Hello, fellow scam baiters, random folks strolling on in, Law Enforcement agencies and scammers trying to keep up with our Anti-Scam ops.
Scam Vocabularity - Will be edited as time goes on, But It’s basic for right now will be very long. It’s hosted on Pastebin right now.
With these basic vocabularies out of the way, I’ll provide some other posts to make a Master thread here:
Set up a fake bank - Credit to JustAnotherJim
Pre-Made Windows 10 VMs - Credit NeeP
Pre-Made Windows 11 VMs - Credit NeeP
How to find info about a scam page
The following links are provided for educational purposes and if you use them illegally to break into a protected website I am not responsible whatsoever.
Wappalyzer - Web Technolgy detection (Do not use to find outdated software).
Shodan - Find IoT Devices, And General info about an IP or device
Censys A Newer Shodan with different features. Used for SSL Info mostly.
OSINT - Framework - For any job you really could think of
Whois Domain Search - Find who is the domain registrar or info about a site.
Usernames, Emails, Real Names, Business info, Government resources and more
Sometimes you need some data about a business, This Focuses on the US mostly as other nations aren’t so free when it comes to release of information.
BeenVerified - Used for US Residences maybe able to uncover a lot of data about someone. $1 for 30 days (New members only, Please do not abuse this).
That’s Them - Semi-Free website for those who just want to do a few searches about an Email, Name or address.
Skype Resolver 2019 - Haven’t used but skype is a P2P Messaging client. Still used by many scammers.
Freedom of Information Act: Can be used to aquire data from any federal agency within the US. There’s over 100 of them & only 9 exemptions to what isn’t allowed to be requested.
I NOW HAVE MORE THAN 2.3K DATABASES BACKED UP WITH 11 BILLION+ RECORDS
Know the law & Your rights
whether you’re falsely accused of illegal or immoral practices, Caught up in illegally accessing a protected device, Doxed, Hacked or slandered. You have the right to know the protections under the law.
PRO TIP SHUT THE FUCK UP, SPEAK WITH YOUR LAWYER AND LAWYER ONLY NOT THE COPS, NOT YOUR FAMILY AND NOT YOUR FRIENDS DOING SO CAN RUIN YOUR CASE
PopupDB - Generator for those good ol popups
Oracle Virtual box
Wireshark - Internet Traffic analysis
Scam Baiting tools - A little outdated but easy to doctor up into modern standards.
xSerpentineX’s Scambaiting setup
Google Dorks, Varity of dorks for other things
Dirsearch, Webpath detection tool/Hidden Dir Finder
The Tor Browser bundle
Mailbait - Fill your inbox
Grabify - IP Grabber (No, I Don’t grab IPs)
OBS (Open Broadcasting Studio) - Record your baits
Python3 - Use for making your own tools/programs
OVH Cloud Hosting
Report a Decepive site
phonerator - Credit to @TheUnsocialEngineer for posting this to the discord server.
Google based scam finder (works very well) credit to @ARMN88 for this lovely addition to the list. It uses dorks to find latest scam results in google. Thx for the tool
Call Spoofing: - Use at your own risk:
SpoofTel - Paid for service
SMS Verification - Use for google voice, Telegram or whatever that requires you to have a valid phone number to receive a OTP to verify your account
Note: The Next set of links & filled with scams. However some contain Immoral content or legal content that is restricted to ages 18+ I Do not condone visiting any website that possess illegal content or visiting a website restricted by the age of majority in your country. These are solely provided for finding scams on the Tor Network. If you’re of the age of majority please review the slang used on within the cyber criminal underworld to avoid visiting a site you regret.
Fake Name Generator
Fake Name Generator
Legit throwaway Visa Debit cards
Throwaway Debit cards with set limits
Express VPN - Has privacy concerns, Good company security measures.
ProtonVPN - Free but slow
NordVPN - Shitty please avoid using
Mullvad VPN - Best Privacy but highly blacklisted due to fraudsters
Mozilla VPN - Haven’t used, so no judgements
Fake photos - use with fake names & Backstories. Might as well pick up the entire family + the horses for the ranch house right?
This Person Does Not Exist
This cat does not exist
This Artwork does not exist
This horse doesn’t exist
Dall-E Mini Bot (Telegram Messenger)
SEARCH ENGINES - USE THEM ALL TO FIND MORE SCAMS
Yandex (EN) Yandex (RU)
Bing - I know you’re going to meme, but keep it out of the thread
Startpage - DuckDuckGo Alt
Swisscows - Another privacy based search engine
Telegram Channels - Dark Web
INTRUSION DETECTION SYSTEMS (IDS)
If you hate how ugly wire-shark is, but don’t wanna be a skid using octosniff, Than these might be better as they’ll categorize traffic better and are suited for people who aren’t network engineers.
