Hello, fellow scam baiters, random folks strolling on in, Law Enforcement agencies and scammers trying to keep up with our Anti-Scam ops.
Scam Vocabularity - Will be edited as time goes on, But It’s basic for right now will be very long. It’s hosted on Pastebin right now.
With these basic vocabularies out of the way, I’ll provide some other posts to make a Master thread here:
Set up a fake bank - Credit to JustAnotherJim
Pre-Made Windows 10 VMs - Credit NeeP
Pre-Made Windows 11 VMs - Credit NeeP
How to find info about a scam page
The following links are provided for educational purposes and if you use them illegally to break into a protected website I am not responsable whatsoever.
WeLeakInfo - Sign up Required (Use the OSINT Page)
Wappalyzer - Web Technolgy detection (Do not use to find outdated software).
Shodan - Find IoT Devices, And General info about an IP or device
Censys A Newer Shodan with different features. Used for SSL Info mostly.
OSINT - Framework - For any job you really could think of
Whois Domain Search - Find who is the domain registrar or info about a site.
Usernames, Emails, Real Names, Business info, Government resources and more
Sometimes you need some data about a business, This Focuses on the US mostly as other nations aren’t so free when it comes to release of information.
BeenVerified - Used for US Residences maybe able to uncover a lot of data about someone. $1 for 30 days (New members only, Please do not abuse this).
That’s Them - Semi-Free website for those who just want to do a few searches about an Email, Name or address.
Skype Resolver 2019 - Haven’t used but skype is a P2P Messaging client. Still used by many scammers.
WeLeakInfo: Mentioned above
Freedom of Information Act: Can be used to aquire data from any federal agency within the US. There’s over 100 of them & only 9 exemptions to what isn’t allowed to be requested.
Know the law & Your rights
whether you’re falsely accused of illegal or immoral practices, Caught up in illegally accessing a protected device, Doxed, Hacked or slandered. You have the right to know the protections under the law.
PRO TIP SHUT THE FUCK UP, SPEAK WITH YOUR LAWYER AND LAWYER ONLY NOT THE COPS, NOT YOUR FAMILY AND NOT YOUR FRIENDS DOING SO CAN RUIN YOUR CASE
PopupDB - Generator for those good ol popups
Oracle Virtual box
Wireshark - Internet Traffic analysis
Scam Baiting tools - A little outdated but easy to doctor up into modern standards.
xSerpentineX’s Scambaiting setup
Google Dorks, Varity of dorks for other things
Dirsearch, Webpath detection tool/Hidden Dir Finder
The Tor Browser bundle
Mailbait - Fill your inbox
Grabify - IP Grabber (No, I Don’t grab IPs)
OBS (Open Broadcasting Studio) - Record your baits
Python3 - Use for making your own tools/programs
Async RAT - Use at your own risk
OVH Cloud Hosting
Report a Decepive site
phonerator - Credit to @TheUnsocialEngineer for posting this to the discord server.
Call Spoofing: - Use at your own risk:
SpoofTel - Paid for service
SMS Verification - Use for google voice, Telegram or whatever that requires you to have a valid phone number to receive a OTP to verify your account
Note: The Next set of links & filled with scams. However some contain Immoral content or legal content that is restricted to ages 18+ I Do not condone visiting any website that possess illegal content or visiting a website restricted by the age of majority in your country. These are solely provided for finding scams on the Tor Network. If you’re of the age of majority please review the slang used on within the cyber criminal underworld to avoid visiting a site you regret.
Fake Name Generator
Fake Name Generator
Legit throwaway Visa Debit cards
Throwaway Debit cards with set limits
Express VPN - Has privacy concerns, Good company security measures.
ProtonVPN - Free but slow
NordVPN - Shitty please avoid using
Mullvad VPN - Best Privacy but highly blacklisted due to fraudsters
911 Residential Proxies - Good Proxies, 38% or less is blacklisted
Mozilla VPN - Haven’t used, so no judgements
Fake photos - use with fake names & Backstories. Might as well pick up the entire family + the horses for the ranch house right?
This Person Does Not Exist
This cat does not exist
This Artwork does not exist
This horse doesn’t exist
SEARCH ENGINES - USE THEM ALL TO FIND MORE SCAMS
Yandex (EN) Yandex (RU)
Bing - I know you’re going to meme, but keep it out of the thread
Startpage - DuckDuckGo Alt
Swisscows - Another privacy based search engine
Telegram Channels - Dark Web
INTRUSION DETECTION SYSTEMS (IDS)
If you hate how ugly wire-shark is, but don’t wanna be a skid using octosniff, Than these might be better as they’ll categorize traffic better and are suited for people who aren’t network engineers.
Great for malware testing, Scambaiting or generally spying on web traffic origins.
ILLICIT MARKETPLACE KEYWORDS
Keywords/phrases for searching on any search engine
Simply go to youtube and search for the following
Call of Duty Hacks
Apex legends hacks
You’ll find a ton of .zip/.rar/.7z files loaded with free malware. Mostly Redline stealer, NJRat, NannyCorn, and other cheap/cracked rats most aren’t even crypted so everyone who downloads it should know what it does.
Need a constant flow of what hackers are up to these days?
XSS.IS - A Russian Cyber crime forum
Exploit.in - (Best to use on tor after you paid $100 or show skills)
Hackforums AKA SkidForums
Want some phishing links:
Check this post for ‘account hackers’ - Works on TikTok (I do have an account with 1 post).
Note: I do not condone illegal acts of “Hacking” which includes but not limited to Exploitation, using malicious post-exploitation software (RATS, Stealers, Botnets etc.), Scripts, Scanners, Spoofers, Trollware, Jokeware, Ransomware or whatever that intends to destroy, disrupt or etc any business without any explicit written permission.
Vigilante-Toolset - used for taking down pedophile sites on the dark web but can be used for anything you want to use it for as long as it’s a .onion site on the tor network.
Metasploit - Used for a a variety of things.
Burp Suite - One of the best web application exploitation tools, Highly recommend the pro edition.
Exploit DB - Filled with the most common exploits, can be searched for a majority of CVEs.
I’ll be updating this list semi-often to add more stuff, this is just a generic list. I’ll push updates with replies formatted as following:
Update [DATE: MM/DD/YYYY] ADDED/REMOVED: [LINK, COMMENT OR SOMETHING ELSE]
This keeps the thread at the top and helps new or old baiters find new resources to tackle scams more efficiently
If this guide has helped you, Please leave a like, Comment or don’t.