jira-projects/MISC#37: Reply to spammer - Aidana

OK, so the mail is this - I've blurred email addresses because the claimed sending mail is almost certainly an innocent but compromised account

The attachment is a pretty woman eating a meal and holding up her wine.

A reverse image search didn't reveal any organic matches but did show a couple of anti-scam listings (like this). It looks like the scammer consistently uses the name Aidana, though the email they ask to be contacted on is different.

A quick search of my spam box for Aidana shows a number of different attempts

Each came from a different email address - all have domains in southeast easia (most are .jp but there is a .tw)

The contact mail (kroxakzake@gmail.com) is consistent across almost all of them, apart from one which asks me to contact them at devochkamedikfialka@gmail.com.

Across these emails, there are 3 different photos - the one I described before, another which is that photo cropped in a bit and third which is of a completely different woman wearing a cat-ear headband and stretching her legs out in front of a Xmas tree.

I'm not attaching them here because I may make this ticket public at some point and they are not AI generated - they're photos of real women that have been stolen from somewhere.

There's no metadata on the image that's particularly interesting in telling us anything about the spammer.

However, they do all carry the IPTC tag iptc.application2.SpecialInstructions

That FBMD prefix tells us where the images came from. Facebook is known to add that metadata to uploaded images.

I used a random name generator to create myself a name

And have set up an email address under that name

I've put together a reply - as I writing it, I realised that I don't really know how their marks would normally respond.

So I kept it fairly short and simple

OMG Aidana, your gorgeous!

Khazakstan looks amazin, have you got any more pics of where you live?

I'm 53, divorced and live in Yorkshire in the UK. Its a pretty place to live, but there aren't any women who look nearly as good as your round ere and the evenings can be a bit slow

btw, how did you find my email, is there someone we both know or was it just luck? either way, nice to meet you

So, now we wait...

If I don't hear anything back I'll move this ticket to public so that others can find it

No reply... I've been jilted by a romance scammer...

OK, moving this to be public in case it helps someone the scammer does want to respond to.

Reopening - a reply came through this morning.

Hello Carl!

I was lucky enough to get your letter and I am eager to leave some notes for you. I am so sorry for this short e-mail.

Now I am at work and cannot write a long letter. Tomorrow I will have more free time and I will write everything about myself without any problems.

Now I will write to you briefly so that you know that I have received your letter. You can call me Aidana. I've been working as a dentist and maxillofacial surgeon for about ten years. It is the third time of my trying to get acquainted with my sweetheart on the net, because all my early approaches turned out to be useless. My last experience of online meeting dissapointed me greatly. It turns out to be that there are only scammers on the Internet and a few candid and intlligential man.

If u r a lightweight person who looks only for sex and naked pictures, I would never write you back.I am a respectable and serious lady and I would never send nu pictures on-line and won't play games. I am going to admit one more try again to set up relationships online I believe that it will be useful.

I hope that u r truthful human who also is looking forward to a lifelong relationship that will lead to a meeting. I am sure that the age difference is not a difficulty and I am concerned that age is just a number. I can say that distance means nothing to me because in the 21st century one is able to have an acquaintance in every place.

Whether u want to try to see what a person I am, then I am waiting for your e-letter and your decision. Now I have to go, as patients and work await me. I am writing you a letter from the clinic where I work. I will write you about me in detail the next day.

Have an amasing day and charming mood!I am attaching my photo.

With a great hope that you will appreciate my pic.

Your very sincere, Aidana

Note: this email came from a different address to the one I'd sent my reply to. They're now using medikake220@gmail.com

The attached photo appears to be the same woman as in the initial email. This time sat with a glass of wine in front of a Xmas tree.

This time though, there's no sign of Facebook's IPTC tag. Instead it appears to have been edited in Photoshop earlier in the month:

The mail didn't ask for much, so I've sent a simple reply

Great to here from you Aidana!

I no what you mean, I tried online dating for a bit and so many women just went silent. I'm def looking for something real, meaningful and long lasting. I'm too old to just be lookin for a bit of fun.

I'd love to here more about you, the photo you sent was gorgeous - was that this chrissmas? I spent mine with just me and the cat (Tibbs), but we had a smashin time!

