Punycode / IDN converter

IDN ⇄ Punycode (xn--…) · with homograph check

Convert internationalized domain names to their ASCII Punycode form (and back) per label. Bonus: flags lookalike Unicode characters that could be phishing.

Domain (Unicode or Punycode) ASCII / Punycode form Unicode form

Ready.

How to use

Paste a domain — Unicode (e.g. пример.рф) or Punycode (e.g. xn--e1afmkfd.xn--p1ai).
Both forms appear in the output box at once.
The Homograph check panel flags any label that mixes scripts (e.g. Cyrillic а next to Latin a in аpple.com) and lists the suspicious characters.
Click any flagged char to see its Unicode codepoint and the Latin lookalike it imitates.

What counts as a homograph attack

Mixed-script labels — Latin + Cyrillic in the same word, e.g. аррӏе.com (the first а is U+0430).
Confusable singletons — Greek ο (U+03BF) instead of Latin o.
Whole-script swaps — entire IDN domain that visually mimics a Latin one. Browser security policies generally render these as Punycode in the address bar.

FAQ

Are all IDNs suspicious?

No. Legitimate IDNs (bücher.de, mañana.com) use one script per label. A domain with mixed scripts in a single label is almost always a phishing attempt.

Why does my browser show xn--… for some domains?

Browser anti-spoofing rules: if a domain's Unicode form could be confused with another, the browser shows Punycode in the address bar. Different browsers have different policies.

Does this register the domain or check WHOIS?

No — it only converts the string. Use a registrar lookup if you need ownership info.

Will this catch every homograph attack?

The confusables list here is a curated subset, not the full Unicode Confusables database — it catches the common Latin lookalikes. For exhaustive checks, run the domain against ICU's confusability tool.