Show IDN punycode in Firefox to avoid phishing URLs

Mattias Geniar, Monday, February 19, 2018

Pop quiz: can you tell the difference between these 2 domains?

Both host a version of the popular crypto exchange Binance.

The second image is the correct one, the first one is a phishing link with the letter 'n' replaced by 'n with a dot below it' (U+1E47). It's not a piece of dirt on your screen, it's an attempt to trick you to believe it's the official site.

Firefox has a very interesting option called IDN_show_punycode. You can enable it in about:config`.

Once enabled, it'll make that phishing domain look like this:

Doesn't look that legit now anymore, does it?

I wish Chrome offered a similar option though, could prevent quite a few phishing attempts.


Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!


Paolo Priotto Tuesday, February 20, 2018 at 14:21 - Reply

1. If I visit that web site with Firefox, I get a warning saying “Fraud Website blocked – warning provided by Google Safe Browsing”
2. According to, Firefox should have sane defaults for when to fall back to punycode (apparently the “dot below n” is considered discriminating enough).

Leave a Reply

Your email address will not be published. Required fields are marked *