IDNs or “International Domain Names” have been with us for a while now (see RFC3490[1]). They are (ab)used in many attack scenarios because.. it works! Who can immediately spot the difference between:
https://youtube.com/
And:
https://youtube.com/
The magic is to replace classic characters by others that look almost the same. In the example above, the letter “o” has been replaced by Greek character “o”.
If they are very efficient for attackers, they remain below the radar in many organizations. To avoid issues when printing unusual characters, Punycode[2] helps to encode them in plain characters. The example above will be encoded as:
xn--yutube-wqf.com
This format is based on:
“xn--“ : the common prefix for all IDNs requests.
“yutube.com”: The normal ASCII characters
“wqf” : The Punycode encoded version of the Unicode character
Python can decode them easily:
$ python3
Python 3.12.3 (main, Jan 8 2026, 11:30:50) [GCC 13.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> domain = "xn--yutube-wqf.com"
>>> decoded = domain.encode("ascii").decode("idna")
>>> print(decoded)
y?utube.com
>>> for c in decoded:
... print(f"{c} -> {ord(c)}")
...
y -> 121
? -> 1086
u -> 117
t -> 116
u -> 117
b -> 98
e -> 101
. -> 46
c -> 99
o -> 111
m -> 109
>>>
You can see the value of “o” is not “usual” (not in the ASCII range). They are plenty of online tools that can (de|en)code Punycode[3].
If not all IDNs are suspicious, they are not very common and deserve some searches in your logs. If you already collect your DNS resolver logs (I hope you do!), it’s easy to search for such domains:
$ grep "xn--" queries.log*
queries.log:19-Jan-2026 19:54:38.399 queries: info: client @0x999999999999 192.168.255.13#47099 (in.xn--b1akcbzf.xn--90amc.xn--p1acf): query: in.xn--b1akcbzf.xn--90amc.xn--p1acf IN A +E(0) (192.168.254.8)
queries.log:20-Jan-2026 04:38:25.877 queries: info: client @0x999999999999 192.168.255.13#49850 (in.xn--b1akcbzf.xn--90amc.xn--p1acf): query: in.xn--b1akcbzf.xn--90amc.xn--p1acf IN A +E(0) (192.168.254.8)
queries.log.0:18-Jan-2026 15:22:11.741 queries: info: client @0x9999999999 192.168.255.13#60763 (in.xn--b1akcbzf.xn--90amc.xn--p1acf): query: in.xn--b1akcbzf.xn--90amc.xn--p1acf IN A +E(0) (192.168.254.8)
queries.log.0:18-Jan-2026 17:27:23.127 queries: info: client @0x99999999999 192.168.255.13#44141 (in.xn--b1akcbzf.xn--90amc.xn--p1acf): query: in.xn--b1akcbzf.xn--90amc.xn--p1acf IN A +E(0) (192.168.254.8)
queries.log.0:18-Jan-2026 22:54:36.841 queries: info: client @0x99999999999 192.168.255.13#35963 (in.xn--b1akcbzf.xn--90amc.xn--p1acf): query: in.xn--b1akcbzf.xn--90amc.xn--p1acf IN A +E(0) (192.168.254.8)
The detected Punycode domain is decoded to:
Another good proof that DNS is a goldmine for threat hunting!
The Aida Youth Centre’s pitch sits next to the barrier separating the occupied West Bank from Israel
Israel has postponed the demolition of a Palestinian children’s football club in the city of Bethlehem, in the occupied West Bank.
It said the Aida Youth Centre’s pitch was constructed without the necessary permits.
It said the demolition was necessary for security reasons.
An international campaign to save it, including a petition with more than half a million signatures, appears to have forced the authorities to reconsider. The club, however, said it had not yet received any official notification.
It is barely a 10th of the size of a full-scale football field, there are patches of rust on the goalposts and, towering over the length of one of the touchlines, the architecture of conflict looms large in Israel’s concrete security barrier.
