Homograph attack on domains with K

 Internationalized domain name (IDN) homograph attack is way a thirdparty may confuse users exploiting the fact that many characters may look alike. For example urls "https://bank.com" and "https://bаnk.com" are look as the same, but actually first url contains latin "a", the second cyrilic "а" which looks alike latin.  This characters are called "homoglyphs". You may find more homoglyphs at http://www.irongeek.com/homoglyph-attack-generator.php .

IDN can be represented as unicode url or punycode.

Basically you can't register domain names with homoglyphs. Try to register "bаnk.com" and request will be rejected, because this name contains cyrilic "а". IDN registration policy  not allow to mix latin and cyrilic letters. More details about restrictions you can find here and at iana.org.

In IDN latin table (which represent permitted code points (letters) allowed for Internationalised Domain Name registrations) exists very interesting character "*Kra*". This character looks (Κʻ / ĸ) U+0138. In lower case it is homoglyph for latin "k". And it is allowed to register domain names with this character.

For example I's able to register next domain "http://vĸ.com/".

I think this homoglyph character may cause a lot of phishing attacks on users. As PoC I provide few screenshots from Twitter and Skype. This links are looks very similiar to original and will confuse many users.

The best solution is remove (Κʻ / ĸ) U+0138 from permitted letters table for not allowing registration of such domains.


  1. Крутой домен.




    1. Ага, я этим выпуском Хакера и вдохновился, плюс видел пару репортов на H1 по этой теме

  2. But good solution is not believing site with k letter in it.

  3. I appreciate your hard work. Keep posting new updates with us. Thanks for all the useful insights.

    Fully dedicated

  4. Homographs were going to attack on some domains with the word of K that was available on many formats. If you bee dot get solution to make secure your domain just read my-assignment.help that have all the information on this that was up on this and it was good to have this.

  5. Transfer exchange and convert cryptocurrency withdraw Bitcoin to bank account in United States of America USA any bank like Jp morgan chase wells fargo.

  6. If you have strong mood to exchange your bitcoins with US dollars then you must try bitcoin price to USD for the time being and you will always want to rely upon us after your first experience. If you think dollar rate is higher nowadays and bitcoin exchange with dollar can benefit you at this hour then it will be of no use to waste your time. Anymore. Your financial success is just few steps away from you.

  7. You have shared a nice article about the domain name. Your service is very interesting and useful. I liked it. If anyone looking to buy domain name, then visit Best Personal Domain Name Generator

  8. Really it is very useful for us..... the information that you have shared is really useful for everyone. If someone wants to know about Employee Management Software and Safety Softwares I think this is the right place for you.


Post a Comment

Popular posts from this blog

Facebook Messenger server random memory exposure through corrupted GIF image