The punycode version is the real domain name, in this case I think it’s likely down to Twitter/Facebook unless you can find examples where it’s not the case.
Showing the encoded domain rather than the raw domain does open up phishing attacks via domain masking so it would make sense that Twitter/Facebook err on the side of showing the real domain name rather than the encoded one.
Thanks for your answer, you are right. I did some tests and It has nothing to do with ghost… / anyway it would be nice to have the correct link in the fb post… bud it does not look like that this is possible…