764 & Its Offshoots / "com" / Internet Extortion Groups - A decentralized extortion community filled with pedophiles, degenerates and larpers on Discords and Telegram chats

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
Closest thing I found regarding flar being in Serbia was an old, possibly forgotten, Chaturbate account (a) of someone in Hungary, Serbia's neighbor. Considering 'carvingyou' isn't a very common username there's obviously a chance it's his old account.
MilkyMomma said:
Final schizo post from me today. There is a person on Tik Tok claiming to be a victim of COM (particularly Flar), in one of their posts they give the following information out on him.

"the main suspect is a 25yo Serbian male, his name is Robin, he has brown curly hair, a sharp jawline and many and big muscles."

https://www.tiktok.com/@just_a_country_child/photo/7355142147579972896


I had seen posts on X a while ago with messages from (supposedly) Flar in a discord server noting he had "Uni". Hopefully I can find it again.
Click to expand...
 
  • Thunk-Provoking
Reactions: Lurch Party and ripsquad
MilkyMomma said:
Final schizo post from me today. There is a person on Tik Tok claiming to be a victim of COM (particularly Flar), in one of their posts they give the following information out on him.

"the main suspect is a 25yo Serbian male, his name is Robin, he has brown curly hair, a sharp jawline and many and big muscles."

https://www.tiktok.com/@just_a_country_child/photo/7355142147579972896


I had seen posts on X a while ago with messages from (supposedly) Flar in a discord server noting he had "Uni". Hopefully I can find it again.
Click to expand...
https://www.tiktok.com/@just_a_country_child/photo/7355142147579972896 - Archive
https://www.tiktok.com/@just_a_country_child/ - Archive
https://www.instagram.com/emma_lya08/ - Archive
1.webp2.webp3.webp4.webp5.webp6.webp7.webp8.webp9.webp10.webp11.webp12.webp13.webp14.webp15.webp16.webp

1747104283382.webp1747104425082.webp
https://www.dv.is/frettir/2024/3/28...bond-af-henni-alblodugri-til-synis-spjallras/ - Archive
https://www.washingtonpost.com/investigations/interactive/2024/764-predator-discord-telegram/ - Archive
https://gnet-research.org/2024/01/1...lent-extremism-and-child-sexual-exploitation/ - Archive

Her other posts:
https://www.tiktok.com/@just_a_country_child/photo/7354747066146622753 - Archive
1747104592449.webp1747104609553.webp1747104626388.webp1747104656281.webp1747104679978.webp

https://www.tiktok.com/@just_a_country_child/photo/7380115137497255201 - Archive
1747104832187.webp1747104845183.webp1747104865193.webp1747104879931.webp1747104895592.webp1747104912783.webp1747104945660.webp1747104962481.webp1747104973511.webp1747104991184.webp1747105006672.webp1747105024679.webp1747105046189.webp1747105060080.webp1747105074151.webp1747105088514.webp

grand larsony said:
Not sure if this has been posted already, but Ken Klippenstein, the guy who initially published Luigi Mangione's manifesto when no other outlet would, has published a hit piece scolding the FBI for what it seems he believes is wasting their time going after 764. Upon reading it, it seems to me that he's mostly just using 764 as a hook to whine about budget cuts to the FBI. Whether or not that's a legitimate complaint is neither here nor there, in my opinion.
Not huge news, but I figured it would be worth posting in the thread anyway.
Click to expand...
https://www.kenklippenstein.com/p/fbi-pushes-qanon-pedophile-conspiracy - Archive
 
  • Informative
  • Winner
Reactions: Vonel, reformed alert and ripsquad
two3oh9 said:
Closest thing I found regarding flar being in Serbia was an old, possibly forgotten, Chaturbate account (a) of someone in Hungary, Serbia's neighbor. Considering 'carvingyou' isn't a very common username there's obviously a chance it's his old account.
Click to expand...
I exported all indexed data-breaches with "flar" and "flare" as the username, extracted the IP addresses and none of them resolved to Serbia. Not every entry has an IP address though, and (obviously) a VPN would mask the IP.
 
