[viraptor]

That's not a great rule. What's different between `xn--gckvb8fzb.com` and `bobs-blog.com`? And why would a person hosting malicious payload use the first domain name?

If anything the `xn--....` is a indicating a non-malicious name, since anyone spoofing another service would go for a generic name or something slightly similar to "google", "microsoft", "paypal", etc.

(Unless you saw "マリウス" in the link - but that's a similar story - non-english character sets are completely valid and popular. They're not indicating malicious pages.)

[maccam94]

At one time it was a concern that malicious actors would spoof urls with unicode confusables. Chrome (and others, but unsure of the exact list) implemented restrictions on displaying unicode characters to try to prevent this: https://chromium.googlesource.com/chromium/src/+/main/docs/i...

[square_usual]

This has happened with phishing emails - we recently had one at my workplace. Chrome's spoofing protection really helped us out with that one as even if you didn't notice it in the mail, the big blaring xn-- was enough for most people to realise it was phishing.