Posted an ad on Craigslist, then got threats and possibly framed for malware. Recommendations?

[stymie]

What up all. Long story short, I posted an ad in the computer services section, then received the following message a few hours later:

BECAUSE IF YOU DO, I WILL ARRANGE MASSIVE CONSEQUENCES!

STAY THE FUCK OFF OF CRAIGSLIST IN SEATTLE, I MEAN IT.  I WILL TARGET EVERY SINGLE PERON ON THIS PLANET WITH THAT NAME.

ALL OF THE BELOW WILL BE SENT TO THE FBI, AND I AM BLAMING YOU FOR THE MALWARE ATTACKS!

NEVER, EVER COME INTO MY TERRITORY AND THINK I WILL LET YOU BE HERE MOTHER FUCKER.

I FUCKING HATE YOU!


https://music.getyesappz1.com/wim/lp/lp6/1/index_19.php?c=209524320063058258866
canonical name    loadbalancer.in-application.com.
aliases    music.getyesappz1.com
50.22.137.11
184.173.189.211
184.173.189.235
50.22.179.15

ALSO FORWARDED TO THIS
https://lp.searchdimension.com/2020-14/#sdapp93
canonical name    lp.searchdimension.com.
104.24.10.100
104.24.9.100
2400:cb00:2048:1::6818:964
2400:cb00:2048:1::6818:a64

Also forwarded to this
https://p1.firrectly.top/?tag_id=718111&sub_id1=&sub_id2=-1870370906463870367&cookie_id=49b4dfb0-b79c-4181-8620-ed6e62db7cf1&lp=allow18&tb=redirect&allb=redirect&ob=redirect&href=https://pimmuter.com/?tid=718111&noocp=1&hop=-1sub=p1&sub=p2
anonical name    p1.firrectly.top.
52.7.164.78
54.210.238.222
52.201.206.53
54.209.58.56
34.202.143.175
54.88.110.208

ALSO FORWARDED TO THIS
https://music.getyesappz1.com/wim/lp/lp7/index_60.php?c=209524320063058308697
canonical name    loadbalancer.in-application.com.
aliases    music.getyesappz1.com
50.22.137.11
50.22.179.15
184.173.189.235
184.173.189.211

ALSO FORWARDED TO THIS
http://messengertime.dist-app.com/?c=rhmsn&subid=209524320063058494431&CID=209524320
canonical name    d1plcu5cfq9vl5.cloudfront.net.
aliases    messengertime.dist-app.com
addresses    13.33.227.72
13.33.227.14
13.33.227.230
13.33.227.170

ALSO FORWARDED TO THIS
http://movie.getplaynsearch1.com/wim/lp/lp7/index_40.php?c=00274989p063058496528
canonical name    loadbalancer.in-application.com.
aliases    movie.getplaynsearch1.com
addresses    50.22.137.11
184.173.189.211
50.22.179.15
184.173.189.235

ALSO FORWARDED TO THIS THROUGH 5 OTHER URLS
https://install.combo-search.com/?pid=53012&clickid=-913220177888350548&subid=700762&pgs=1
canonical name    pagegen-us-east.cloudapp.net.
aliases    install.combo-search.com
lpages.trafficmanager.net
addresses    52.234.130.150

FORWARDED TO THIS AFTER ATTEMPTING BACK UP
https://free.internetspeedtracker.com/index.jhtml?rdssl=1&partner=^BBQ^xpu298&s1=700762&s2=0f856375a83a5b82f9403c28a414d0b8f4f5787a
canonical name www180.myway.com.
aliases    free.internetspeedtracker.com
addresses    74.113.233.180
ABUSE@MINDSPARK.com

ALSO FORWARDED TO THIS AFTER BACKING UP AGAIN
https://install.stream-all.com/?pid=53162&clickid=3532960158783207581&subid=700762
canonical name    install.stream-all.com.
addresses    104.25.25.110
104.25.26.110
2400:cb00:2048:1::6819:196e
2400:cb00:2048:1::6819:1a6e