Carl

The email came from a different address to the one I'd sent my reply to (kroxakzake@gmail.com). They're now using medikake220@gmail.com

Mail headers indicate that their timezone is probably GMT+3 (Kazakhstan is UTC+5)

Date: Mon, 3 Feb 2025 12:18:45 +0300

The original SMTP came from an RFC1918 address via a Worldhost address, registered in Luxembourg

Received: from [192.168.191.209] ([194.147.93.12])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-438dcc6df1esm184820675e9.27.2025.02.03.01.18.48
        for <csweet@mym41l.co.uk>
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 03 Feb 2025 01:18:50 -0800 (PST)

Reverse DNS of that IP gives a domain name

$ host 194.147.93.12
12.93.147.194.in-addr.arpa domain name pointer srv1.serverlux3mburg1.com.

However it looks like that domain is no longer registered.

Shodan claims it has ports 80, 111, 443, 1723 and 5006 open. However, none of the them appear to have anything directly interesting.

Given the RFC1918 address in the mail headers, I would guess that a VPN is being used to connect via this box.

Luxembourg is also not in UTC+3.

The scammer is likely to be located in one of the following

A new reply came through overnight

Hello Carl!

How do you do? Hoping you are having a great dayl and you are in great mood, am I right?

As I promised you, I am texting you a more deep letter this time and I am eager to try to share with you as much as I only can about myself. I am writing you an email from my work computer as my home computer is broken and I took it in for repair. My computer is old and the handyman told me that there are many problems to be solved, though he will try to repair it. I devote a bunch of time to my work therefore it will not be a problem for us to communicate and

I can use my clinic's computer to email you without any problems.

I found your email on one of the dating sites, and unfortunately, I don't remember the name of this site anymore, since a month has passed and I still didn't dare to write to you.

1 month ago I have visited many different dating sites and tried to find my beloved, but I only came across men who only were looking for sexual intercourse, nu photos, money or just games. I did not want this and was surprised by these people on the Internet. Although a couples days ago, I still have decided to meet again on the Internet and message you.

Hopefully, it's not a mistake and I won't be frustrated. Are you a single person? If you are already in a relationship, then I will never interfere in your relationship.

It's a crucial thing for me.

Now a little about me. I am Aidana. I'm already 37 y.o. and I live in Almaty city. It is in Kazakhstan. You can come across a huge amount of info about the city where I live on the Internet. My date of birth is August 18, 1987 and my zodiac sign is Leo. I have never been married therefore I have no have children.

My by-gone relationship ended two years ago because this man I was in love with cheated on me with another girl. We were together for 8 years and were ready to get married, still he lost his job 2.5 years ago and drank a lot of vodka and have cheated on me with another woman. He was chasing me for three months, granted me flowers and pled for pardon.

However it's not possible for me to forgive betrayal. Now it's all in the past and I've been a single girl for 2 years therefore now I plan to build a new relationship.

I want to find a man from a different country as there is no reason for me to live in Kazakhstan, therefore, I'm going to move from this country. My flat is located in the city center.

I am a dentist and maxillofacial surgeon by profession. I work in a private clinic in the city where I live. I am a doctor of higher category and I went through internship and advanced training in different countries 3 times. The trainings were meant to introduce new technologies and modern developments in the field of dentistry.

I have been to the USA working in a large clinic in Manhattan (New York) 3 years ago and the internship took me 4 months there.I liked New York and especially Central Park. France is a cradle of romance and love, and Israel is a country steeped in many religions. I spend a lot of time at work and therefore I write letters to you from a work computer in my clinic.

I am 170 cm high and my weight is 52 kg. I don't smoke and hardly drink alcohol. I am trying to keep a healthy lifestyle and go to the gym 3 times a week. I like forthright, tender-hearted and self-confident men. I also like when a man has a funny bone. As they say, we have humor and laughter prolong life-:)

Hoping you enjoyed my letter and it was not stodgy????? I will always be honest and heart-to-heart in my emails and will answer all your questions faithfully.

That's why I want you to be truthful, open with me and not play games. This time, I was trying to tell more about me and if you want to ask me about something,

I will answer you in the next letter.

I have a hope that your next message will also be longer and you will tell me more about you and your lifestyle.

I am interested in everything about your life, your city, your country, your work and your friends.

