Homoglyph Detector

Scan any text for homoglyph Unicode characters that can be used in domain spoofing, phishing, and social engineering attacks.

  1. Home
  2. Hash & Security
  3. Homoglyph Detector

Enter any text, domain, or URL to detect homoglyph characters. All analysis is done locally in your browser.

What Is a Homoglyph Detector?

A Homoglyph Detector is a security tool that scans text for Unicode characters that look visually identical (or very similar) to standard ASCII characters but have different code points. These confusable characters are used in homograph attacks where attackers register domain names that visually mimic legitimate ones.

For example, the Cyrillic letter "а" (U+0430) looks identical to the Latin "a" (U+0061). An attacker could register gооgle.com using Cyrillic "о" characters, making the domain visually indistinguishable from the real google.com.

This tool helps identify:

  • Cyrillic homoglyphs — Cyrillic letters that look like Latin letters (а, е, о, с, р, х, і, etc.)
  • Greek homoglyphs — Greek letters that mimic Latin characters (ο, ε, etc.)
  • Accented Latin characters — Modified Latin letters used in place of standard ones
  • Number homoglyphs — Unicode digits and letters that look like numbers (0 vs O, 1 vs l, etc.)
  • Fullwidth characters — Wide-width versions of ASCII characters
  • Mathematical and letterlike symbols — Special symbols that resemble standard characters

How to Use This Homoglyph Detector

  1. Enter text — Paste a domain name, URL, or any text you want to scan for homoglyph characters.
  2. Click Detect — Press the button to scan the text. Analysis is performed entirely in your browser.
  3. Review highlighted text — Suspicious characters are highlighted in yellow directly in the text.
  4. Check the table — Each detected homoglyph is listed with its position, code point, what it looks like, and its Unicode block.
  5. Use normalized text — The normalized version shows what the text should look like with standard ASCII characters.

Frequently Asked Questions

What is a homograph attack?

A homograph attack (also called an IDN homograph attack) uses visually similar characters from different writing systems to create deceptive domain names. Because modern browsers render Internationalized Domain Names (IDN), an attacker can register a domain that looks almost identical to a trusted one but leads to a completely different website.

Is my text sent to a server?

No. All analysis is performed locally in your browser. The text you enter never leaves your device.

How can I protect myself from homoglyph attacks?

Always check the browser's address bar carefully. Modern browsers display the punycode (xn--) version of internationalized domains. Bookmark important sites instead of typing URLs manually. Use a password manager — it will refuse to autofill on lookalike domains. Enable two-factor authentication for important accounts.

What is punycode and how does it relate to homoglyphs?

Punycode is a way to represent non-ASCII characters in domain names using ASCII characters starting with "xn--". For example, the Cyrillic domain "kремль.рф" becomes "xn--h1acb4aifd.xn--p1ai" in punycode. Modern browsers show the punycode version when a domain contains mixed scripts to help users detect potential homograph attacks.