What is Punycode and why does it matter?

Punycode is the encoding used to represent Unicode domain names in ASCII (e.g. for DNS). Browsers may show the Unicode form, so users see a familiar name while the underlying domain is different. We monitor both to catch abuse.

Which scripts do you cover?

We cover scripts commonly used in homograph abuse (e.g. Cyrillic, Greek, Armenian) and others that can be confused with Latin. Coverage can be extended for your brand and regions.

Do standard security tools catch IDN abuse?

Many filters and tools focus on exact or simple string matches. Homograph domains can slip through. We specialize in visual and normalized comparison so we catch lookalikes that others miss.

Can we block IDN homographs at the perimeter?

We provide detection and evidence. Blocking at email or web gateways depends on your infrastructure. We can share indicators and patterns that your security team can use in policies.

How do registrars handle IDN abuse reports?

Registrars that support IDN typically have abuse policies that apply to homograph and phishing use. We provide evidence in a form that supports those policies and help you escalate when needed.

IDN & Glyph Abuse Monitoring

Attackers use Unicode and IDN to create domains that look like yours but use different characters. We detect these homograph and glyph abuses that many tools miss.

The problem

IDN allows non-Latin characters in domain names. Attackers use characters that look like Latin letters (e.g. Cyrillic 'a' vs Latin 'a') to build homograph domains that bypass filters and fool users. Standard tools often miss them.

Homograph domains (e.g. Latin lookalikes using Cyrillic or Greek)
Punycode domains that render like your brand
Multi-script confusion across scripts
Visual rendering tricks that pass simple checks

What we do

Unicode character abuse detection
Punycode domain monitoring
Homograph attack identification
Multi-script confusion detection
Visual rendering analysis

How it works

1
Map your brand in multiple scripts
We identify how your brand could be represented with lookalike characters in other scripts. This defines the set we monitor.
2
Scan and normalize
We scan IDN and Punycode registrations and compare visual and normalized forms to your brand. Potential homographs are flagged.
3
Validate and evidence
Analysts confirm abuse and gather evidence. You get clear documentation for takedown or legal use.
4
Escalate and track
Use our takedown workflows for abusive IDN domains. We help you track status across registrars and registries.

Example: anonymized case snapshot

Vertical: Global technology brand

Threat: Homograph domains in multiple scripts used for phishing and impersonation

Action: IDN and glyph monitoring with evidence and registrar escalation

Outcome: Detection of homograph campaigns that other tools missed; faster takedown

Frequently asked questions

What is Punycode and why does it matter?
Punycode is the encoding used to represent Unicode domain names in ASCII (e.g. for DNS). Browsers may show the Unicode form, so users see a familiar name while the underlying domain is different. We monitor both to catch abuse.
Which scripts do you cover?
We cover scripts commonly used in homograph abuse (e.g. Cyrillic, Greek, Armenian) and others that can be confused with Latin. Coverage can be extended for your brand and regions.
Do standard security tools catch IDN abuse?
Many filters and tools focus on exact or simple string matches. Homograph domains can slip through. We specialize in visual and normalized comparison so we catch lookalikes that others miss.
Can we block IDN homographs at the perimeter?
We provide detection and evidence. Blocking at email or web gateways depends on your infrastructure. We can share indicators and patterns that your security team can use in policies.
How do registrars handle IDN abuse reports?
Registrars that support IDN typically have abuse policies that apply to homograph and phishing use. We provide evidence in a form that supports those policies and help you escalate when needed.

Explore further

Related industries

Resources

See how DomainHQ can help

Get a free risk assessment or talk to our team about your domain protection needs.

Request free assessment Contact sales