Homoglyph domain (IDN homograph)

How it works

Internationalized Domain Names (IDNs) allow non-Latin scripts. Attackers exploit this with homograph attacks: a domain that reads as "apple.com" may actually contain foreign characters. Behind the scenes the browser stores it as Punycode (xn--...), but to the eye it looks identical.

How it relates to brand impersonation

Homoglyph domains are among the hardest lookalikes for people to spot, which makes them potent for phishing and brand impersonation. The victim sees your exact brand name and has no reason to doubt it.

How nebty helps

nebty domain monitoring resolves Punycode and detects homoglyph and mixed-script registrations that target your brand, flagging them for review and on-demand takedown.

How to reveal a homoglyph domain

Because a homoglyph swaps a Latin letter for an identical-looking character from another script, you usually cannot catch it by eye. The reliable tells are technical. Modern browsers often display a suspicious internationalized domain in its Punycode form, the xn-- prefix, instead of the pretty version, so a domain that shows up as xn--ppal-... when you expected paypal is a red flag. You can also paste the URL into a tool that reports its Unicode code points and flags mixed scripts, like a Cyrillic character sitting inside otherwise Latin text. For a brand owner this cannot be a manual habit at scale, so monitoring has to resolve Punycode automatically and treat any registration that mixes scripts to imitate your name as high risk.

When you report one, include the decoded Punycode in the complaint, since it gives the registrar unambiguous proof that the name was built to imitate yours.