So we’re seeing homograph attacks again. Examples show how ‘apple.com’ and ‘epic.com’ can be mimicked by the use of Internationalized Domain Names (IDN) consisting entirely of unicode characters, i.e.
As I found myself looking for ways to discover domain names that could be used for phishing attempts, I created a Python script called Punicoder to do the hard work for me. See the screenshot below for example output, and try it out for yourself here.
Pro tip: use the following series of commands to find out if any of these domains resolve:
pieter@ubuntu:~$ python punicoder.py google.com | cut -d' ' -f2 | nslookup | grep -Pzo '(?s)Name:\s(.*?)Address: (.*?).Server' Name: xn--oogle-qmc.com Address: 220.127.116.11 Server Name: xn--gogl-0nd52e.com Address: 18.104.22.168 Server Name: xn--gogl-1nd42e.com Address: 22.214.171.124 Server Name: xn--oole-z7bc.com Address: 126.96.36.199 Server Name: xn--goole-tmc.com Address: 188.8.131.52 Server Name: xn--ggle-55da.com Address: 184.108.40.206 Server