Has he mentioned just a few close friends, family or a long list?
Mostly close but a couple that are often associated with her on facebook.. The connection is facebook common tags/comments..

Could be anyone, not just someone she knows.

Has he sent nude proofs/ no nude images to her?
Yes.. And started sending to others..

Not Good.

Were any of the non nudes uploaded to her facebook account?
No.

link could be the person who died or as she told someone about the pics/nudes

how long as the threats of blackmail been going on?
Since January..

long time really  

who was the Vpn provider, they may keep logs.
Hosting Services, Inc.

police matter to get the logs, plus the evidence from the fake profile on facebook.

Have you reversed image searched the nudes/ none nudes for any results.
Yes, no results..

Is she friends with the blackmailer on facebook?
Have not accepted his friend req but that is where he is contacting her and others..

three choices 1 close her fb account down, hope it all stops, 2 get the police involved, 3, she adds him on fb to see if there is an email cone ted to the fake fb account, then dox the email, phone number hopefully to find more details, accounts etc.
she does a live vid or fake vid to get is real ip it needs to be live or fake live to leak his real ip, even through a vpn through flash.


First of all, to find the email of a facebook account you have to be friend with that person.

(P.S. - You have to use linux)

1. Go to github and search - xHak9x
Open the first result.

2. Clone or download it to your system.

  Clone it at any location by typing on terminal.

3. After it has cloned, go to the folder and you might see these files
  (i) fbi.py
  (ii) LICENSE
  (iii) README.md
  (iv) requirements.txt

4. type - pip install -r requirements.txt

After the success message has been displayed

5. type - python fbi.py

6. You will see " Hak9>> " instead of you root@whatevername (root path)

7. type - token

8. It will ask you your facebook username and password. Provide it. Don't worry, it's just asking because it wants to get your friends data.
  Your password will not be visible to you because of some security reasons.

  But here's a tricky part. Even if you have provided correct details you will get an erron message that it has failed to generate access token and it will tell you to check your  internet    connection / email or password.
  To fix this you have to go to your browser (don't close the terminal) and login into facebook and confirm that it was you.

9. After you have confirmed the security questions on facebook, come back to terminal and type - token (again).
  Again provide your username and password in the terminal(remember: type token when you are seeing " Hak9 >> ". You will get an _error_ if you are typing it on your root@whatevername).

10. After that you will get a message that - successfully generated token and you token is stored in cookie. AND YOU WILL ALSO COME OUT"Hak9 >> " to your root path.

11. Type - python fbi.py

12. You will again see "Hak9 >> ".

13. Type - help. You will see the various features of this app.

14. Type - dump_phone(for your friends phone numbers)
   Type - dump_mail(for your friends email) and likewise.

The results will be stored by default in the fbi folder it OUTPUT or you can just copy the results from terminal and store it to your desired location.

After you're done, type "exit" to exit the program.

cant help any further with the ip live ect or the linux. will send you to the right forum if you want me to.

can do the doxxing part