In development. RVNT is pre-release — not yet security-audited. Source code, public builds, and the iOS / App Store release aren’t available yet. See the roadmap →

Punycode & Homograph Detector

Spot spoofed lookalike domains.

Runs entirely in your browser — nothing you enter is uploaded, logged, or tracked.

Internationalised domains can hide an attack: a domain that looks like apple.com might actually use a Cyrillic “а”. Paste a URL or domain to decode any punycode (xn--) labels back to Unicode and flag suspicious signs — mixed scripts and characters that imitate ASCII letters — so you can tell a real domain from a convincing fake.

Frequently asked questions

What is a homograph attack?

Using Unicode characters that look like familiar ASCII ones — Cyrillic а, Greek ο, etc. — to register a domain that visually impersonates a real one. Browsers often display the punycode (xn--) form to defend against it.

What does it check?

It decodes any xn-- (punycode) labels to their real Unicode, then flags labels that mix character scripts or use confusable look-alike characters — the hallmarks of a spoofed domain.

Is my URL uploaded?

No — decoding and analysis happen entirely in your browser.

Related tools

Password Generator Strong, random passwords — generated locally. Hash Generator SHA-1, SHA-256, SHA-384 & SHA-512. JWT Decoder Decode a JSON Web Token, locally.

Built by a privacy company

These tools never phone home — the same principle as RVNT itself: a post-quantum, end-to-end-encrypted, peer-to-peer messenger with no servers and no tracking.

Get RVNT All tools