Block Punycode
Brett
Another example is xn--e1awd7f[.]com which decodes to еріс[.]com to the user. The real epic[.]com is a healthcare site. Users of Firefox will not know the difference until they land on the suspicious parked site. Some browsers are trying to block known bad punycode sites or at least not decode them. It's all very shady and I can't rely on my users to recognize this type of obfuscation. Please allow us to block all punycode domains as Scott requested in April of 2021.
Also, I request an option to block punycode TLD. There are 152 of them right now according to iana.org (data.iana.org/TLD/tlds-alpha-by-domain.txt ) I'm using the universal policy to block them for now but in a few years, who knows how many there will be. Would be a shame to fill my filter policy with nothing but Punycode TLD blocks.
Steve Staden
Merged in a post:
Block domains with Homoglyphs
Thomas
Request a category to block domains that have homoglyphs.
In most cases, these are threats.
All these Cs are different characters:
C c ϲ Ϲ С с Ꮯ Ⅽ ⅽ Cc
Only the one with the half serif looks visually different. Different ascii codes for each, so a malicious domain name can be set up with any of these.
This domain аррⅼе.ⅽоⅿ contains none of the correct characters.