Great for malware testing, Scambaiting or generally spying on web traffic origins.
ILLICIT MARKETPLACE KEYWORDS
Keywords/phrases for searching on any search engine
Simply go to youtube and search for the following
Call of Duty Hacks
Apex legends hacks
You’ll find a ton of .zip/.rar/.7z files loaded with free malware. Mostly Redline stealer, NJRat, NannyCorn, and other cheap/cracked rats most aren’t even crypted so everyone who downloads it should know what it does.
Need a constant flow of what hackers are up to these days?
XSS.IS - A Russian Cyber crime forum
Exploit.in - (Best to use on tor after you paid $100 or show skills)
Hackforums AKA SkidForums
Want some phishing links:
Note: I do not condone illegal acts of “Hacking” which includes but not limited to Exploitation, using malicious post-exploitation software (RATS, Stealers, Botnets etc.), Scripts, Scanners, Spoofers, Trollware, Jokeware, Ransomware or whatever that intends to destroy, disrupt or etc any business without any explicit written permission.
Vigilante-Toolset - used for taking down pedophile sites on the dark web but can be used for anything you want to use it for as long as it’s a .onion site on the tor network.
Metasploit - Used for a a variety of things.
Burp Suite - One of the best web application exploitation tools, Highly recommend the pro edition.
Exploit DB - Filled with the most common exploits, can be searched for a majority of CVEs.
Gift Card Formats:
Ah yes, Figured everyone wanted to make their own Fake Amazon, Xbox, Google Play gift cards to bait scammers with, Obviously they’re not going to work unless someone managed to get super unlucky but I’ll walk everyone through the steps of ensuring no issues.
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (0-9 AZ, Not case sensitive)
XXXX-XXXX-XXXX (0-9 A-Z Not Case Sensitive)
Amazon(.)com “US Digital”:
(AG)XXXXX-XXXXXXX-XXXXX (A-Z 0-9 Begins with “AG” but maybe different nowadays)
Amazon(.)com Physical US
X = Whatever character that’s A to Z and 1 to 9 pick whatever you wish but do remember some cards have a 4, 6 or 8 digit pin number I.e Gamestop, Walmart and Victoria’s Secret (I Have a GF, So I know VS and GS does at the very least)
DO NOT MAKE MORE THAN YOU NEED FOR THAT BAIT, OBVIOUSLY THE SCAMMER WILL NEED TO WAIT AS YOU"GO TO THE STORE BUT OFC SERVICE DROPS OR YOU SEEN A COP THIS REASON BEING IS YOU’RE GOING TO NEED TO CHECK THE INFO AND DISPOSE OF IT AFTER THE BAIT THE SCAMMER ISN’T INTERESTED IN THESE CARDS AS THEY’RE VERY UNLIKELY TO WORK SO MAKE THEM, VERIFY THEY’RE NON-WORKING AND DISPOSE OF THEM AFTERWARDS.
Google - Obviously a good one
Stack Exchange - General All Around Programming Forum
YouTube - Good for learning the basic
W3Schools Freemium learning site dating back to 1998 good for Learning most of the common programming langs so no worries all around good site worth paying for premium features.
I wanted to “Dedicate” a section based on setting up your desktop or for those looking for proper specs.
- You want around 16 GBs of DDR4 Memory for running VMs
- Desktops over laptops, They’re built to last longer and are more stable
- You want a good threaded CPU, I do not have a personal choice here but whatever
- For GFX Cards, an NVIDIA 1050-2080 is a good range to start with reduces strain on CPU graphics
- 1TB SSD/HDD/NVMe is a good if you opt to steal files or have more than one VM
- Having good internet connection is a a must but even having “slower” speeds is fine, a scammer don’t care and is more likely to believe it because you’re running Windows 7 Professional in 2022.
- Have a linux host, this will greatly reduce GPU/CPU usage while baiting.
Not much of a config really but it’ll do for now
I’ll be updating this list semi-often to add more stuff, this is just a generic list. I’ll push updates with replies formatted as following:
Update [DATE: MM/DD/YYYY] ADDED/REMOVED: [LINK, COMMENT OR SOMETHING ELSE]
This keeps the thread at the top and helps new or old baiters find new resources to tackle scams more efficiently
If this guide has helped you, Please leave a like, Comment or don’t.