2 Scam Reports

Phishing Scam

1

Scammer's wallet address

0
1
Reported Address
Reported Address
0x1c994a7a8038e52758ff39b9e9fc579fb9bf1c46

Other Blackmail Scam

5

Solana, Ethereum, and NFT drainers from wl-now[.]com. Uses fake unpkg to serve drainer js and Discord webhooks for real-time alerts. Shows relation to presaless[.]com and drainer kit from cryptokens[.]sellix[.]io (previously tokens404[.]com). Likely to be a Chinese threat actor/s due to multiple indications: - Configuration of the receiver wallet was left untouched and showed 钱包 which translates to "wallet" - Discord webhook was given a username of "houmen" which translates to "backdoor". The avatar displays a Chinese school girl (cdn.discordapp.com/avatars/979351082012659755/b791e87ac09e0fcd70bef0721b074513.png -> facebook.com/JK照片-100190912056316/photos/pcb.100195085389232/100195032055904/) - Drainers were hosted in a server from HK/China (Cloudie Limited [AS55933] 103.105.23[.]18 - The fake unpkg domain displays a default page in Chinese

0
5
Reported Addresses and Domains
Reported Domain

unpkgaa.com

Reported Domain

wl-now.com

Reported Address
6gvBf1D73QmNFV36oKpRCqkLE1hrDYH7pcCwFvSa96Uf

+ 101 more

Reports by Category

Backed By
TRM logoSolana logoCircle logoOpensea logoAave logoBinance logoCivic logoHedera logoRasomwhe.re logo