1 Scam Reports

Other Blackmail Scam


Solana, Ethereum, and NFT drainers from wl-now[.]com. Uses fake unpkg to serve drainer js and Discord webhooks for real-time alerts. Shows relation to presaless[.]com and drainer kit from cryptokens[.]sellix[.]io (previously tokens404[.]com). Likely to be a Chinese threat actor/s due to multiple indications: - Configuration of the receiver wallet was left untouched and showed 钱包 which translates to "wallet" - Discord webhook was given a username of "houmen" which translates to "backdoor". The avatar displays a Chinese school girl (cdn.discordapp.com/avatars/979351082012659755/b791e87ac09e0fcd70bef0721b074513.png -> facebook.com/JK照片-100190912056316/photos/pcb.100195085389232/100195032055904/) - Drainers were hosted in a server from HK/China (Cloudie Limited [AS55933] 103.105.23[.]18 - The fake unpkg domain displays a default page in Chinese

Reported Addresses and Domains
Reported Domain


Reported Domain


Reported Address

+ 101 more

Reports by Category

Backed By
TRM logoSolana logoCircle logoOpensea logoAave logoBinance logoCivic logoHedera logoRasomwhe.re logo