Relinquish said:
According to the old investigation txt file, he's suspected to be the owner of this domain and hosted the site. I do personally suspect he's responsible for writing it, but I do not have any proof, just a suspicion
Click to expand...
Were any of the images here archived at all? Cause when I go to "files.offshore.cat" I get met with a Cloudflare Tunnel error.
 
Oh, he used/uses way more usernames than that. There's a dox in this thread that covers a good number of them but I'm too lazy to find it atm so, see attached.
PiedPiper said:
I exported all indexed data-breaches with "flar" and "flare" as the username, extracted the IP addresses and none of them resolved to Serbia. Not every entry has an IP address though, and (obviously) a VPN would mask the IP.
Click to expand...
 

Attachments

  • Like
Reactions: John Badman
been lurking on this thread since the news picked up this story. I had someone tell me about this group about a year ago but tbh it sounded like complete bullshit so I didn’t believe it. Christ was I wrong. Decided to make an account just so I could say this:

PiedPiper said:
I exported all indexed data-breaches with "flar" and "flare" as the username, extracted the IP addresses and none of them resolved to Serbia. Not every entry has an IP address though, and (obviously) a VPN would mask the IP.
Click to expand...
I skimmed through that manual and noticed he used the American version of “labor”. Googled to see if Serbia uses UK English or American amongst the population that can speak it. It said that American English is more popular. Hopefully this helps.
 
  • Like
Reactions: Bababooey Warlock, space man, Hellion and 1 other person
Jonkler said:
https://www.tiktok.com/@just_a_country_child/photo/7380115137497255201 - Archive
Click to expand...
Reading through this makes me sick, just knowing the fact that she was extorted for 2 years and so many people were involved in it. Flar appears to be the "leader" of it, as the victim brings him up when talking about the other people who were also involved in her extortion.
PiedPiper said:
- @bsmntontele (https://t.me/bsmntontele) bsmnt (Mar 16, 2025)
Click to expand...
"bsmnt" seems to be the name of the place where all of this goes on, since the victim and the dox of Flar both state that he is the owner of it.
There is a Discord server with the vanity "bsmnt", however it is a Discord server that requires you to be manually accepted into it. Off the top of my head, it said something along the lines of stating who invited you into it.
MilkyMomma said:
"the main suspect is a 25yo Serbian male, his name is Robin, he has brown curly hair, a sharp jawline and many and big muscles."
Click to expand...
Minor detail, but on the investigation file for Flar it states that a pseudonym of his is "Robin Martel", so the victim saying that his name is Robin lines up.
 
Last edited:
two3oh9 said:
Oh, he used/uses way more usernames than that. There's a dox in this thread that covers a good number of them but I'm too lazy to find it atm so, see attached.
Click to expand...
There are a lot of false-positives as the usernames are broad. There are hundreds of lines. These are some interesting ones.
The inclusion of usernames, aliases, or identifiers within this list does not confirm identity, intent, or affiliation. Entries may be based on partial, similar, or reused usernames and are provided for informational or investigative context only. False positives may exist, and no assumptions or conclusions should be drawn without independent verification or corroborating evidence. Always exercise due diligence when interpreting such data.
Click to expand...



"dbname": "doxbin_2025",
"email": "voidfallskk@gmail.com",
"username": "nationharm",

"_domain": "hotmail.com",
"dbname": "0643_ADULTFRIENDFINDER_COM_220M_DATING_2016",
"email": "burningscar@hotmail.com",
"hash": "7164f6667ca3f8f1d6dd59eb8299b0e6ca035952" (plain: 266mf)
"username": "bursteyes",

"_domain": "vile.net",
"created": "1638580806770",
"dbname": "1229_DOXBIN_ORG_51K_HACKING_012022",
"email": "gruesome@vile.net",
"username": "gruesome",

"dbname": "1102_RAIDFORUMS_COM_594K_HACKING_062021",
"id": "304500",
"username": "Gruesome",
"source": "oathnet",
"query": "gruesome"

