa.com.                   -->    netfl?x.com.
xn--netflx-t9a.com.                   -->    netflıx.com.
xn--netlix-5tb.com.                   -->    net?lix.com.
xn--ntflix-bva.com.                   -->    nétflix.com.
xn--ntflix-i4a.com.                   -->    nėtflix.com.
xn--ntflix-iva.com.                   -->    n?tflix.com.

NEW YORK TIMES

xn--nytmes-5va.com.                   -->    nytímes.com.
xn--nytmes-dwa.com.                   -->    nytîmes.com.
xn--nytmes-yk8b.com.                  -->    nytỉmes.com.
xn--nytmes-yva.com.                   -->    nyt?mes.com.
xn--ytimes-vwa.com.                   -->    ?ytimes.com.
POLONIEX

xn--polonex-3ya.com.                  -->       polon?ex.com.
xn--oloiex-yt7b2e.com.                -->   ṗoloṇiex.com.
xn--oloniex-c53c.com.                 -->   ṗoloniex.com.
xn--plonex-6va6c.com.                 -->   pôloníex.com.
xn--ploniex-l0a.com.                  -->   póloniex.com.
xn--polniex-ex4c.com.                 -->   polọniex.com.
xn--polniex-n0a.com.                  -->   polóniex.com.
xn--poloiex-s13c.com.                 -->   poloṇiex.com.
xn--polonex-cza.com.                  -->   poloníex.com.
xn--polonex-ffb.com.                  -->   polonįex.com.
xn--polonex-ieb.com.                  -->   polonīex.com.
xn--polonex-kza.com.                  -->   polonîex.com.
xn--polonex-sza.com.                  -->   polon?ex.com.
xn--polonex-vfb.com.                  -->   polonıex.com.
xn--polonex-zw4c.com.                 -->   polonịex.com.
xn--polonix-ws4c.com.                 -->   poloniẹx.com.
xn--polonix-y8a.com.                  -->   poloniėx.com.
xn--pooniex-ojb.com.                  -->   połoniex.com.

TWITTER

www.xn--twittr-7ua.tv.                -->        www.twitt?r.tv.
www.xn--twittr-mva.tv.                -->        www.twitt?r.tv.
www.xn--twittr-tva.net.               -->        www.twittër.net.
www.xn--twtter-4va.net.               -->        www.twítter.net.
xn--twtter-cwa.com.                   -->        twîtter.com.
xn--twtter-q9a.net.                   -->        twıtter.net.
xn--twttr-7raz.com.                   -->        tw?tt?r.com.
xn--e1azaa2a9b5b.com.                 -->        тшiттeя.com.

WALMART

xn--wlmart-ita.com.                   -->        w?lmart.com.
xn--walmrt-lta.com.                   -->        walm?rt.com.
xn--wlmart-bua.com.                   -->        wälmart.com.
xn--wlmart-ita.com.                   -->        w?lmart.com.
xn--wlmart-pta.com.                   -->        wálmart.com.

WELLSFARGO

xn--wellsfarg-3mc.com.                -->        wellsfargơ.com.
xn--wellsfarg-e7a.com.                -->        wellsfargó.com.
xn--wellsfarg-tl7d.com.               -->        wellsfargọ.com.
xn--wellsfrgo-51a.com.                -->        wellsfárgo.com.

YAHOO

news.xn--yah-inaa.es.                 -->        news.yahóó.es.
news.xn--yaho-7qa.biz.                -->        news.yahöo.biz.
news.xn--yaho-7qa.info.               -->        news.yahöo.info.
news.xn--yaho-8qa.biz.                -->        news.yahoö.biz.
news.xn--yaho-nqa.com.                -->        news.yah?o.com.
news.xn--yaho-sqa.es.                 -->        news.yahóo.es.
news.xn--yaho-tqa.es.                 -->        news.yahoó.es.
news.xn--yaho-tqa.org.                -->        news.yahoó.org.
news.xn--yah-unaa.biz.                -->        news.yahöö.biz.
news.xn--yah-unaa.info.               -->        news.yahöö.info.
test.xn--yaho-7qa.biz.                -->        test.yahöo.biz.
test.xn--yaho-7qa.de.                 -->        test.yahöo.de.
test.xn--yaho-8qa.biz.                -->        test.yahoö.biz.
test.xn--yaho-8qa.info.               -->        test.yahoö.info.
test.xn--yaho-sqa.org.                -->        test.yahóo.org.
test.xn--yaho-tqa.com.                -->        test.yahoó.com.
test.xn--yaho-tqa.es.                 -->        test.yahoó.es.
test.xn--yaho-tqa.org.                -->        test.yahoó.org.
test.xn--yaho-yqa.com.                -->        test.yahoô.com.
test.xn--yah-unaa.info.               -->        test.yahöö.info.
wp.xn--yah-inaa.org.                  -->        wp.yahóó.org.
wp.xn--yaho-7qa.biz.                  -->        wp.yahöo.biz.
wp.xn--yaho-7qa.de.                   -->        wp.yahöo.de.
wp.xn--yaho-8qa.biz.                  -->        wp.yahoö.biz.
wp.xn--yaho-8qa.de.                   -->        wp.yahoö.de.
wp.xn--yaho-8qa.info.                 -->        wp.yahoö.info.
wp.xn--yaho-nqa.com.                  -->        wp.yah?o.com.
wp.xn--yaho-tqa.org.                  -->        wp.yahoó.org.
wp.xn--yaho-yqa.com.                  -->        wp.yahoô.com.
ww8.xn--yaho-yqa.com.                 -->        ww8.yahoô.com.
www.xn--yah-inaa.es.                  -->        www.yahóó.es.
www.xn--yah-inaa.org.                 -->        www.yahóó.org.
www.xn--yaho-7qa.biz.                 -->        www.yahöo.biz.
www.xn--yaho-7qa.de.                  -->        www.yahöo.de.
www.xn--yaho-7qa.info.                -->        www.yahöo.info.
www.xn--yaho-8qa.biz.                 -->        www.yahoö.biz.
www.xn--yaho-8qa.info.                -->        www.yahoö.info.
www.xn--yaho-nqa.com.                 -->        www.yah?o.com.
www.xn--yaho-ogb.com.                 -->        www.yahoơ.com.
www.xn--yaho-tqa.com.                 -->        www.yahoó.com.
www.xn--yaho-tqa.es.                  -->        www.yahoó.es.
www.xn--yaho-x0b.com.                 -->        www.yahȯo.com.
www.xn--yah-unaa.biz.                 -->        www.yahöö.biz.
www.xn--yah-unaa.info.                -->        www.yahöö.info.
www.xn--yaoo-674a.com.                -->        www.yaḣoo.com.
www.xn--yaoo-6xa.com.                 -->        www.yaħoo.com.
xn--ahoo-4ra.com.                     -->        ýahoo.com.
xn--yah-inaa.es.                      -->        yahóó.es.
xn--yaho-7qa.biz.                     -->        yahöo.biz.
xn--yaho-7qa.info.                    -->        yahöo.info.
xn--yaho-8qa.info.                    -->        yahoö.info.
xn--yaho-nqa.com.                     -->        yah?o.com.
xn--yaho-ogb.com.                     -->        yahoơ.com.
xn--yaho-sqa.org.                     -->        yahóo.org.
xn--yaho-tqa.es.                      -->        yahoó.es.
xn--yaho-tqa.org.                     -->        yahoó.org.
xn--yaho-x0b.com.                     -->        yahȯo.com.
xn--yaho-yqa.com.                     -->        yahoô.com.
xn--yah-unaa.biz.                     -->        yahöö.biz.
xn--yah-unaa.info.                    -->        yahöö.info.
xn--yhoo-0na.com.                     -->        y?hoo.com.
xn--yhoo-loa.info.                    -->        yähoo.info.
xn--yho-qla5g.info.                   -->        yähöo.info.
xn--yho-qla6g.info.                   -->        yähoö.info.