But while it may not rank high up among the world’s iconic sporting venues, this children’s football club has found itself at the centre of a hard-fought international campaign for its survival.
And despite the asymmetrical odds as it took on the Israeli state, that campaign appears – for now at least – to have worked.
The club has won a reprieve against the threat of demolition by the Israeli military, which claimed that the pitch was far too close to the barrier.
On the very northern edge of Bethlehem, construction of the pitch began in 2020 with the aim of providing a place to practise football for more than 200 young players from the nearby Aida refugee camp.
The cramped and crowded streets contain the homes of the descendants of Palestinian families who were forced or who fled from their homes during the 1948 Arab-Israeli war.
On 3 November last year, as the children made their short walk from the camp for that day’s training, they found a notice pinned to the gate of the football field declaring it to be illegal.
The notice was followed by a demolition order, issued at the end of December.
“We don’t have anywhere else to play, 10-year-old Naya told me, wearing a Brazil shirt with the name of the footballing legend Neymar emblazoned on the back.
“We are building our dreams here,” she said. “If they demolish our field, they will demolish our dreams.”
I asked another young player, Mohammed, what his reaction was when he heard the news that the club was earmarked for destruction.
“I was upset,” he told me. “This is a field I really care for.”
The community fought back, posting videos on social media, launching a petition attracting hundreds of thousands of signatures as well as the reported interventions of senior officials from some of football’s global and regional governing bodies.
In its latest statement, the Israeli military repeated its claim that the football pitch, built so close to the wall, posed a security issue.
But the BBC understands that a political decision has been made to postpone the demolition order “for the time being”.
Israel began building its concrete barrier in the early 2000s in the face of a wave of deadly suicide bombings and other attacks carried out by Palestinians which killed hundreds of Israelis.
It says it is vital for Israel’s protection and that it has dramatically cut the number of attacks.
Palestinians, however, say that it has become a tool of collective punishment, separating them from their workplaces, dividing their communities and effectively annexing parts of their land.
For them, the fight over the football pitch highlights a wider injustice.
While they are being denied the right to keep a small sporting facility on the boundary of one of their cities, Israel is approving vast new settlements across the occupied West Bank and which are considered illegal under international law.
The immediate threat may now have been averted for the football pitch.
But the club is taking nothing for granted.
Mohammad Abu Srour, one of the board members of the Aida Youth Centre, told me that they feared that the threat might come back when the club is out of the spotlight.
“We’re going to continue to campaign,” he told me.
Watch: BBC on the mood in Davos ahead of Trump’s arrival to the economic forum
President Donald Trump’s push to acquire Greenland has sparked a backlash from Republicans in Congress, as lawmakers voice growing concern about US military interventions overseas.
But it remains unclear if enough Republicans are willing to join Democrats to block a takeover of the island territory – and whether Trump would bow to pressure from Congress, or act alone as he’s done several times in a second term marked by growing American entanglements abroad.
The focus on Greenland has grown into a broader discussion over the Trump administration’s unilateral use of military force, along with diplomatic and economic coercion, to project power in Venezuela, Iran and elsewhere around the world.
Republicans have largely backed Trump’s foreign policy agenda since he returned to the White House. But now, a growing number are siding with Democrats in Congress and Nato allies who say a takeover of Greenland would violate US and international law.
In recent days, some Republican leaders have said there’s little interest in the US buying Greenland or seizing it through military force. Some Republican lawmakers have also joined Democrats in opposing a new plan by Trump to place tariffs on countries that don’t back his bid to acquire the territory, which is self-governed but controlled by Denmark.
The proposed tariffs would be “bad for America, bad for American businesses, and bad for America’s allies,” Senator Thom Tillis of North Carolina wrote on social media, adding that the move would benefit China and Russia. “It’s great for [Russian President Vladimir] Putin, [Chinese President] Xi [Jinping] and other adversaries who want to see Nato divided.”
Other Republicans said Trump’s ambition to annex Greenland was threatening to undermine the Nato alliance – to which both the US and Denmark belong – in a moment of growing tension between the US and European allies.