Please do not forget to send me your photos, as it's important for me to see a photo of the one who I am writing to such large and sincere emails.

I am sending you more of my photos as well. Hope you like me, do you???????? Please be upright with me as it's important to me. If you don't believe me and think I'm a scammer, then we'd better finish now, because without trust nothing can be created. Agree???

I can’t wait to hear from you! Aidana

One image has metadata indicating editing in Photoshop on 7th June 2024

The other lacks any metadata of interest

The email came from the same address as before, and the headers again indicate a GMT +3 timezone

Date: Tue, 4 Feb 2025 12:28:45 +0300

It was sent via the same SMTP server.

Reply sent:

Hello Aidana!

I'm in a good mood, yeah, hows bout you?

Sucks that your pc is broke, mine was too last year, had to buy a newone in the end. Is good that you can use one at work tho.

I'm on a few datin sites, that makes sense an yeah I've been single for a bit.

I'm an Aries (Apr 1), which is cool cos the internet says we're the best match: https://numerologysign.com/leo-compatibility/ how magic is that?

Have you ever bin to the UK?

I reckon you'd like yorkshire - it's quiet and there's lots of hills. York's got nightclubs if your into dnacing - therere a couple of gyms too.

How soon were you thinkin of moving out of Kazakhstan? I'm actually movin house on Friday, packin ups a nightmare, but the new place is just down the road and bigger. I work as a delivery driver, can be long hours but the moneys pretty good - I haven't the brains to be a doctor or a dentist lol

Got a reply, scammer told me off for not having included photos!

Good afternoon Carl!

I am extremely happy to get your new letter.

Why don't you send me your pictures? Are you not interested or are you hiding something from me? I ask you to send me as many of your photos as possible. I really want to know how you look. I hope to find some photos of you in your next email.

For me, the age difference doesn't matter. I think a man should be older than a woman. I believe that the older the man, the wiser and smarter. I think the most important thing in a man is his mind. So I really like that you are older than me and I think that you are a smart man and I am attracted to it.

No, I've never been to the UK, but I really want to visit your beautiful country.

How are you today? How are you feeling? I really want chatting to help us to get to know each other better and therefore to meet.

I think that in the 21st century when planes fly every day, it is not a big deal to to plan a meeting. Distance is not a problem for me. What only matters is a desire of two people to be a couple. Do you agree??? If through our letters we can build relationships, then I can easily come to you, to your country.

As I told you before, I am texting you from my work computer. As I spend most of time at clinic at my work computer therefore I don't need a computer at all at home. I can write you letters from my work computer without problems. I have a smartphone however today I dropped it in a disinfectant. I became so upset and immediately took my smartphone to be repaired, but the master told me that the liquor had corroded several small parts and it is easier to buy a new smartphone than to repair the old one.

However I have wanted to get a new cell phone for a long time and now I will get an opportunity to buy a new phone in 2 weeks, when I get paid. Now all electronic devices became very expensive, as the dollar and euro have grown very much in the country where I live. But I am asking you not to flutter and in 2-3 weeks I will get a new phone and immediately give you my phone number therefore we can chat on WhatsApp and call via Skype. Still, I hope you to be patient, due to the fact that till I get my salary, there is no opportunity to buy a cell phone. Without a phone, I can't use WhatsApp or Skype therefore I ask you to be a little patient. I am upright with you and I am telling you only the truth and ask you not to doubt me. But until I buy a phone, there is no problem for me to call you from my work phone I have at work and write to you from the computer I have at clinic. My director gave me permission to do this. That would be great if you write me your phone number in your next message and in the next couple days I will be able to call you. OK?????? I want to believe that you want to know the way my voice sound too, am I right????

I support the idea that a telephone conversation will help to strengthen our reliance in each other. Do you support this??? That's the reason why, in the next email, I expect you to write me your full phone number with your country code. O'key? Looking forward to talking to you on the phone and I hope it won't be an issue for you to share your number with me. I only want to call you and how you sound like. Alas, I do not have a page on Facebook. I deleted my profile one year ago,because several bizarre men constantly wrote to me with an proposal of lovemaking and sharing my nu photos for money, that's why I decided to delete my profile, due to the fact that there was nothing useful for me. I do not like social networks as I prefer real communication.