WIKIPEDIA

xn--wiipedia-nmb.com.                 -->    wiĸipedia.com.
xn--wikipdia-50a.cat.                 -->    wikip?dia.cat.
xn--wikipdia-f1a.com.                 -->    wikipédia.com.
xn--wikipdia-f1a.net.                 -->    wikipédia.net.
xn--wikipdia-f1a.org.                 -->    wikipédia.org.
xn--wikipeda-81a.com.                 -->    wikiped?a.com.
xn--wikipeda-i2a.org.                 -->    wikipedía.org.
xn--wikpedia-e2a.org.                 -->    wikípedia.org.
xn--wkipeda-rfbf.com.                 -->    wıkipedıa.com.
xn--wkipedia-c2a.org.                 -->    wíkipedia.org.
xn--wkipedia-u2a.com.                 -->    w?kipedia.com.
xn--wkpedia-7yab.org.                 -->    wíkípedia.org.
xn--wkpedia-rfbb.com.                 -->    wıkıpedia.com.
xn--wkpedia-zyab.com.                 -->    w?k?pedia.com.

YANDEX

www.xn--yande-vx1b.com.               -->        www.yandeẋ.com.
www.xn--yanex-vb1b.com.               -->        www.yanḋex.com.
www.xn--yndex-0jc.com.                -->        www.yɑndex.com.
xn--yande-uze.ru.ru.                  -->        yandex.ru.ru.
xn--yndex-3wa.com.                    -->        yąndex.com.

YOUTUBE

xn--yotube-jnb.com.                   -->        yoűtube.com.
xn--youtub-nva.com.                   -->        youtub?.com.
xn--youtue-7g7b.com.                  -->        youtuḇe.com.
ww11.xn--yotube-jya.com.              -->        ww11.yo?tube.com.
ww43.xn--yotube-4ya.com.              -->        ww43.yoütube.com.
www.xn--yotube-4ya.com.               -->        www.yoütube.com.
www.xn--youtue-7g7b.com.              -->        www.youtuḇe.com.
www.xn--youube-kmc.com.               -->        www.youțube.com.
xn--outube-9ya.com.                   -->        ýoutube.com.
www.xn--outube-9s8b.com.              -->        www.ỳoutube.com.
www.xn--outube-9ya.de.                -->        www.ýoutube.de.
MISC: LUXURY BRANDS

www.xn--gucc-tpa.com.                 -->        www.gucc?.com.
xn--gucc-tpa.com.                     -->        gucc?.com.
xn--herms-7ra.com.                    -->        herm?s.com.
www.xn--herms-7ra.fr.                 -->        www.herm?s.fr.
www.xn--lousvuitton-qcb.com.          -->        www.louísvuitton.com.

MISC: SOCIAL PLATFORMS

xn--nstagram-11a.com.                 -->        ?nstagram.com.
xn--nstagram-skb.com.                 -->        ınstagram.com.
www.xn--nstagram-skb.com.             -->        www.ınstagram.com.
xn--istagram-7pb.com.                 -->        iņstagram.com.
www.xn--imgu-t4a.com.                 -->        www.imguŕ.com.
xn--imgr-sra.com.                     -->        imgúr.com.
xn--whatspp-lwa.com.          &n



article used as a source for information:
https://www.bleepingcomputer.com/news/security/chrome-extension-detects-url-homograph-unicode-attacks/
Pages:
Jump to: