You receive an email claiming to be an important security update notification from Trezor (a well-known hardware wallet brand). The link in the email appears to point to the official Trezor website, but it's actually a carefully disguised phishing site.
trẹzor.com
Appears to be the normal Trezor domain
What is Punycode?
Punycode is an encoding system that allows non-ASCII characters (like Cyrillic, Chinese, etc.) to be converted into ASCII characters for use in the domain name system. Attackers often use visually similar characters to create domains that appear legitimate.
For example, some special characters look almost identical to Latin letters, but they are different characters:
You can use Punycoder to convert between Unicode and Punycode domains.
Displayed Domain
Actual Punycode Domain
Description
trẹzor.com
xn--trzor-o51b.com
Uses special characters to replace some letters
Your Task
Identify the real official Trezor domain and the Punycode domain used by the phishing website.