“Respect for the sovereignty of the people of Greenland should be non-negotiable,” Senator Lisa Murkowski, the co-chair of the Senate Arctic Caucus, said in a statement.
Trump has argued the US must own the territory to better compete with China and Russia in the Arctic, and has vowed to take it “one way or another”.
On Tuesday, the US president downplayed concerns that the issue was hurting Nato when asked by the BBC if he was willing to see the decades-old security alliance collapse as a consequence of his push for the territory. Trump reiterated his view that ownership of Greenland was critical for US and global security.
“We need [Greenland] for national security and even world security,” he said.
Watch: BBC asks if breakup of Nato is price Trump willing to pay for Greenland
But Trump’s insistence on obtaining the territory is increasingly unpopular on Capitol Hill.
Congress has some options to try to rein Trump in, if Republicans and Democrats do choose to pick a fight with the president over Greenland.
Congress has the power of the purse and in theory would have to approve funding used to buy Greenland, experts said. Denmark and Greenland have both insisted the island isn’t for sale.
“If Trump wants to buy Greenland it would require an act of Congress to provide the funds to do so,” said Daniel Schuman, the executive director of the American Governance Institute and an expert on congressional procedure. It’s unlikely that Congress could repurpose existing funding to buy the territory, Schuman added.
Still, the administration has expanded the use of executive power to enact Trump’s immigration and tariff agenda, among other issues. The administration might try to claim some new authority to seize Greenland that would allow it to overrule any roadblocks by Congress, Schuman said.
Lawmakers worried about a military incursion in Greenland have signalled support for measures prohibiting any US action without congressional approval. But it’s unclear if the proposals have enough Republican support to pass in either chamber of Congress.
Five Senate Republicans joined Democrats earlier this month to advance a bill that would have blocked the administration from taking further military action in Venezuela, following the attack in December that deposed former President Nicolás Maduro.
The Venezuela war powers resolution ultimately failed to get through the Senate. But it signalled mounting frustration from Republican and Democratic lawmakers with Trump’s use of military force abroad, after he ran in 2024 on a promise to reduce US involvement in foreign conflicts. Last week a bipartisan congressional delegation visited Denmark in a symbolic show of support for Greenland.
It’s also unclear how the Senate, which ratifies treaties, would respond if the US reached some sort of agreement with Denmark to take over part or all of Greenland.
The US has an existing arrangement with Denmark established in 1951 that allows the US to expand its military presence in Greenland. Murkowski and other Republicans have argued that the US doesn’t need to take over the territory to address national security needs in the region.
The Senate could try to thwart Trump by opposing a treaty between the US and Denmark, in the event the two nations reach an agreement. Treaties require two-thirds support in the Senate for ratification, which Republicans currently fall well short of.
Getty Images
Last week, a US bipartisan delegation which included Senator Lisa Murkowski (C) visited Denmark in a show of solidarity with the US ally
Some Republicans have already indicated that they’d consider breaking with Trump over Greenland. Senator Mitch McConnell of Kentucky, the former majority leader in the upper chamber of Congress, told reporters that a US takeover of the territory would “shatter the trust of allies”.
Faced with growing Republican concern over Greenland, Trump could look to strike a deal that falls short of a formal treaty and doesn’t require Senate approval. But it’s unclear if presidents have the authority to make such agreements without input from Congress, analysts said.
“Plenty of international agreements are concluded in forms other than treaties,” said Josh Chafetz, a professor at Georgetown Law, but “I’m sceptical that something of this magnitude could be concluded as a pure executive agreement.”
Trump did not say on Tuesday whether he believed he was constrained by anything in his pursuit of Greenland. Asked how far he was willing to go, Trump told reporters to stay tuned.
“I think something is going to happen that’s going to be very good for everybody,” Trump said.
Additional reporting by Kayla Epstein
‘We just want to be left alone’: Greenlanders on Trump’s takeover threats