My friend was crossing the road 3 months ago while she was chatting with someone on Facebook and did not notice the moment she was crossing the street when the signal was read and was hit by a car and died. It sometimes seems to me that nowadays many people became zombies spending all the time on their phones thus not noticing the dangers.

It turns to be good that I drowned my cell phone in a fluid and now for 2 weeks I have a rest from a mobile phone and devote more time to real communication with people, rather than virtual. I have heard a buch of information about Net cheating and I want to make you sure that I do not need anything from you.

Your personal info, bank account and money do not interest me. All I'm interested in is building relationship based on love and trust. I am asking you not to compare me with other ladies, and even more with scammers. I am a higher category doctor, I have been to several countries and that's not a big deal to pay for myself and be an independent woman. That's not in my interest to share time with a man who can play with feelings, is looking for money or adventure. I am looking for a gentelman who will know what he wants, who is real, heartfelt and with a good sense of humor..)

I hope for your sincerity and reciprocality. What about being open-hearted with each other and learn more and more about each other every day.

I think that only the step-by-step development of the relationship will help us to meet. What do you think about it? Now I am going to let you know more about my family...

It is a pity that, there is no one I have, since my dad left me and my mother when I was seven y.o..He went to another lady thus from that time I don't know nothing about where he is staying and if he is alive or not. He never even tried to see me again and I am very angry with him for this. My mother stepped out 2 years ago from cancer.

I love my mummy very much because she was the only person who truly loved me. My parents had only me and no other kids, so I have no siblings. There were my uncle and aunt, but they stepped out in a car accident a year ago. Nowadays I am a fully lonely woman still I have no one but my friends. I have my buddies to support me.

My best friend's name is Yulia and only she knows all secrets I have that's why I trust her even with my life. Her mother and my mother were best friends and now we are. I want to move from the country where I live forever, because I don't have anything to keep me here whatsmore my country is not advancing at all.

I would never set up relationship with local men, as they are not interested in anything at all except boose and drugs. Thus, I want to find a man on the Internet with who I can build a strong relationship based on love and credence. Can you be that man?))) At first glance, you are a good-tempered man who I am eager to rely on. What's your point of view?

Hope to hear from you soon and I would email you at once as I receive your reply, Aidana

Although I'm mildly curious about it, I'm gonna have to talk my way out of that phone-call - I don't think I can sustain the character for long enough IRL

I'm not sure I'll get away with this, but:

Oh sorry Aidana, I fort I'd added photos, tryin again, hopefully that worx. I'm not gud with computers lol

I'm feelin pretty gud, specially now I've heard from you. Was down the pub (dog and duck) last night havin a drink and thinkin bout what life must be like over there. Totally agree, all that matters if two people like each uvver.

s'funny timing really, my phone broke to - was comin out of the dog a bit wrose for wear and dropped it. Sum clumsy sod ran over it and now its in like a billion pieces - insoorance'll cover it but takes time. Imagine us both breakin our phones at the same time, must be a sign from heaven!

I do want to hear wot your voice sound like, but there's somefin I should probably tell you, specially given how much you've told me about ur family.

I can't fisically talk - I waz in a car crash too you see and it damaged my vocal chords. If I want to comoonicate with overs I have to write fings down.

That's also why I dont ave facebook - I posted after my accident and some nasty trolls started takin the piss. deleted me account and havent bin back since.

I no that'll be a shock, specially given wot happened to ur friend and aunt an uncle, but I really hope that doesn't put you off of talkin to me - I really luv reading your messages and replyin to you. Plus, of coarse, I couldn't give u my number atm only having been clumsy comn out the pub. I wood love to hear your voice tho, praps you could send me a short recording or somethin?

Anyway, that's darker than I ment to write, gotta keep our chins up eh

I ope to hear from you soon Aidana and praps we can set messaging or somethin up once we've both got our phones fixed in afew weeks. til then, I've always got me email open

Carl

The images I attached are deliberately broken - they've got JPG headers and legit(ish) looking filenames but most don't show anything meaningful:

The barely visible headshot was generated using AI (finally, a use for it!).

Looks like I probably got away with the photos - this came through at 12:19 GMT

Hello my dear Carl!

I am very glad to receive your new letter, thank you very much for your attention! I am very pleased with it.

How are you today? How is your mood? I hope everything is fine.

