Matt Hamilton published an article on Soluble.ai where he was able to register domains using homograph domain names on gTLDs (.com, .net, etc.) as well as subdomains within some SaaS companies using homoglyph characters. It’s the Unicode Latin IPA homoglyph that are the source of this.
Hamilton goes to great lengths to detail what he found, how he documented everything and the timeline for contacting Verisign and others to help fix the problem.
From the article:
Domain Names on gTLDs
At the time of writing, it was possible to register homographs of prominent domains using the Unicode Latin IPA Extension characters above. This applies to gTLDs run by Verisign (.com, .net, etc.). TLDs maintained by other providers were not tested as a part of this research.
To demonstrate impact for gTLDs and prevent registration by malicious third-parties, I registered the following domains using IPA Extension homoglyph characters:
amɑzon.com**
chɑse.com
sɑlesforce.com
ɡmɑil.com
ɑppɩe.com
ebɑy.com
ɡstatic.com
steɑmpowered.com
theɡuardian.com
theverɡe.com
washinɡtonpost.com
pɑypɑɩ.com
wɑlmɑrt.com
wɑsɑbisys.com
yɑhoo.com
cɩoudfɩare.com
deɩɩ.com
gmɑiɩ.com
gooɡleapis.com
huffinɡtonpost.com
instaɡram.com
microsoftonɩine.com
ɑmɑzonɑws.com**
ɑndroid.com
netfɩix.com
nvidiɑ.com
ɡoogɩe.com
Cost? ~$400. Value? Priceless.
Hamilton goes on to say these organizations can contact him and he will give them the domain name if they want it.
Read the full article here
Tip of the cap to Lox
