Background
Recently, the SlowMist security team received intelligence that scam websites impersonating have emerged. These fraudulent websites misuse the SlowMist’s logo and name to conduct scams related to wallets and trading platforms. According to the data we found, there have been 13 incidents of fraud linked to these fake SlowMist websites.
Impersonation of SlowMist employees by Scammers:
Based on information provided by victims, we immediately analyzed these counterfeit websites.
Analysis of the Counterfeit Websites
Scammer’s Traffic-Directing URL (https://linktr.ee/Slowmist.com):
After users click on “Log In/Register,” they are redirected to the counterfeit website (http://smone.ddns.me):
By searching for the domain name of this counterfeit website in the Weibu online intelligence community, historical change records indicate that this domain name (smone.ddns.me) was previously used for fake websites of Vitex, BitRich, and BIKOTO.
Continuing to identify the corresponding IP of this domain:
Clicking on this IP address reveals that it has been marked as a malicious IP address. Further searching this IP with urlscan uncovers more domains impersonating SlowMist:
We conducted a reverse search using this IP and discovered many scam websites:
Analyzing one of these scam websites, we found it calls the domain win7777.net:
Then we traced back to the domain win7777.net:
We found that the IP address of this domain, 45.76.100.181, hosted 124 scam websites. It was also observed that these scam websites have intricate connections with gambling websites, which will not be further elaborated here.
Conclusion
In reality, cybercriminals and dark market operators often maliciously exploit encrypted corporate brand information, and even security firms are not completely immune to this issue.
We hereby urge users to heighten their security awareness and be particularly cautious of such risks. In the event of being defrauded, please report to the local authorities immediately.
Finally, as a victim, we sternly condemns these fraudulent activities and reserves the right to pursue legal action against those responsible for this incident.
Official SlowMist website: https://www.slowmist.com
For any inquiries, please contact us at: team@slowmist.com
About SlowMist
At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.
SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. They offer AML (Anti-money laundering) software, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. They have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.
By delivering a comprehensive security solution customized to individual projects, they can identify risks and prevent them from occurring. Their team was able to find and publish several high-risk blockchain security flaws. By doing so, they could spread awareness and raise the security standards in the blockchain ecosystem.
