URL Bar

Before I explain the details of the vulnerability, you should take a look at the proof-of-conceptPunycode makes it possible to register domains with foreign characters. It works by converting individual domain label to an alternative format using only ASCII characters. For example, the domain “xn--s7y.co” is equivalent to “短.co”.

https://www.xudongz.com/blog/2017/idn-phishing/