Using phishing tools against the phishers— and uncovering a massive Binance phishing campaign - by Harry Denley

February 21, 2019

Jeremiah O’Connor (security researcher at Cisco) forwarded me a domain that has been phishing for Binance logins —

This domain has a different phishing kit to previous ones we’ve seen, as it changes the user sign-in journey to collect personal information to eventually use in social engineering methods — this server does not communicate with the Binance domain.

The usual login screen.

The user is then directed to a screen to collect personal information.

They are then asked for the 2FA code.

The user is then shown a loading GIF to give the “illusion” of something working. After some time, they are redirected back to the previous 2FA view.


I decided to check the root domain, com12754825, and to my surprise, it was open.

DirectoryIndex for


Most of these are email scripts — with default text and tools to send out mass PayPal phishing emails.

Read the rest of this story with a free account.

Already have an account? Sign in

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.