Matt Hamilton published an article on Soluble.ai where he was able to register domains using homograph domain names on gTLDs (.com, .net, etc.) as well as subdomains within some SaaS companies using homoglyph characters. It’s the Unicode Latin IPA homoglyph that are the source of this.
Hamilton goes to great lengths to detail what he found, how he documented everything and the timeline for contacting Verisign and others to help fix the problem.
From the article:
Domain Names on gTLDs
At the time of writing, it was possible to register homographs of prominent domains using the Unicode Latin IPA Extension characters above. This applies to gTLDs run by Verisign (.com, .net, etc.). TLDs maintained by other providers were not tested as a part of this research.
To demonstrate impact for gTLDs and prevent registration by malicious third-parties, I registered the following domains using IPA Extension homoglyph characters:
Cost? ~$400. Value? Priceless.
Hamilton goes on to say these organizations can contact him and he will give them the domain name if they want it.
Read the full article here
Tip of the cap to Lox