Homograph & IDN phishing detection
That first domain uses a Cyrillic а (U+0430), not a Latin a. To your eyes they're identical. To a browser they're two completely different addresses. Paste a URL, email, or block of text below and this runs it through a character-by-character forensic check — entirely in your browser, nothing is sent anywhere.
01 — Inspector
Detects mixed Unicode scripts, known confusable characters, punycode (xn--) domains, invisible/zero-width characters, right-to-left override abuse, and near-matches to commonly spoofed brands.
02 — Generator
Turns a plain-ASCII domain or phrase into visually identical Unicode look-alikes, the same technique attackers use. Built for phishing-awareness training and testing your own filters against real homograph payloads.
03 — Reference
Pattern — Script mixing
Cyrillic, Greek, and Armenian all share letterforms with Latin — а, е, о, р, с, х look nearly identical to a, e, o, p, c, x. Swap one letter in a trusted domain and the address resolves somewhere else entirely, while still reading correctly to a human.
rnicrosoft.com — that's "r" + "n", not "m"Pattern — Punycode encoding
Browsers can't route non-ASCII domains directly, so they encode them as Punycode, prefixed with xn--. A domain shown to the user as a normal word is really this ASCII-safe encoding underneath. Some browsers auto-decode it in the address bar; others don't, especially in emails and chat apps.
Pattern — Invisible & override characters
Zero-width spaces and joiners can split a domain to dodge keyword filters. The right-to-left override character (U+202E) can flip the visual order of a filename or string, making invoice_gpj.exe display as invoice_exe.jpg. Both are invisible in most rendering and highly disproportionate red flags when found.