ANOTHER FORWARD AFTER BACKING UP, INTERMEDIATE LINKS ARE HARD TO GET
http://greatzip.com/adv1/site.php?advertiser=UTM_BID&ID=prop18cc&sub=prop18cc&subid=1320852&S2=478891941075
canonical name    greatzip.com.
aliases
addresses    104.18.45.103
104.18.44.103

another
https://install.streaming-time.com/?pid=53206&subid=1365143&clickid=478902435806
canonical name    pagegen-us-east.cloudapp.net.
aliases    install.streaming-time.com
lpages.trafficmanager.net
addresses    52.234.130.150

another
https://install.incognitosearches.com/?pid=52866&clickid=4568811009010242574&subid=700762
canonical name    install.incognitosearches.com.
aliases
addresses
104.24.30.41
104.24.31.41
2400:cb00:2048:1::6818:1f29
2400:cb00:2048:1::6818:1e29

MAIN DROP SITE
https://p1.firrectly.top/?tag_id=700762&sub_id1=&sub_id2=5206357409016583531&cookie_id=49b4dfb0-b79c-4181-8620-ed6e62db7cf1&lp=black_normal&tb=redirect&allb=redirect&ob=redirect&href=https://pimmuter.com/?tid=700762&noocp=1&hop=-1sub=p1&sub=p2
STARTS AT https://p8.firrectly.top/?tag_id=700762&sub_id1=&sub_id2=-5432091602986115882&cookie_id=49b4dfb0-b79c-4181-8620-ed6e62db7cf1&lp=black_normal&tb=redirect&allb=redirect&ob=redirect&href=https://pimmuter.com/?tid=700762&noocp=1&hop=4&sub=p6

Obviously the plan is to report this, but to who? Seattle PD Cyber unit? State of Washington Internet Department? FBI?

This POS also had my name and address in this email, so who knows what he is capable of. All of this because I posted an ad in HIS city.

Want to go after this $%&! ASAP. Please let me know your recommendations on this or advice if you have dealt with something like this. For the net detectives out there, I have the email address that it came from, so message me if you want it.

 

[Potatoe]

Did anything come of this, did you hear from them beyond the first email?

 

[Calamari]

I don't know how craigslists works with combating this type of stuff but I'd report it to them and archive the email. Then I'd post the same ad once a day for 100 days in a row if it was making me money.

He's probably a mere shadow of the man he pretends to be online. I wouldn't be afraid of this guy and I definitely would not respond to him either.

 

[seoauthority]

What was the ad you posted? If you let me know, I will post a similar ad on Craigslist in Seattle to try and stir shit and see what he does.

How did he find your address? Did you display it in your Craigs list ad? And what was the product you were selling?

Seems like a bluff to me.

 

[bernard]

Sounds like some silly kid from BHW, likely not american judging by the crappy spelling.

 

[Ryuzaki]

This POS also had my name and address in this email, so who knows what he is capable of.

Did you link out to a website that doesn't have WhoIs privacy? Or perhaps your server is showing your email address if it's a VPS or dedicated server, like they do in certain records if you don't change them.

If that's not the case then Craigslist is leaking your IP address or other information somewhere. It's not unheard of. We used to mess with people (in a friendly fashion, just our buddies) on Skype when they used to leak IP addresses.

If not that then he's got some man-in-the-middle attack on Craigslist to intercept your data when posting, which I doubt.

I'd say it's more like a parlor trick, and we just haven't seen the sleight of hand yet, so he seems powerful. The rest of the crap he pasted is pretty meaningless. I can go plant an illicit substance in a city park and call the cops and say "Stymie did it!" and they have zero proof and thus won't even bother investigating it.

"Here's some random URLs, their name servers, the IP's of the servers. I send this to the police! Be scared!" This is data you can get on any single URL on the internet in like 30 seconds a pop. It means nothing.

It's an intimidation tactic that's relying on you not knowing what a bunch of spooky lines of data mean, that's "validated" by him grabbing your name and email and address somehow, most likely through WhoIs data I'm guessing.

 

[lion1978]

Save his message do a screen dump of it, and rest asured that it is a bluff, cause if he was going to do what he is claiming that he is going to do then he has just provided evidence against him self, in that case then he is just to stupid to be allowed to breathe.

And although his message sounds like he is 12 years old, just save it as a precaution, always do that if someone threatens you no matter what, find out who the correct authorities are, I'd probably start by contacting Seatle PD, if nothing else then they should hopefully be able to tell you who the correct authority is.

Now I don't know how the laws work in your part of the world, since I'm not american (my spelling errors would give you a hint LOL) but at least where I am from in Europe being in position of Malware is a serious criminal offense, and since he admits to have it and wants to "frame you for it" he could be in a lot more trouble than he is begging for.