Free resources

Live Unicode checker

What's the URL

Stay safe with Xanthos

Simply copy and paste the URL/link you have received into the following text box and we will instantly let you know if there are any suspicious characters in it.

Accepted characters

These are characters you do expect to see in links

Additional charaters

These are characters you may expect to see in some languages

Warning characters

These are characters you do not expect to see

Good news

No non-Unicode characters have been identified

Warning

Non-Unicode characters have been identified. We recommend you do not follow this link unless you know it is safe.

Caution

Non-unicode characters have been identified, but these can be used in languages such as German and Swedish, so may be ok.

Please note that this resource is provided for guidance only. We do not check whether the website is safe for you to visit, it’s only checking the characters in the text you provide. Therefore any website you do, or do not, choose to visit after using this resource you do so with this understanding.

Phising attacks

A sensible social media warning

Many people on social media have seen the following screenshot posted by their friends with the message "both addresses look similar but not the same", but how true is it?

The introduction of internationalised domain names was intended to make the internet more accessible to users around the world, allowing them to register domain names in their native scripts. While this inclusion can enhance inclusivity, it also raises concerns about potential misuse, particularly in the context of phishing and hacking.

One of the primary security concerns with allowing certain characters, such as Cyrillic, in URLs is the potential for homograph attacks. Homograph attacks involve the use of characters from different scripts that visually resemble each other, making it challenging for users to distinguish between them.

With simple changing of fonts a normal “a” and a Cyrillic “а” will look identical to the naked eye, but they represent different characters.

Look at the following links. Whilst they appear identical they are very different:

https://www.e-xanthos.co.uk/live-unicode-checker

https://www.e-xanthos.co.uk/livе-uniсоdе-chеckеr

https://www.e-xanthos.co.uk/live-unicöde-checker

https://www.e-xanthos.co.uk/livе-uniсödе-сhесkеr

Click on each link to see how they appear in the checker above (don’t worry, they’re not actual links) and reveal the safe one.

The social media warning says “An average internet user can easily fall for this”, but even highly experienced internet users would struggle to tell the difference.

Hackers and phishing attackers could exploit this visual similarity to create malicious URLs that mimic legitimate websites, tricking users into divulging sensitive information such as login credentials. This technique, known as IDN homograph attack, has been a concern since the inception of internationalised domain names.

It’s essential for users to stay vigilant and verify the legitimacy of websites, especially when clicking on links or entering sensitive information online.