How to use the Punycode Decoder
Decode a Punycode domain in two steps:
1
Type or paste the Punycode domain
Enter any domain containing xn-- prefixed labels (e.g. xn--mnchen-3ya.de, xn--e1afmapc.xn--p1ai). Or click one of the four example buttons.
2
Copy the Unicode result
The decoded Unicode domain appears instantly in a large readable font. The label breakdown table shows which labels were decoded from Punycode and which were already plain ASCII. Click Copy to copy the result.
When to use this tool
Use Punycode decoding to read the human-friendly Unicode form of xn-- domain names:
- →Decoding an xn-- domain seen in a server log, DNS record, email header, or SSL certificate to read its Unicode form
- →Reading the actual Unicode characters behind a suspicious xn-- domain for homograph phishing detection
- →Converting an ACE domain from a DNS zone file or WHOIS record to its readable Unicode representation
- →Identifying the original Unicode characters in internationalized domain names found in email spam or phishing links
- →Translating xn-- domains from a registrar transfer document or DNS configuration to their user-facing Unicode form
- →Verifying that a Punycode encoding round-trip (encode then decode) recovers the original Unicode domain correctly
Frequently asked questions
Q:How does Punycode decoding work?
The RFC 3492 decoder first checks if a label starts with xn--. If it does, the xn-- prefix is stripped and the remaining string is decoded using the Punycode algorithm: the ASCII-only portion before the last hyphen provides the initial characters, then the encoded delta sequence after the hyphen is used to reconstruct the positions and values of the non-ASCII Unicode code points. The result is the original Unicode string.
Q:What happens to labels that do not start with xn--?
Labels that do not start with xn-- are treated as plain ASCII and passed through to the output unchanged. For example, in the domain xn--mnchen-3ya.de, only the first label (xn--mnchen-3ya) is decoded — it becomes münchen. The second label (de) is plain ASCII and stays as de, giving the final decoded domain münchen.de.
Q:Can Punycode decoding reveal phishing domains?
Yes — Punycode homograph attacks use Unicode characters that look visually identical to ASCII letters to create deceptive domains. For example, xn--pple-43d.com decodes to the Unicode string using a Cyrillic 'а' instead of the Latin 'a' in 'apple'. Decoding the xn-- form reveals the actual Unicode characters and exposes whether visually similar but distinct characters were used. Always verify the Unicode form of unexpected xn-- domains before trusting them.
Q:Why does the decoded domain display in a large font?
The decoded Unicode domain is displayed at a larger font size (20px) because the primary purpose of the decoder is readability — revealing the human-facing Unicode characters that the xn-- encoding obscures. A larger display makes internationalized scripts (Chinese, Arabic, Cyrillic, emoji) clearly legible. The input field shows the compact xn-- form; the output shows the readable Unicode form prominently.
Q:Are all xn-- domains internationalized domain names?
Almost all xn-- domain labels are IDN Punycode-encoded labels. However, the xn-- prefix could theoretically be used by domain labels registered before the ACE prefix convention was established. In practice, any domain label starting with xn-- that you encounter in a modern context will be a Punycode-encoded IDN label. The decoder will attempt to decode it and show an error only if the string after xn-- is not valid Punycode.
Q:Is the Punycode algorithm fully implemented in-browser?
Yes — the full RFC 3492 Punycode decoding algorithm is implemented directly in the browser in TypeScript with no external libraries. The implementation includes the adapt() bias function, base-36 digit decoding, and the delta-sequence reconstruction algorithm exactly as specified in RFC 3492. All decoding runs locally in your browser — no domain name or text is sent to any server.