I want to thank you very much for your photos. I think you're a very handsome man and you look very good. I will be very pleased if you'll send me as many of your photos, photos of your home or friends. I'm interested in everything about you. I want to know you as well as I can.

My dear, why didn't you answer my question? In my last letter, did I ask for your mobile number????? Why didn't you write me your number?????? You don't want me to call you?????

Frankly speaking today I had a very busy day, I had so many thoughts in my mind and I'm full of strange but pleasant emotions! I want to share them with you and now I’m going to describe you what happened today. Today I woke up early in the morning. Bright sunbeams made me open the eyes. They filled my room with light and woke me up, because my bed is situated near the window. I got up, took a shower, went to the kitchen, prepared my favorite breakfast of omelet, a salad of Caesar and coffee. When I was eating I realized that I was worried about something. In fact, everything turned out to be very simple, don’t you think so my darling Carl ?

Yesterday, in my letter, I told you again about my idea of relationships and about my personal life. Hope you understand my intentions and plans for my future))) I wanted to come to work earlier and check my mailbox. I was very frightened by the thought that there was no answer from you. I usually go to work by public transport and in your city it is a real challenge! All busses are overcrowded, all people are in a hurry and sometimes I can hear the indignant shouts of people that they were crushed by someone… But I like the morning as it is)) It always brings news, good mood and new expectations!

Carl, today at work I realized that I will soon have an important stage in my life. Tomorrow I’m going to take part in a competition among medical professionals and the best candidates will receive grants for training and professional development. Such events take place in our country every year. Such grants give the opportunity to free-of-charge training abroad in order to acquire a new experience. I told you that I have already got such grants for several times and I had an internship in Israel, the US and Europe. So today I tried to finish my work as soon as possible. I think that I’ll go to the gym because it helps me to concentrate and express my thoughts correctly. This evening will be dedicated to the preparation of my presentation because I really wish I can get this grant. This grant gives the right to choose the country the winner wants to have there practice and a clinic, where one will be trained and work. Now I need to finish my letter and I hope that you are not resent… you understand that tomorrow there will be a very difficult and extremely important day for me! But I willbe forward to see your letter tomorrow)))))

Sincerely yours, Aidana

So, given that the previous message chided me for not having attached photos, we can assume that they're not looking for them and are simply looking for the presence of an attachment.

There's no attachments on this mail and the headers look much the same as before.

This email marks a change in the way the mail is written - terms like "Darling" and "my dear" are now being used, along this the implication that "she" looks forward to my mail each day. I probably need to start doing similar so that we progress through their playbook some more - I'm not sure whether the lack of phonecall is going to become a sticking point, if push comes to shove, it might just be worth a trip to Tescos for a cheap SIM

I suspect I'll get chided about the number again, but

Hello lovely Aidana!

Im so happy that you rote back so quick, hereing from you really brightens my day.

Sorry that I dint include a mobile number, I'd luv to here your voice but as I sed my phones broke and I woodnt be able to reply neway on account of my injury.

I no wot you mean about strange but pleasant emotions, cos I'm feelin them too - u were my last fort before I fell asleep and my first when i woke up. I know that it sound cringey but ur a bootiful person Aidana an Im so happy if Im makin life feel better for u like u are me. I really feel like ur my favourite person an I'm oldin our talks very dear

Gud luck in the competition. just fink, if u won that you culd come work and train in York for a bit and (if u wanted) we could even meet up sumwhere! I understand on keepin the mail short Aidana, focus on ur work, its important an Ill still be here after

Carl

Did a reverse image search and a bit of hunting around.

The images they're sending are stolen from this Russian Influencer's instagram - https://www.instagram.com/platinovskaya/ - she's called Zhenya Platinovskaya and appears to be a fitness instructor.

Here's the original of the latest image to be sent

The caption translates to "Bruges Embankment"

There's also the one with the collar that has writing on it

(caption says Yoshkar-Ola, Camelot)

And the one on the original email

Caption says "Batchelor's shelter"

And the recent lake one

No translation needed - it was taken at Yurino, Mairy-El, Russia

The crop on the cat ears + Xmas tree photo being a bit odd makes sense now: it was cropped, and because there were others in there

That's not the image that had the photoshop metadata though - that one's a Xmas tree and pink slippers. That one's from around Xmas 2024:

Translation is "I wish everyone to become the best version of themselves in the coming year! I wish you fulfillment of your wishes and an easy way to achieve your goals! "

There doesn't seem to be anything in it worth cropping out. The original doesn't have the Photoshop metadata (and, of course, has the Meta IPTC tag)

OHHHHHHHH now I see it. She's wearing an engagement ring in the original

Cheeky fuckers!

