Ask HN: Why am I getting probing traffic with “binance.com” as referrer?
I get a lot of bot traffic to various potentially sensitive endpoints on my blog. Stuff like Wordpress admin or other endpoints that could allow a site to be compromised if they existed. It's really common so that part doesn't surprise me, but I noticed I get quite a bit of this traffic with "binance.com" listed as the referrer and got curious.
My first thought was that someone is spoofing the referrer. I don't know much about crypto exchanges, but it seems like Binance is a pretty "legit" one, which is what made me think they're not sending this traffic (plus, who would do this and leave their actual referrer exposed?). I thought maybe it's a homoglyph phishing attempt, but it seems to just be the legit binance domain string.
I'm curious why anyone would choose to spoof this domain specifically? Most of these bots report no referrer, a few report google or bing. What may be the motivation for using the binance domain?
13 comments
[ 3.7 ms ] story [ 49.2 ms ] threadAnd then copying/sharing software that does strange things.