IDN homograph checker

catch phishing lookalike domains · mixed-script & confusable detection

Paste a domain; the tool flags mixed-script labels and confusable characters (Cyrillic а vs Latin a, Greek ο vs Latin o, etc.).

Domain(s) — one per line

Punycode forms

Ready.

How to use

Paste the suspicious domain (or many, one per line).
The verdict appears in a coloured banner — Safe / Mixed scripts / Confusables detected.
The detail view lists each suspicious character: its Unicode codepoint, the script it belongs to, and the Latin lookalike it imitates.
Show Punycode displays the xn--… form — paste this into your address bar to see what browser tools would actually resolve.

What the verdicts mean

Safe — every label uses a single script (all Latin, or all Cyrillic, etc.). No confusables in the curated list.
Confusables detected — one or more characters look like Latin chars but aren't. Still single-script per label.
Mixed scripts — one label combines Latin with another script (Cyrillic, Greek, …). This is almost always phishing.

FAQ

Will this catch every phishing IDN?

The confusables list here is curated (the common Latin lookalikes) — it catches the high-frequency attacks. For an exhaustive check, run against ICU's full confusability database.

Are legitimate IDNs flagged?

Domains like bücher.de and мобильный.рф use a single non-Latin script per label and won't be flagged as mixed. They may show "confusables detected" if individual chars look like Latin ones — that's informational, not a phishing verdict.

How does the browser handle these?

Browser anti-spoofing rules: if a domain's Unicode form could be confused with another, the browser shows Punycode in the address bar. Different browsers have different policies.

What should I do with a flagged domain?

Don't click. Verify by typing the URL manually if you must visit. Report to the domain registrar or use a brand-protection service if it impersonates your brand.