Fake URL + Additional vectors for homograph attack

Hello! I would like to report about a new issue based on "@" character in URL. It shows user real URL but when he clicks "Proceed", he is redirected to another website. For example, it seems as normal HackerOne URL: [https://hackerone.com/bugs?team_id=0&sort_type=latest_activity&sort_direction=descending&state=open&limit=25&page=1&substates%5B%5D=new&substates%5B%5D=triaged&substates%5B%5D=resolved&substates%5B%5D=wont-fix&substates%5B%5D=not-applicable&substates%5B%5D=duplicate&substates%5B%5D=needs-more-info&substates%5B%5D=spam&text_query=&report_id=59426](https://hackerone.com ∕ bugs？team_id=0&sort_type=latest_activity&sort_direction=descending&state=open&limit=25&page=1&substates%5B%5D=new&substates%5B%5D=triaged&substates%5B%5D=resolved&substates%5B%5D=wont-fix&substates%5B%5D=not-applicable&substates%5B%5D=duplicate&substates%5B%5D=needs-more-info&substates%5B%5D=spam&text_query=&[email protected]) `Markdown: [https://hackerone.com/bugs?team_id=0&sort_type=latest_activity&sort_direction=descending&state=open&limit=25&page=1&substates%5B%5D=new&substates%5B%5D=triaged&substates%5B%5D=resolved&substates%5B%5D=wont-fix&substates%5B%5D=not-applicable&substates%5B%5D=duplicate&substates%5B%5D=needs-more-info&substates%5B%5D=spam&text_query=&report_id=59426](https://hackerone.com ∕ bugs？team_id=0&sort_type=latest_activity&sort_direction=descending&state=open&limit=25&page=1&substates%5B%5D=new&substates%5B%5D=triaged&substates%5B%5D=resolved&substates%5B%5D=wont-fix&substates%5B%5D=not-applicable&substates%5B%5D=duplicate&substates%5B%5D=needs-more-info&substates%5B%5D=spam&text_query=&[email protected])` But when You click "Proceed", You are getting redirected to http://google.com/home Here is shorter variant of this vulnerability: [http://google.com/home](http://google.com ⁄ [email protected]) `Markdown: [http://google.com/home](http://google.com ⁄ [email protected])` It is because modern browsers interpret this scheme like this "http://authorization_data@website", so, when You click on URL, they get You redirected to "http://website". Also, additionally to report #58612, here are new vectors that still allow to reproduce homograph attack: [http://google.com](http:\\/gоogle.com) `Markdown: [http://google.com](http:\\/gоogle.com)` [http://google.com](http:/\\/gоogle.com) `Markdown: [http://google.com](http:/\\/gоogle.com)` [http://google.com](http:gоogle%2Ecom) `Markdown: [http://google.com](http:gоogle%2Ecom)` Thanks!