Ramblings of a Tampa engineer

A few days ago I got an odd message sent to me - someone was curious if I was the owner behind exedecompiler[.]com. I of course was not and was curious why I was being asked.

Turns out this individual was trying to chase down the owner of this site as they were communicating with them and ended up getting scammed out of $500. They sent some snippets of the chat conversation and it looked pretty suspicious.

Maybe at my age and time on the Internet - I've learned that you rarely, if ever, trust a business transaction on Telegram with a cryptocurrency as the payment. So an expensive lesson learned for this individual.

Shortly after the payment was confirmed - the telegram account blocked the individual as well as clearing the chat. For some reason he had some various photos saved from this exchange which ended up being the photos you see above.

So how did this site point back to me?

Wayback Machine - "exedecompiler[.]com"

As you scrolled down the site - it listed four projects as "Recent Work".

  • Apktool
  • Leaf
  • Halo Depot
  • Panda Love

These are projects I've either created from scratch or been maintaining on my GitHub. The descriptions were copies of the GitHub repositories with honestly zero effort in adapting it to fit the website design. As you can tell some of the description is literally the setup guide for one project.

I was furious yet again - this time a site was selling a service for $50 for disassembly of .apk and .exe files and using my username/projects as the portfolio. This was now the 2nd time myself/my-work was being impersonated - the first being this odd interview tale.

Ignoring the obvious fact this is impersonating my accomplishments and successful projects - this is an odd business model because both of those services have free open-source tools to accomplish said task.

So once again I decided to message the perpetrator behind this scheme.

It seemed pretty obvious that my profile wasn't "random" when it came to this site. You don't build a scam site marketing reverse engineering services then happen by chance to come upon an author (me) who maintains the most popular .apk disassembler.

As I am trying to balance submitting abuse reports to the domain (Namecheap), host (Cloudflare) and Messaging (Telegram) I realize my chat with this individual is now over - I am also blocked and the chat history is cleared.

I don't really like Telegram's ability to do that, which I guess is why many flock to it for illicit business. I just happen to use it heavily for Ingress.

In my last screenshot I had with this individual I was trying to get a refund for an individual scammed. This was never going to work, but I was surprised to find this individual claim a "business gone wrong" instead of a scam.

Is this site really trying to do something legit? I seriously doubt it, because as I write this post - the site has changed again.

My four projects are gone - now we find another collection of random projects I'm 100% confident are NOT built by this individual. This time the scammer has learned and is no longer hyperlinking these projects so its a bit more difficult to track down the original owner of them.

They must be upset as the prices have changed from $50 to $100. Maybe one of my abuse reports will end this scam - who knows.

Each time I get wind of one of these situations - I wonder how many go unnoticed.

You’ve successfully subscribed to Connor Tumbleson
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Success! Your email is updated.
Your link has expired
Success! Check your email for magic link to sign-in.