“There’s no surefire way to detect either malicious Google ads or punycode-encoded URLs. Posting https://ķeepass.info into all five major browsers leads to the imposter site.”
Ah, yes. But, using Privacy Browser Android, the true punycode URL of https://xn--eepass-vbb.info/ is revealed.
That's a feature that should be coming to Privacy Browser PC soon.
A reminder that browsers should never try to simplify or hide the URL from the user.
@privacybrowser Firefox can show punycode by setting network.IDN_show_punycode = true
, but I agree that browsers should do that by default…