Homoglyph and IDN Homograph Attack Detection
A homoglyph is a character that looks identical or nearly identical to another character from a different script. The Cyrillic 'а' (U+0430) looks exactly like the Latin 'a' (U+0061) on screen. Attackers register domains using these look-alikes to create perfect visual copies of legitimate sites. Your browser may show 'apple.com' while you're actually on a Cyrillic-encoded domain.
Try it now
Character Inspector
Runs in your browser, nothing leaves your device.
Internationalized Domain Names (IDN) allow Unicode characters in domains. An attacker registers a domain where some or all Latin characters are replaced with visually identical Cyrillic, Greek, or other script characters. Modern browsers display a warning or show the punycode form (xn--...) for mixed-script domains, but pure single-script domains using only Cyrillic still display as readable text.
Inspect the Unicode code points of each character. If 'a' in a domain is U+0430 (Cyrillic) instead of U+0061 (Latin), it's a homoglyph. Check for mixed scripts in the same word, which is almost always an attack. Convert the domain to punycode (xn--) format to see the real encoding. Browser devtools show the actual URL in the address bar, but be aware that some browsers render IDN domains.
Examples
Cyrillic 'a' vs Latin 'a'
аpple.com (first char is U+0430 Cyrillic а)
Punycode: xn--pple-43d.com. Not apple.com.
Security context
Homoglyph attacks are one of the hardest phishing techniques to detect visually. The URLs look perfect to the human eye. This is why automated character inspection matters: tools can flag Unicode anomalies that humans cannot see.
Frequently asked
Most browsers show the punycode version (xn--...) when a domain mixes characters from different scripts. However, domains using a single non-Latin script may still display in their Unicode form. Chrome, Firefox, and Safari each have slightly different policies for when to show punycode vs. Unicode.
Go deeper
Continue in the Web Security Academy
Related techniques
Detecting Phishing URLs: Indicators and Techniques
Analyze URLs for phishing indicators: typosquatting, homoglyph attacks, suspicious subdomains, URL shortener abuse, and credential harvesting parameters.
Email Header Analysis
Parse email headers to trace message origin, verify SPF/DKIM/DMARC authentication, and detect spoofed sender addresses in phishing emails.