Homograph & IDN phishing detection

Most phishing links don't misspell anything.
They swap the alphabet: аpple.com ≠ apple.com

That first domain uses a Cyrillic а (U+0430), not a Latin a. To your eyes they're identical. To a browser they're two completely different addresses. Paste a URL, email, or block of text below and this runs it through a character-by-character forensic check — entirely in your browser, nothing is sent anywhere.

01 — Inspector

Check a URL, email, or any text

Detects mixed Unicode scripts, known confusable characters, punycode (xn--) domains, invisible/zero-width characters, right-to-left override abuse, and near-matches to commonly spoofed brands.

аpple.com (Cyrillic а) xn--pple-43d.com paypaI.com (capital i) github.com (clean)
0 / 100
Findings
Character breakdown

02 — Generator

Generate homograph text

Turns a plain-ASCII domain or phrase into visually identical Unicode look-alikes, the same technique attackers use. Built for phishing-awareness training and testing your own filters against real homograph payloads.

For defensive testing only. Use generated text to train staff, test spam/DNS filters, or demonstrate the attack in a security briefing — on domains and systems you're authorized to test. Registering or sending a homograph domain to deceive someone is fraud in most jurisdictions.

03 — Reference

Three patterns behind almost every homograph attack

Pattern — Script mixing

Borrowing a letter from another alphabet

Cyrillic, Greek, and Armenian all share letterforms with Latin — а, е, о, р, с, х look nearly identical to a, e, o, p, c, x. Swap one letter in a trusted domain and the address resolves somewhere else entirely, while still reading correctly to a human.

rnicrosoft.com — that's "r" + "n", not "m"

Pattern — Punycode encoding

The wire format gives it away — if you look

Browsers can't route non-ASCII domains directly, so they encode them as Punycode, prefixed with xn--. A domain shown to the user as a normal word is really this ASCII-safe encoding underneath. Some browsers auto-decode it in the address bar; others don't, especially in emails and chat apps.

xn--pple-43d.com — decodes to "аpple.com"

Pattern — Invisible & override characters

Characters that render as nothing, or reverse direction

Zero-width spaces and joiners can split a domain to dodge keyword filters. The right-to-left override character (U+202E) can flip the visual order of a filename or string, making invoice_gpj.exe display as invoice_exe.jpg. Both are invisible in most rendering and highly disproportionate red flags when found.

docu​ment.pdf — contains a zero-width space