"_domain": "gmail.com",
"birthdate": "15-1-2001",
"created": "1529839663",
"dbname": "0945_OGUSERS_COM_331K_HACKING_042021",
"email": "kellen6g@gmail.com",
"hash": "0bee1010ec3b79caddc7355dc3562bfd",
"lastip": "250.252.34.185",
"regip": "250.252.34.185",
"salt": "DuhR0rmZ",
"uid": "61140",
"username": "Gruesome"

"_domain": "gmail.com",
"birthdate": "15-1-2001",
"dbname": "1671_FLIPD_GG_529K_HACKING_072022",
"email": "kellen6g@gmail.com",
"hash": "$argon2id$v=19$m=65536,t=4,p=1$djdLSVp3ZDRBaWZaZnY5Vg$P6ko/fcEJFizJUDt7bTcyKPxTYKOZWfENRE15fENwBo",
"lastip": "185.156.173.219",
"regip": "250.252.34.185",
"salt": "DuhR0rmZ",
"username": "Gruesome",

"_domain": "gmail.com",
"dbname": "1716_RAIDFORUMS_COM_478K_HACKING_092020",
"email": "margrim1986@gmail.com",
"hash": "def502002b7f3a7d39edfc2034511bd5279d8038864de3c793e5cff93abd6089de7368c20fef19460502c577b8defb00347ea5d34b95ffa45b01893dee9e6b2e04459e078cc8658675d99be7b95ed4cf7c8be14a722fac0f14f3569d2a272a6b587a7b1ed70c995708d50c5a96b22638e984a8e1",
"lastip": "0.46.63.63",
"regip": "63.113.93.80",
"salt": "jnreYM5o",
"username": "Gruesome",

"_domain": "gmail.com",
"birthdate": "19-11-1999",
"dbname": "1716_RAIDFORUMS_COM_478K_HACKING_092020",
"email": "kombatkitty88@gmail.com",
"hash": "def5020078da373f4610a51f3c0ce3277d76e5c5b3b39d9f43ae9aa85dc219b27b5f8950d3977f50a9fea75c7d98c08d47a538ef2defb6040bee2a918ede11538adf448198ac574b6ee2d089bf739d3ce6f0c51c178069a8dda9571550324b3f12af9124d9bf2bc49d591fd2c8906872d60aa340172a64456165ff92a914fabd8779880e007e90757cef47c3f3c0587c",
"salt": "iLEe3T34",
"username": "Flare",

"_domain": "gmail.com",
"birthdate": "4-3-1998",
"created": "1505616372",
"dbname": "0945_OGUSERS_COM_331K_HACKING_042021",
"email": "flareare@gmail.com",
"hash": "$argon2id$v=19$m=65536,t=4,p=1$MEc1LmRhOHFzSWZnaGhwOQ$2gmXFUpZ8Fgk6hTI8dfGuVdn1XXtOFXDlqTtsYQxdiU",
"lastip": "172.91.12.177",
"regip": "172.91.12.177",
"salt": "l05BwF3o",
"username": "flare",
"source": "oathnet",

"_domain": "gmail.com",
"date": "2020-01-11",
"dbname": "0942_SIRHURT_NET_101K_GAMING_042021",
"email": "lolimfunnyasf@gmail.com",
"hash": "4ba6f286c40b2896c81ab65052caaf17",
"lastip": "2600:1700:931:8410:f095:7bfc:7fa5:932c",
"username": "Flare",
"source": "oathnet",

"dbname": "0001_STEALERLOGS_NA_106M_MALWARE_2023",
"host": "android://RGlUtI9NY0ps7eW1mdYoROkaZ3iIqThRr1OIJOwe5lqdRX93aUt2TxUUz13PLlTFN5B1C0mMDPyM4BsBic8Fmg==@com.roblox.client/",
"password": "123reignerako",
"username": "Flare",
"query": "flare"

"dbname": "0001_STEALERLOGS_NA_106M_MALWARE_2023",
"host": "https://wifi.rip/login",
"password": "junkie2012",
"username": "Flare",
"source": "oathnet",
"query": "flare"

