Question Which one is the real "Have I Been Pwned" website?

[Parkinsond]

Have I Been Pwned: Check if your email address has been exposed in a data breach

Have I Been Pwned allows you to check whether your email address has been exposed in a data breach.

haveibeenpwned.com

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address has been compromised.

havelbeenpwnd.com

 

[Bot]

The real "Have I Been Pwned" website is the first one: Have I Been Pwned: Check if your email address has been exposed in a data breach. Be cautious of the second URL, as it appears to be a typo-squatting attempt and could potentially be malicious.

 

[Wrecker4923]

The "i" one is genuine. The "l" one is remarkably suspicious. The Belgian company, EASI SA, the non-redacted owner of the domain, does exist, is in the business registry, and appears on Google Maps. What's the purpose? An archived mirror? Who knows? I would stay away from it.

 

[Parkinsond]

The "i" one is genuine. The "l" one is remarkably suspicious. The Belgian company, EASI SA, the non-redacted owner of the domain, does exist, is in the business registry, and appears on Google Maps. What's the purpose? An archived mirror? Who knows? I would stay away from it.

VT report for the second one

Spoiler

 

[Marko :)]

The second one is fake. It doesn't work at all, and has issue with display.

VT report for the second one

Spoiler

View attachment 289153

Don't bother checking websites on VirusTotal; it's useless. Antivirus companies don't have any sophisticated tools that check if website is malicious or not. Malicious websites are added manually and by the time they get into their database, malicious sites are dead.

The "i" one is genuine. The "l" one is remarkably suspicious. The Belgian company, EASI SA, the non-redacted owner of the domain, does exist, is in the business registry, and appears on Google Maps. What's the purpose? An archived mirror? Who knows? I would stay away from it.

It's a fake site because "l" in question s lowercase L, uppercase I.

 

[Parkinsond]

Antivirus companies don't have any sophisticated tools that check if website is malicious or not

Especially phishing websites; I have found Symantec browser protection and Norton safe web extensions more effective than Kaspersky extension for blocking phishing websites.

 

[Xciting]

i checked from an old haveibeenpwend email in my inbox. First link is real, second is phishing

 

[blackice]

Is this not a case of the “i” being changed to a lower case “L” to appear as an upper case “i”? For email and web addresses aren’t usually case sensitive. This is a common scam tactic.

 

[lokamoka820]

I noticed that connection is encrypted and secure depending on browser lock icon, could it steal email addresses in this case?

 

[Parkinsond]

I noticed that connection is encrypted and secure depending on browser lock icon, could it steal email addresses in this case?

I do not know; both have valid certificates, the original one by Googl trust, and the other one by Let's Encrypt.

 

[lokamoka820]

I personally stopped using "Have I Been Pwned" since the release of "Mozilla Monitor". It automatically searches and sends reports monthly, eliminating the need for manual searching.

 

[Victor M]

The LetsEncrypt cert is free. Thus cybercrooks tend to use that. That said, when I was hosting my own site, I used LetsEncrypt too.

 

[Parkinsond]

I personally stopped using "Have I Been Pwned" since the release of "Mozilla Monitor". It automatically searches and sends reports monthly, eliminating the need for manual searching.

Looks more reliable for me than Have I been pwned; I will use it instead; thank you.

The LetsEncrypt cert is free. Thus cybercrooks tend to use that. That said, when I was hosting my own site, I used LetsEncrypt too.

Yes, I know; as you have just stated, it can be used by honorable persons, so cannot rely on completely for discriminating between the original and the fake website.

 

[Jonny Quest]

From the article link in this post, was BleepingComputer's link.

To check if your credentials have appeared in known breaches, consider using services like Have I Been Pwned.

 

[oldschool]

It's a fake site because "l" in question s lowercase L, uppercase I.

I couldn't even reach the fake site due to "insecure connection" error.

 

[Parkinsond]

I couldn't even reach the fake site due to "insecure connection" error.

It was reachable with valid certificate by Let's Encrypt until today, when it is blocked by NextDNS.

Spoiler

 

[Marko :)]

I couldn't even reach the fake site due to "insecure connection" error.

It doesn't work correctly anymore as a lot of resources simply can't be loaded. It used to load just fine.

It was reachable with valid certificate by Let's Encrypt until today, when it is blocked by NextDNS.

Spoiler

View attachment 289174

uBlock Origin now blocks access to page too if OISD filter is used.

 

[Parkinsond]

It doesn't work correctly anymore as a lot of resources simply can't be loaded. It used to load just fine.

uBlock Origin now blocks access to page too if OISD filter is used.

Was not detected by K neither earlier nor today; phishing websites and scripts are the Achilles tendon.

 

[Marko :)]

Was not detected by K neither earlier nor today; phishing websites and scripts are the Achilles tendon.

And because it's now being detected by more and more security companies, as we see, website started "dying". It's just the matter of hours until it disappears completely.

 

[SirJon]

I personally stopped using "Have I Been Pwned" since the release of "Mozilla Monitor". It automatically searches and sends reports monthly, eliminating the need for manual searching.

Optery is another good one.