Conversation content signals an extortion-and-scam workflow wrapped in hacktivist bravado and doxxing theater.
Language and structure show two intertwined activities. First activity: reputational violence. Text openly celebrates “tricking” a target into revealing a phone number, then publishes it alongside claimed names and a “chat was doxed” boast. Doxxing targets personal safety, social standing, employability, and family security. Public exposure also primes follow-on harassment, SIM-swap attempts, account takeovers, and coercion.
Second activity: payment coercion. “eagle” pushes repeated payment rails, starting with Bitcoin addresses, then moving to Binance, then to mobile-wallet transfer “via my phone number,” then to splitting transfers because of limits. Script matches classic social engineering: urgency (“send now”), reassurance (“trust”), escalation (“file ready”), and flexible payment options to reduce friction. Monetary target sits front-and-center, not ideology, not activism.
Targets Targets include financially motivated victims inside Yemen and the Gulf, plus low-opsec “new teams” in the hacktivist scene. “Thard” also references a Yemeni payer and local transfer services, pointing toward regional targeting where mobile wallets and local remittance networks dominate. Secondary targets include rival groups, where humiliation and exposure weaken recruitment, fundraising, and perceived competence.
Maliciousness Intent reads as malicious. Doxxing inflicts harm without legitimate purpose. Payment pressure indicates fraud or extortion. Claims of “file ready” plus “send full amount” suggests a promised deliverable that never arrives, or a “release” threat that never ends. Group-tagging (#DIF #DieNet) and mocking language (“kid,” “stupid”) add coercive dominance signaling.
Functions Core functions appear as: Credential and identity harvesting through casual chat. Payment capture through crypto and mobile-wallet rails. Trust manipulation through repeated reassurance, urgency, and “I will send the file” gating. Reputation attack through public posting of private identifiers. Group branding and intimidation through hashtags, insults, and public “caught you” narratives.
Capabilities Operational capability looks moderate, not advanced.
Social engineering skill: competent at steering a conversation toward payment and extracting a phone number. Tactic relies on persuasion, not technical exploitation. Multi-rail payment knowledge: familiarity with Bitcoin, exchange transfer flows, and local mobile-wallet constraints. Criminals often optimize payment paths, since payment completion equals success. OSINT awareness: claimed “names from free sources” suggests basic open-source lookups and cross-referencing. Cyber capability: no evidence of malware development, intrusion tradecraft, exploit use, persistence, or operational security discipline. Public bragging plus doxxing suggests low discipline and higher exposure risk.
Credibility and tells Messaging shows repeated wallet strings and repetitive prompts. Repetition often functions as pressure, not proof. “File ready” remains vague, with no metadata, preview, hash, or verifiable description. “I sent a thousand accounts” reads as intimidation, not evidence. Group identity claims remain unverifiable inside the text.
Risk picture Greatest near-term risk lands on the doxxed individual and anyone connected to the number, since harassment, threats, SIM-swap attempts, and fraud follow doxxes. Financial loss risk lands on anyone who transfers funds, since scam patterns match the exchange. Escalation risk rises after partial payment, since “split transfers” often turns into repeated “fees,” “limits,” “verification,” and “one last step” demands.
Immediate defensive moves for a targeted person Phone carrier action: add a port-out PIN, SIM-swap lock, and high-friction account changes. Account hygiene: rotate passwords, enable app-based MFA, review recovery emails and numbers. Payment hygiene: treat “send money to get file” as fraud until independent verification exists. Threat monitoring: watch for impersonation accounts, new messages from “friends,” and sudden login alerts.
Privacy note Personal identifiers appeared in the text. Republishing phone numbers or names increases harm, so analysis above avoids repeating them.
eagle:
هلا
اسلام عليكم
Thard:
وعليكم السلام ورحمه الله وبركاته
اعطني رقم التحويل من فضلك
eagle:
13328C6Nw8okUce4HfRQb7xkk4ijHqx8Zz
بي تكوين
TKGDJ52Apq1s4WQvewZmdy8FfLtUoN2Zba
13328C6Nw8okUce4HfRQb7xkk4ijHqx8Zz
عبر الي تريد
Thard:
ليس لدي بيتكوين اخي العزيز فقط xmr و اذا غير متوفر عندك لدي صديق يمني ادفع لك عبر سبأ كاش
eagle:
حواله حواله
عبر كريمي
او عبر العملات المشفره
Thard:
دقيقه اسأله اذا كان لديه
eagle:
تمام
عبر بينانس
اسهل واخرج
Thard:
خلاص اخي عندما يتوفر كريبتو أن شاء الله اخبرك
لأن هو اللي بيدفع اصلا مو انا
eagle:
عبر جوالي
حواله
Thard:
خلاص تم
دقيقه
eagle:
جوالي
Thard:
تم يقول
كم مفروض يرسل
eagle:
اعطيك رقم المحفضه تبع جوالي
يرسل المبلغ كامل الملف جاهز
ارسلك الملف
Thard:
أن شاء الله
eagle:
716697919
عبر الرقم
Thard:
الملف علي ضمانتك اخي أن شاء الله
eagle:
جوالي
لا تخاف
Thard:
حسنا دقيقه اخي
eagle:
والله لرسله الان الف حساب
Thard:
تم اخي الكريم أن شاء الله بضع دقائق
سيقوم هو بأرسال 47 الف و 600 ريال يمني
صحيح؟
eagle:
كريمي او جوالي
Thard:
جوالي عبر هذا
eagle:
ايوه
محفضه جوالي
Thard:
نعم
eagle:
جوالي
تمام والباقي
Thard:
نعم اخي خلاص ارسلت له قال سيقوم بتحويل المال بعد بضعة دقائق
كم مفروض أن يرسل
eagle:
200دولار
Thard:
هو يقول 200$ تعني 47 و 600 ريال يمني
eagle:
200دولار 💵
تطلع اكثر
Thard:
قل لي كم ارسل له اهي وهو يحول المال
قبل أن يرسل
eagle:
100الف
تطلع
تطلع
Thard:
دقيقه
eagle:
200الدولار
Thard:
هو يقول حد التحويل عنده اصلا 50 الف ريال وتتوقف
ما الحل
eagle:
حواله
ارسلك بي الحسابات ترسلي الباقي
Thard:
همم
طيب ينفع يرسل لك الآن نصف المبلغ
ثم بعد دقائق الباقي
هو لديه ربما حل أو طريقة يعني اقترح علي هذا
eagle:
ايوه
عدي ثقه
Thard:
خلاص أن شاء الله سأقول له أن يرسل الان النصف 50 وبعد دقائق هو سيرسل الباقي
eagle:
تمام
حواله انا فنتضارك الملف جاهز
Thard:
انتظر رده والله
eagle:
جاهز
الملف
💭Hello, as a Saudi member of DieNet Hack, a new team called Anonymous Sana’a caught my attention
😄With claims that make you believe they are the smartest creatures on Earth and other exaggerated things
So today I decided to have a conversation with their team leader to see how intelligent he was, and he was just as I expected (stupid)😂😂
😂He was easily tricked into sending his phone number, and it was very easy without any refusal from him
My little Anonymous ssana kid owner phone number:+967716697919
Chat was doxed
Names from free sources, you can confirm
#Abdo_Elsayed #Ali_Alazraq
And of course, that person tried to scam me by sending him the money, but he didn’t expect that it would be the DIF pursuing him this time
#DIF #DieNet
