Free, browser-based utilities for everyday developer workflows

Homoglyph Domain Checker

Security Tools

Inspect look-alike domains directly in your browser to spot confusable letters, mixed scripts, hidden Unicode tricks, and trusted-domain mismatches.

  • Paste a suspicious link, sender, domain, raw header, or copied message text.
  • The tool automatically detects the input type and runs local checks.
  • No URL is fetched, opened, or rendered as a clickable result.
Runs locally

Inspect suspicious content

Runs in your browser. Your pasted content is not sent to a server.

Not sure? Just paste it above. We will detect it automatically.

Safe example gallery

How to use the Homoglyph Domain Checker

Paste a suspicious domain or URL to compare visible letters, Unicode look-alikes, and Punycode forms locally in your browser. It helps you spot brand impersonation without opening the link.

What it does

  • Flags look-alike domain letters, mixed scripts, and confusable characters.
  • Shows visible hostname details alongside ASCII and Punycode forms.
  • Helps compare a suspicious hostname against a trusted domain locally.

When to use it

  • A domain looks right at a glance but feels slightly off.
  • You want to compare a branded hostname against a look-alike version.
  • A copied link uses unusual letters or a suspicious Unicode mix.

How to use it

  1. Paste the domain or full URL into the main input.
  2. Optionally add a trusted domain for comparison.
  3. Run Analyze locally and review the hostname evidence first.
  4. Open the Unicode and Punycode panels if you need more detail.

FAQ

  • Does this tool fetch suspicious links? No. All analysis runs locally in your browser and the tool does not open or fetch pasted URLs.
  • Can I paste raw email headers? Yes. Paste raw headers and the inspector checks From, Reply-To, Return-Path, Authentication-Results, and related spoofing indicators locally.
  • Does the inspector send my input to a server? No. Everything stays in your browser. Nothing you paste is sent to a server or third-party API.
  • What kinds of spoofing does it look for? It looks for invisible characters, bidi controls, mixed scripts, confusable domains, Punycode hostnames, misleading subdomains, credential-in-URL tricks, and sender mismatches.
  • Can it compare a suspicious value against a trusted domain? Yes. You can enter an optional trusted domain so the inspector can compare the pasted content against a known-good brand or host locally.

Related guides