Investigating the Threat of Homoglyph Domains: An Analysis of Domain Mimicry

This paper investigates the existence of phishing websites with domain names that are visually similar to legitimate websites by replacing a single character in the original domain with a homoglyph. A program was developed to generate images of each valid character in domain names using a font commonly used in the address bar of the most popular web browser. The ResNet50 model was used to generate feature vectors for each character valid in the domain, and the cosine similarity percentage was calculated between all pairs of characters. A threshold value for the cosine similarity was chosen, and characters with similarities above the threshold were replaced. A total of 1241 fake domain names were generated by replacing a single character in the domain names of the 30 most visited websites in the world while preserving the original top-level domain (TLD), but the change in TLD was also done. Out of all these domains, 46.66% returned an HTTP status code. Manual analysis of websites with these domains found only one site with a similar domain name and website design. Additional results include domains for sale, empty websites, redirects to original sites, legitimate sites, and potentially dangerous sites.