// first 10 minutes
sextortion — quick-start
sextortion — first 10 minutes. do not pay. preserve the threat message. print this, check boxes, then run the primary tools.
checklist
- do not pay — payment confirms a live target and triggers immediate re-contact with escalating demands.
- screenshot the threat message with the platform's timestamp and the sender's account handle visible.
- do not delete the message or the sender's account — evidence of identity and timeline is in the metadata.
- do not respond to the sender — any response tells them the account is monitored.
- export the conversation from the platform if possible (most apps have a 'save chat' or 'export' option).
- note the platform, handle/username, and whether the content was received or only claimed to exist.
- if the sender is known: note how they obtained the content (relationship, breach, phishing, AI-generated claim).
- if actual content is threatened: do not share the images further to 'check' — NCMEC CyberTipline handles reports without requiring re-viewing.
- report to the platform's trust & safety team — use the 'report' button and note the report ID.
- begin the primary tool path below — sextortion timeline builder and sender identity analyzer.
primary tools
- 01email header analyzerpaste raw email headers · trace hop-by-hop routing · SPF · DKIM · DMARC · detect spoofing · visualize delivery path · runs locally
- 02ios imessage deletion artifact detectordrop ios sms.db · rowid gaps · join orphans · deleted_messages tombstones · ck_sync_state=2 · two-db guid compare · bulk deletion · runs locally
- 03iOS WhatsApp artifact forensic extractordrop iOS WhatsApp ChatStorage.sqlite and Contacts.sqlite · parse all chats, messages, groups, and media references · reconstruct conversation timelines with delivery status · surface location shares, contact cards, and deleted message placeholders · runs locally
- 04android whatsapp database forensic analyzerdrop an Android WhatsApp msgstore.db · parse all messages, chats, groups, and media metadata · reconstruct conversation timelines · surface message delivery status, forwarding metadata, location shares, and contact cards · detect deleted message gaps · runs locally
- 05ai generated image provenance analyzerpng tEXt chunk inventory · sd metadata · stripped metadata flag · provenance csv · runs locally
- 06face swap artifact detectordrop an image · jawline color mismatch · compression boundary heuristics · face-region signal table · runs locally
- 07bitcoin transaction decoderpaste raw transaction hex · decode inputs outputs scripts · fees · locktime · segwit · p2pkh p2sh p2wpkh · runs locally
- 08crypto tx graphpaste json csv btc hex · directed graph · hub peel fan patterns · ascii viz · stats · csv json export · runs locally