I □ UNICODE!

This simple site demonstrates the complexities of Unicode in DNS hostnames. Since DNS is an inherently US ASCII-only protocol, RFC 3492 defines Punycode and Internationalized Domain Names (IDNs) as an encoding mechanism to express the entirety of the Unicode space within the US ASCII character set.

If you look in your browser's address bar, the site you've accessed is

https://harıbo.com

However, if you examine the DNS traffic generated during the request for this site, you'd see the following query:

xn--harbo-p4a.com

This is important for several reasons relevant to Digital Forensic and Incident Response professionals: Most importantly, attackers use homoglyphs that visually look like familiar characters to trick users into trusting malicious links. Secondly, without the knowledge of Punycode or IDNs, the presence of seemingly nonsense hostnames starting with xn-- might seem immediately suspicious. While these hostnames can be used for malicious purposes, there are far more benign and legitimate uses across the Internet in general.

If you'd like to experiment with other Punycode examples, see the Punycode Converter at charset.org.