"_domain": "gmail.com",
"dbname": "0867_SHOCKGORE_COM_73K_MEDIA_082020",
"email": "dishlefskiy@gmail.com",
"gender": "male",
"hash": "e85a8042b4d2cbbdc063a0eef504aca4e544bdbc",
"language": "english",
"lastip": "2001:41d0:701:1100::e7c",
"username": "flar",
 
  • Informative
Reactions: space man
1747157883461.webp

I came across this thread on /wsg/ and thought it was worth sharing. Right now it's mostly just shitposts, but it could become useful as more content gets posted (link/archive)
Oddly, the thread isn't showing up in any archives (I assume it was auto-filtered), so for now, the best option is to periodically archive it on ghostarchive.org

Here's a local archive of what's in the thread so far (will edit this post as more stuff gets added to the /wsg/ thread):
1747086097671018.gif


 
Last edited:
  • Lunacy
  • Informative
  • Like
Reactions: LolcowsESL, Bababooey Warlock, ripsquad and 3 others
Which images are you referring to? The entire document is text.
ripsquad said:
Were any of the images here archived at all? Cause when I go to "files.offshore.cat" I get met with a Cloudflare Tunnel error.
Click to expand...

Managed to get into some older data where this site's local data is stored.
I spidered this site last year, it didn't turn up much other than it was (unsurprisingly) being protected by Cloudflare
(172.64.80.1/2606:4700:130:436c:6f75:6466:6c61:7265 & rev proxy kai.ns.cloudflare.com, hattie.ns.cloudflare.com)

The web server didn't appear to report a name or version (ie. Apache, nginx, etc.)
There did appear to be javascript within the site, something called HotJar. I'm not a java person so I'm not entirely sure what it does.

SSL provided by Let's Encrypt.

The MX record pointed to a company called Mailum (https://mailum.com/) which would be where all of their admin@ email would land.
Mailum is also 'CyberFear' https://cyberfear.com/
It's possible that OVH SAS (ovhcloud) was also hosting the web site.

1747163825518.webp
HN_SISpiderFoot.webp
 
  • Like
  • Informative
  • Thunk-Provoking
Reactions: John Badman, alphabetnigger, Felon Musk and 1 other person
two3oh9 said:
It's possible that OVH SAS (ovhcloud) was also hosting the web site.
Click to expand...
That is interesting, because I think OVH SAS was providing service to StateWins (a revenge porn website, which also sold blackmail material - "ruben" content etc.)

What are your thoughts on the relationship between StateWins and the author of the Sextortion Guide? I thought that Statewins might be the "label" the author refers to in the guide. The website employs many of the techniques used in the guide, including the use of a .pk domain and specific WordPress theme.
Screenshot_23.webpScreenshot_22.webpScreenshot_24.webp
 
Last edited by a moderator:
  • Thunk-Provoking
  • Like
Reactions: alphabetnigger and two3oh9
two3oh9 said:
Which images are you referring to? The entire document is text.


Managed to get into some older data where this site's local data is stored.
I spidered this site last year, it didn't turn up much other than it was (unsurprisingly) being protected by Cloudflare
(172.64.80.1/2606:4700:130:436c:6f75:6466:6c61:7265 & rev proxy kai.ns.cloudflare.com, hattie.ns.cloudflare.com)

The web server didn't appear to report a name or version (ie. Apache, nginx, etc.)
There did appear to be javascript within the site, something called HotJar. I'm not a java person so I'm not entirely sure what it does.

SSL provided by Let's Encrypt.

The MX record pointed to a company called Mailum (https://mailum.com/) which would be where all of their admin@ email would land.
Mailum is also 'CyberFear' https://cyberfear.com/
It's possible that OVH SAS (ovhcloud) was also hosting the web site.