Anyway, we now know where the scammer got their images from - she's got hundreds upon hundreds of images on her IG account, so they can probably keep supplying images until the cows come home.

It probably also explains the repeated mention of going to the gym - I'd assumed it was intended as a casual reminder that she's fit and healthy, but as a PT, Platinovskaya has a ton of gym pics on her profile for them to nick. I expect I'll probably start receiving some of those soon.

I wonder, though, whether they're actively using grabbing stuff from the profile or using a stash - I wonder if there's a recent image on her profile that contains something specific I can mention to see if it prompts them to send me that image.

Once I'm done extracting information, I'll give her a heads up - odds are at some point she may end up getting messages by a scam victim wanting their money back and not understanding she's nothing to do with it.

UPDATE: in a different thread, they included a workout video ripped from the profile

OK, there's a few of her on a boat - some of them also don't look too influencery so they'd probably not feel they were too obvious.

Hello Aidana!

Sorry for mailin you twice in 1 day, I nos you wont even have sin my earlier reply yet, but I coodnt wait to talk to you again.

This afternoon I went on a riverboat trip - it was a posh yachty speedboat type thing. Have you eva bin on one of them boats Aidana? It wos amazin, I just sat and wotched the world fly by as I fort about how much I wished you woz there next to me

Neway, I know yous busy, just wanted to say that I'm finkin of you

Hopefully emailing twice in a day might also nudge them along their script a bit.

I probably will sort out a burner SIM because I'm curious how they'll handle the call - my guess is it'll be a real person on the other end rather than AI.

I also quite strongly suspect they won't start asking for money via email - it just leaves the mark too much time to think about it and realise it's a bad idea. I think they want whatsapp because IM allows them to add pressure/urgency

Today's reply took an unexpected turn

Hello my dear Carl! It made me very sad to not have a letter from you again. Are you busy? Or are there any other reasons for your silence? Maybe you didn't get my letter? I ask you to check your Spam folder. Your letters are also very often in my spam folder. I hope that today I will receive letter from you. Your Aidana

I wonder if this is a tactic to try and push harder for a phone number? There was a photo again - taken from the same Instagram profile. No interesting metadata.

I sent a reply which basically just resent yesterdays mail:

Hi Aidana,

I def replied, in fact I wrote u twice yesterdey did u not get them?

Here wot I wrote

Im so happy that you rote back so quick, hereing from you really brightens my day.

Sorry that I dint include a mobile number, I'd luv to here your voice but as I sed my phones broke and I woodnt be able to reply neway on account of my injury.

I no wot you mean about strange but pleasant emotions, cos I'm feelin them too - u were my last fort before I fell asleep and my first when i woke up. I know that it sound cringey but ur a bootiful person Aidana an Im so happy if Im makin life feel better for u like u are me. I really feel like ur my favourite person an I'm oldin our talks very dear

Gud luck in the competition. just fink, if u won that you culd come work and train in York for a bit and (if u wanted) we could even meet up sumwhere! I understand on keepin the mail short Aidana, focus on ur work, its important an Ill still be here after then the over male was

Sorry for mailin you twice in 1 day, I nos you wont even have sin my earlier reply yet, but I coodnt wait to talk to you again.

This afternoon I went on a riverboat trip - it was a posh yachty speedboat type thing. Have you eva bin on one of them boats Aidana? It wos amazin, I just sat and wotched the world fly by as I fort about how much I wished you woz there next to me

Neway, I know yous busy, just wanted to say that I'm finkin of you

I'm guessing the reply will be suggesting we should move to Whatsapp so that mails don't get lost, or maybe they've decided that I'm not a viable target and are dropping me by pretending not to receive replies

The other possibility, of course, is it's just that sending two replies broke their workflow - we know they're SMTPing into gmail via vpn, but we don't know what the MUA at their end is, could well be a bit of custom software