Example
Input (Unicode domain)
한글.kr
Output (ASCII)
xn--bj0bj06e.kr
Note
The `xn--` prefix marks a punycode-encoded label. DNS speaks ASCII only, so Korean / Chinese domains register in this form.
Usage / FAQ
When to use
- Find the DNS-registered ASCII form of a Korean / Chinese / Japanese domain
- Verify the IDN of an email sender
- Analyze phishing domains — spot lookalike Cyrillic spoofs
- URL normalization — map what users see to what DNS sees
- Compatibility with ICANN and domain registry systems
FAQ
- Q.Why does `xn--` appear?
- A.It's the ACE (ASCII Compatible Encoding) prefix defined by IDNA. It tells DNS "this label is a converted IDN".
- Q.What is a homograph attack?
- A.Cyrillic `а` (U+0430) looks identical to Latin `a` (U+0061), enabling spoofs like `аpple.com`. Punycode reveals the trick: `xn--pple-43d.com`.
- Q.Are email addresses converted too?
- A.Yes — IDN addresses like `user@한글.kr` are converted to punycode in the domain part when passing through servers that don't speak SMTPUTF8 (EAI). The local part is independent.
Fun facts
Punycode was standardized in 2003 as RFC 3492 — the IDN (Internationalized Domain Name) encoding. It losslessly converts non-ASCII domains (like `한국.kr`) into ASCII-compatible form (`xn--3e0b707e`) that DNS can handle. It's the critical mechanism that let the internet accept non-ASCII domain names.
RFC 3492 (2003)At its core Punycode is the Bootstring algorithm by Adam Costello — emit the ASCII characters first, then compress the non-ASCII ones as 'delta + position' codes at the end. The `xn--` prefix marks an IDN; 'xn' stands for 'extended name' and is reserved by IANA.
Wikipedia — PunycodeThe homograph attack — Cyrillic 'а' (U+0430) looks identical to Latin 'a' but maps to a different domain via Punycode. Things like `xn--pple-43d.com` can render as `apple.com` for phishing, so Chrome and Firefox deliberately display mixed-script IDNs in raw Punycode form.
Wikipedia — IDN homograph attack
Related tools
- Base64 Encode / Decode
Encode text to Base64 or decode Base64 back to text. Runs entirely in your browser, no data sent to any server.
- URL Encode / Decode
Percent-encode text for safe use in URLs, or decode percent-encoded URLs back to text. Runs entirely in your browser.
- UUID / ULID Generator
Generate UUID v4 (random), UUID v7 (time-ordered, RFC 9562), or ULID identifiers — all client-side via crypto.
- JWT Decoder
Decode the header and payload of a JSON Web Token. Signature is not verified (a public key is required). The token is processed entirely in your browser.
- JWT Encoder (HMAC)
Generate a signed JSON Web Token with HS256/HS384/HS512 (HMAC-SHA). Payload and secret stay in your browser — Web Crypto API based.
- SHA Hash
Compute SHA-1, SHA-256, SHA-384, or SHA-512 hash of text. Uses the browser's Web Crypto API; no data is sent to any server.
- Hex Encode / Decode
Encode text to hexadecimal or decode hex back to text. Supports UTF-8 multi-byte characters and tolerates whitespace.
- HTML Entity Encode / Decode
Encode HTML special characters (&, <, >, ", ') to entities, or decode named/numeric entities back to text.
- Password Generator
Generate cryptographically strong passwords, tokens, random strings, and passphrases with entropy display.
- Number Base Converter
Convert numbers between bases (binary/octal/decimal/hex/base36) using BigInt for large integers. Auto-detects 0b/0o/0x prefixes.
- URL Parser
Decompose a URL into protocol, host, path, query parameters, and hash — read-only inspection.
- HMAC Generator
Compute HMAC (Hash-based Message Authentication Code) with SHA-1/256/384/512 using the Web Crypto API.
- HMAC Verify
Verify whether a given HMAC signature matches the message + secret. Constant-time comparison via Web Crypto API.
- MD5 Hash
Compute MD5 hash for text. Note: MD5 is broken for security — checksums and legacy compatibility only.
- HTTP Status Codes
Browse and search HTTP status codes (1xx-5xx) with descriptions and common usage.
- User-Agent Parser
Parse User-Agent strings into browser, OS, device, and engine fields.
- Bcrypt Hash
Hash passwords with Bcrypt or verify a plaintext against an existing hash. Configurable salt rounds.
- Cookie Parser
Parse Cookie or Set-Cookie strings into a table. Decode percent-encoded values. Supports Set-Cookie attributes (Path/Domain/Max-Age/SameSite/HttpOnly/Secure).
- IP / CIDR Calculator
Compute network address, broadcast, host range, mask, and host count from an IPv4 + CIDR.
- cURL Builder
Build cURL commands from URL/method/headers/body. Auto-detects JSON content-type.