The digital breadcrumbs leading to Dort’s identity begin with a public "dox" from 2020, which asserted that Dort was a teenager residing in Canada, born in August 2003. This initial leak also attributed the aliases "CPacket" and "M1ce" to Dort. A deep dive into the username CPacket on the open-source intelligence platform OSINT Industries uncovers a GitHub account. This account, created in 2017, is associated with both the name Dort and CPacket, and crucially, utilizes the email address [email protected]. This email address has become a critical nexus in tracing Dort’s online activities.

Further corroboration of this digital trail comes from the cyber intelligence firm Intel 471. They report that the email address [email protected] was instrumental in creating accounts on various cybercrime forums between 2015 and 2019. Among these were Nulled, where Dort operated under the username "Uubuntuu," and Cracked, as user "Dorted." Intel 471’s analysis indicates that both of these forum accounts were established from the same Internet Protocol (IP) address originating from Rogers Canada, specifically 99.241.112.24. This geographic and network linkage further solidifies the connection between the email address and Dort’s online persona.

Dort’s early notoriety stems from their significant presence within the immensely popular Microsoft game Minecraft. Within this virtual world, Dort became known for developing and distributing "Dortware," a suite of software designed to facilitate cheating for players. This early foray into exploiting game mechanics foreshadowed a darker trajectory, as Dort would eventually transition from manipulating virtual game environments to enabling far more serious criminal enterprises.

The evolution of Dort’s online activities saw them adopt the moniker "DortDev." In March 2022, this identity was active on the chat server of the notorious cybercrime syndicate known as LAPSUS$. During this period, Dort offered a service for the creation of temporary, disposable email addresses. Additionally, they peddled "Dortsolver," a sophisticated piece of code capable of circumventing various CAPTCHA services, which are typically implemented to prevent automated account abuse. These illicit offerings were openly advertised in 2022 on SIM Land, a Telegram channel specifically dedicated to the burgeoning activities of SIM-swapping and account takeover schemes.

The cyber intelligence firm Flashpoint has meticulously indexed posts from 2022 made by Dort on SIM Land. These records reveal that Dort developed both the disposable email service and the CAPTCHA bypass tools with the assistance of another hacker who went by the handle "Qoft." In a candid exchange from 2022, Qoft explicitly referred to Dort as their "exclusive business partner," stating, "I legit just work with Jacob." This statement provided a crucial humanizing element to the digital persona of Dort. In the same conversation, Qoft boasted about the duo’s success, claiming they had illicitly acquired over $250,000 worth of Microsoft Xbox Game Pass accounts. Their method involved developing a program that could mass-generate Game Pass identities by leveraging stolen payment card data.

Who is the Kimwolf Botmaster “Dort”?

The pivotal question then becomes: who is this "Jacob" that Qoft identified as their business partner? The breach tracking service Constella Intelligence unearthed a significant connection: the password associated with the email address [email protected] was reused by only one other email account: [email protected]. This finding aligns remarkably with the information from the 2020 dox, which stated Dort’s date of birth as August 2003 (8/03), hinting at a possible connection between the month and day and the digits in the email address.

A deeper investigation of the email address [email protected] using the domain registration analysis tools at DomainTools.com revealed its use in 2015 to register several Minecraft-themed domains. These registrations were consistently assigned to a Jacob Butler, located in Ottawa, Canada, and were linked to the Ottawa phone number 613-909-9727. This geographical and personal association further strengthens the hypothesis that Dort is, in fact, Jacob Butler.

Constella Intelligence has also identified that the email address [email protected] was used to create an account on the hacker forum Nulled in 2016. Furthermore, it was used to establish the username "M1CE" on Minecraft, an alias previously attributed to Dort. A pivot based on the password used for the Nulled account reveals that it was shared across multiple email addresses: [email protected] (a variation of the original) and [email protected]. The latter email address is particularly noteworthy as it belongs to a domain associated with the Ottawa-Carleton District School Board, suggesting a connection to Dort’s educational background or a period of their youth.

Data compiled by the breach tracking service Spycloud indicates that Jacob Butler, at one point, shared a computer with his mother and a sibling. This domestic arrangement might explain why their email accounts were linked to the password "jacobsplugs." Despite multiple attempts to solicit comments, neither Jacob Butler nor any other members of the Butler household responded to requests for information.

The open-source intelligence service Epieos has identified that the email address [email protected] was used to create the GitHub account "MemeClient." Concurrently, Flashpoint has indexed a deleted anonymous post on Pastebin.com dating back to 2017. This post explicitly declared that MemeClient was the creation of a user known as CPacket – one of Dort’s earliest known online monikers. This further solidifies the link between the MemeClient project and Dort’s established digital identity.

The intense and aggressive retaliation from Dort, characterized by doxing, email flooding, and swatting threats, is directly linked to the KrebsOnSecurity article published on January 2, 2026, titled "The Kimwolf Botnet is Stalking Your Local Network." This exposé delved into the research conducted by Benjamin Brundage, the founder of the proxy tracking service Synthient. Brundage’s investigation uncovered how the masterminds behind the Kimwolf botnet were exploiting a subtle, yet critical, weakness in residential proxy services. This vulnerability allowed them to infect poorly secured devices, such as TV boxes and digital photo frames, that were connected to the internal, private networks of proxy endpoints.

Who is the Kimwolf Botmaster “Dort”?

By the time the article went live, Brundage had already notified most of the affected vulnerable proxy providers, who subsequently implemented fixes to their systems. This swift remediation process significantly hampered Kimwolf’s ability to propagate. Within hours of the article’s publication, Dort reacted with extreme hostility. They established a Discord server using the author’s name, which then began disseminating personal information and issuing violent threats against Brundage, the author, and other individuals involved.

In a chilling escalation, the previous week saw Dort and their associates leverage this same Discord server, then named "Krebs’s Koinbase Kallers," to orchestrate a swatting attack against Benjamin Brundage. This involved again publishing his home address and other personal details. Brundage confirmed to KrebsOnSecurity that local law enforcement officers indeed visited his residence in response to a swatting hoax. This incident occurred concurrently with another member of the server posting a door emoji, a taunting gesture directed at Brundage, further emphasizing the malicious intent.

Adding a disturbingly juvenile yet menacing layer to Dort’s actions, a member of the server then linked to a new SoundCloud track titled "larpgod," recorded by the user DortDev. This "diss track," described as cringeworthy and NSFW, featured a pinned message from Dort containing explicit threats: "Ur dead nigga. u better watch ur fucking back. sleep with one eye open. bitch." The lyrics of the song itself further amplified these threats, ominously intoning, "It’s a pretty hefty penny for a new front door… If his head doesn’t get blown off by SWAT officers. What’s it like not having a front door?"

With the growing body of evidence and the increasingly aggressive and dangerous nature of Dort’s actions, the hope is that this individual will soon be held accountable for their cybercrimes, allowing them to personally experience the consequences of their actions.