View attachment 7357915View attachment 7357998
Click to expand...
This may be helpful to you. CloudFlare always uses the same pair of nameservers for your account no matter how many domains you've got on it. This is a list of all the domains that use kai and hattie on CloudFlare's network. Someone more knowledgeable will probably want to look into this but just at a glance I see some other domains that are likely related:

https://pastecat.gq/ - Just a paste site, but the overlap between script kiddies and paste sites is a long-lived tradition and the coincidence seems odd
http://statewins.com.pk/ - Now down, see further in my list
https://thotbb.com/ - ThotBB "Leak The World" (lmao faggots) with linked Telegram @statewinscom. I will not be viewing the Telegram because I don't want whatever they're posting in my cache. Also links to state-wins.pk.
https://wins.pk/ - also down
https://state-wins.pk/ - redirects to https://telegra.ph/STATEWINS-REOPENS-PRIVATELY-01-14 - "Explanation - Statewins is no longer possible to host for public access because every host has banned us due to the nature of our revenge porn content. Law enforcement keeps threatening host companies to shut us down."
https://leedrisdev.com/ - Currently down, but you can find an apparently related GitHub account here - https://github.com/LeedrisDev - "Thomas Foenix Blondel". It's unclear if this is related to the other sites but I figure it's at least worth making note of.
https://midnightleaks.com/ - Basically the same thing as ThotBB. Different layout, same set of links on it.
https://myleadsdaily.info/ - Some kind of get rich quick marketing scheme. There is a person's face in a video on a promo. This might be related as well, though like leedrisdev, this isn't exactly clear.
https://toddlertownrehab.com/ - Down, and frankly I feel a bit thankful it is. Sounds grim.
http://670321.xyz/ and http://0858687.xyz/ - Down, but the strange domain name seemed worth making note of. Does 670321 or 0858687 mean anything to anyone here?
There are quite a few other obviously unrelated domains in this list.

Edit: I'm working under the assumption PasteCat is related to this, but to be clear, that is not something I'm positive about. Here's some more information about PasteCat I found:
"What is PasteShr all about? - Pasteshr is a website where you can store any text online for easy sharing. The idea behind the site is to make it more convenient for people to share large amounts of text online."
PasteShr? I thought this was PasteCat.
5 year old repo with 5 stars and 1 person watching it. While it could be unrelated, it seems odd that the owner of pastecat would be unrelated to the dev of pasteshr.
 
Last edited:
  • Informative
  • Thunk-Provoking
  • Like
Reactions: Markass the Worst, Radio Live Transmission, space man and 3 others
Very interesting, thanks for the details.
grand larsony said:
http://670321.xyz/ and http://0858687.xyz/ - Down, but the strange domain name seemed worth making note of. Does 670321 or 0858687 mean anything to anyone here?
There are quite a few other obviously unrelated domains in this list.
Click to expand...
Those two particular domains are no longer active. They were spidered by archive.org but they don't return pages, it's possible that those were running some other kid of service other than a web server.

0858687.xyz was part of some gaming site

670321.xyz seems to have hosted some linux packages at one time.

As far as the TG accounts, they're both termed so it maybe their comeback didn't go so well for them.
 
  • Informative
Reactions: Markass the Worst and rel=alternate
two3oh9 said:
Also yeah, I'd be willing to bet that it belonged to flar.
Click to expand...
I seriously doubt Flar has anything to do with this site. He seems like just another comfag groomer—the type who uses his com points to coerce underage girls so he could get off, which goes against pretty much everything in that guide. The guide focuses on sextorting for monetary gain rather than personal status (if comfags knew how to capitalize on what they were doing, they wouldn't publicly boast about being Diddy ass niggas).

That said, I do recall seeing that site spammed all over doxbin comments, so he might be funding it or promoting it. But writing the actual guide? Probably not. The person behind it likely isn't a comfag, though may be com-adjacent—not that they'd ever come out and admit that.
 
  • Disagree
Reactions: Felon Musk
ohmynights said:
But writing the actual guide? Probably not. The person behind it likely isn't a comfag, though may be com-adjacent—not that they'd ever come out and admit that.
Click to expand...
I'm not convinced Flar wrote the guide either. I would have expected to see more long-form posting from Flar if he did. Not convinced the author of a Sextortion Guide that took 2+ years to write would also record Soundcloud raps about swatting people, but willing to be convinced otherwise.

Hosting it and distributing it is a different story.

