Homoglyphs are characters from scripts such as Cyrillic or Greek that render almost identically to ordinary ASCII letters. Attackers exploit them to forge domains and usernames that look genuine but point somewhere else. This tool scans your text, highlights every confusable character, and tells you the real code point and which ASCII letter it imitates.
How it works
The detector walks through your text one character at a time. For each character it checks whether the code point is outside the ASCII range and appears in a curated confusables table:
for each char:
if codePoint > 0x7F and char is in CONFUSABLES table:
flag it -> report code point + the ASCII letter it imitates
The table is built from the most frequently abused entries in the Unicode confusables data: Cyrillic letters like а, е, о, р, с; Greek letters like ο and ν; full-width Latin forms; and a handful of mathematical look-alikes. Flagged characters are highlighted in the rendered output and listed with their position.
Notes and example
Paste a string like the Cyrillic-spoofed раypal.com and the leading р and
а light up as confusables for ASCII p and a. This is exactly the trick
behind IDN homograph phishing. Because Unicode defines thousands of confusables
and this tool focuses on the common ones, treat a clean result as reassuring but
not absolute, and always verify suspicious links by other means.
The most commonly abused homoglyphs
The Cyrillic script is the most frequent source of IDN homograph attacks, because it shares visually identical glyphs with Latin for several of its most common letters. Greek contributes a few: the Greek small letter omicron (U+03BF) looks identical to Latin o, and Greek nu (U+03BD) resembles v in some fonts. Full-width Latin characters (U+FF01 through U+FF5E) are the ASCII characters shifted to appear wider, used in East Asian typography — they can appear in URLs and usernames where the width difference is invisible on a small screen.
Real-world impact: IDN homograph attacks
The IDN homograph attack was formally documented around 2001 when researchers demonstrated that internationalized domain names could spell familiar brand names using mixed scripts that were undetectable to the human eye. A modern browser may or may not display a Punycode fallback (like xn--pypal-4ve.com) depending on the TLD and the browser’s confusable detection policy.
Common scenarios where homoglyphs appear in the wild:
- Phishing emails — the sender address contains a homoglyph so the domain looks like a trusted company but resolves to an attacker-controlled server.
- Fake social media handles — a username that appears to be a celebrity or official account but differs by one confusable character.
- Copy-paste attacks in documentation — malicious tutorials that instruct users to run a command containing a confusable character that quietly changes the target.
- Unicode in source code — some programming languages allow Unicode identifiers. A variable or function named with a homoglyph of a trusted name can cause subtle bugs or security issues.
How to protect yourself
Hover before clicking — the status bar often shows the Punycode representation of an IDN domain, revealing whether it uses non-ASCII characters. Use a password manager — it matches on the actual domain code points, not visual appearance, so a homoglyph domain will not autofill your credentials. Paste and scan — if a link in an email or message seems to come from a trusted source, copy just the domain text and paste it into this tool before clicking.