I attempted to locate instances on the internet where specific combinations of words—chosen for their relative uniqueness—appeared. This is an ongoing effort and remains a work in progress.

This document reflects an attempt to identify occurrences of particular word groupings on the internet that appear to be reasonably unique. The process is ongoing and exploratory in nature. Findings should be interpreted cautiously, as the presence of these phrases does not inherently verify authorship, intent, or identity.

Guide:
" If you choose to go further, it is at your own risk."
"YOU’VE BEEN WARNED."

Source:
Book is called Haunting Adeline by H D CARLTON
" If you choose to go further, it is at your own risk. YOU’VE BEEN WARNED. But on the
other side, you may find a way to unleash your deepest desires."

"H. D. Carlton is a New York Times, USA Today, and internationally bestselling author. She lives in Oregon with her husband, two dogs, cat, and Bigfoot. When she's not bathing in the tears of her readers, she's watching paranormal shows and wishing she was a mermaid. - Google Books"

Guide:
"less likely to report due to societal stigma"

Source:

Guide:
"carry out these acts without fear of being caught"

Source:

Email in WHOIS data of above URL: panweizheng@188.com

Guide:
"Quantity is the main theme here"

Source:

Guide:
"shapes them into formidable individuals"

Source:

"This is to be expected" and "formidable individuals" appears in:

Guide:
"important implications for understanding human behavior and social influence"

Source:
Apparently the owner of the site is:
Klaus Gebhardt (Check legal about section)

Guide:
"gather information about their current activities" [This appears in a few places]

Source:

Interestingly, Isadore has a BA in English and Linguistics. The author of the guide mentions being an English Major.

Also:

Guide:
"this is to be expected" AND "close to zero" AND "On the other hand"
These seem to be common engineering terms used in conjunction with each other often though.
Source:
https://news.ycombinator.com/threads?id=correct-horse via Post History

Guide:
"subconscious implements"

Source:
There are a few profiles on Reddit/YT/Medium, need to return to check results

Guide:
"displaying hesitancy or reluctance"

Source:
Only occurrence is within book by Damien Rogers (Australia) called Postinternationalism and Small Arms Control

Guide:
"due to the fact that it is preferable"

Source:

Guide:
"emotional state may cloud their judgment"

Source:
and

Guide:
"We throw away what could have been and waste our opportunities"

Source:
Colleen Houck - American Writer

Guide:
"mutually beneficial relationship that increases the likelihood "

Source:
AND

Guide:
"RDP is a necessity"

Source:

User: Drock32
Also here:
And:
ProblemChyld

Guide:
"This is as much as you can get"

Source:
https://stackoverflow.com/questions/73432955/sqlite-transaction-on-power-failure-or-system-crash (https://stackoverflow.com/users/17472988/pchemguy)


Guide:
"It may take some time, but they eventually will"

Source:

Guide:
"pose challenges for authorities trying"

Source:

Guide:
"receive credible insights about"

Source:

Guide:
"because of a mere report"

Source:
User:Kumar22
Lots of posts by this user about criminal cases, possibly ex-police officer from Singapore

AND

AND

Guide:
"law enforcement's first priority would be"

Source:

Guide:
"nobody knows how to do it effectively"

Source:
The Referral Mindset: 7 Easy Steps to EXPLOSIVE Growth
https://iainmcgilchrist.substack.com/p/ch-12-extract-2/comments?triedRedirect=true

Guide:
"Take admiration from people who do the
deed, and are still free to tell the tale."

Source:

Guide:
"If this resource has helped you, please consider sending a contribution."

Source:
Appears at bottom of "Dark.Fail"
 
Last edited:
  • Autistic
  • Agree
  • Thunk-Provoking
Reactions: VargReallyDidNothingWrong, ripsquad, Felon Musk and 1 other person
It doesn’t really matter at this point if he did or didn’t write the manual. Once he is doxxed/ arrested it will be attributed to him, and if he didn’t write it he will tell on who did. These types roll very easy when confronted with consequences.
 
  • Agree
Reactions: BigPeanut, two3oh9 and alphabetnigger
You must log in or register to reply here.
Back