Scambaiting resources mega thread

Hello, fellow scam baiters, random folks strolling on in, Law Enforcement agencies and scammers trying to keep up with our Anti-Scam ops.


Scam Vocabularity - Will be edited as time goes on, But It’s basic for right now will be very long. It’s hosted on Pastebin right now.


With these basic vocabularies out of the way, I’ll provide some other posts to make a Master thread here:


How to find info about a scam page
The following links are provided for educational purposes and if you use them illegally to break into a protected website I am not responsible whatsoever.

Wappalyzer - Web Technolgy detection (Do not use to find outdated software).
Shodan - Find IoT Devices, And General info about an IP or device
Censys A Newer Shodan with different features. Used for SSL Info mostly.
OSINT - Framework - For any job you really could think of
Whois Domain Search - Find who is the domain registrar or info about a site.


Usernames, Emails, Real Names, Business info, Government resources and more
Sometimes you need some data about a business, This Focuses on the US mostly as other nations aren’t so free when it comes to release of information.

BeenVerified - Used for US Residences maybe able to uncover a lot of data about someone. $1 for 30 days (New members only, Please do not abuse this).

That’s Them - Semi-Free website for those who just want to do a few searches about an Email, Name or address.

Skype Resolver 2019 - Haven’t used but skype is a P2P Messaging client. Still used by many scammers.

Freedom of Information Act: Can be used to aquire data from any federal agency within the US. There’s over 100 of them & only 9 exemptions to what isn’t allowed to be requested.

I NOW HAVE MORE THAN 2.3K DATABASES BACKED UP WITH 11 BILLION+ RECORDS


Know the law & Your rights
whether you’re falsely accused of illegal or immoral practices, Caught up in illegally accessing a protected device, Doxed, Hacked or slandered. You have the right to know the protections under the law.

US Law
Miranda Rights - US
UK Law
India Law

PRO TIP SHUT THE FUCK UP, SPEAK WITH YOUR LAWYER AND LAWYER ONLY NOT THE COPS, NOT YOUR FAMILY AND NOT YOUR FRIENDS DOING SO CAN RUIN YOUR CASE


Tools/Source Codes/Programs:
PopupDB - Generator for those good ol popups
Oracle Virtual box
Wireshark - Internet Traffic analysis
Scam Baiting tools - A little outdated but easy to doctor up into modern standards.
xSerpentineX’s Scambaiting setup
Google Dorks, Varity of dorks for other things
Dirsearch, Webpath detection tool/Hidden Dir Finder
The Tor Browser bundle
Mailbait - Fill your inbox
Grabify - IP Grabber (No, I Don’t grab IPs)
OBS (Open Broadcasting Studio) - Record your baits
Python3 - Use for making your own tools/programs
Amazon AWS
OVH Cloud Hosting
OpenVPN
Google Translate
Report a Decepive site
phonerator - Credit to @TheUnsocialEngineer for posting this to the discord server.
Google based scam finder (works very well) credit to @ARMN88 for this lovely addition to the list. It uses dorks to find latest scam results in google. Thx for the tool


Forums/Anti-Scam Resources
This website you’re on right now. Scammer.info
419-Eater
r/Scams
r/Scambait
r/scambaiting


VoIP Providers:
Google Voice
Text Now
Skype


Call Spoofing: - Use at your own risk:
SpoofTel - Paid for service


SMS Verification - Use for google voice, Telegram or whatever that requires you to have a valid phone number to receive a OTP to verify your account

Autofications


Personal List questions I ask people to prove they’re not a scammer:
Contact me on Telegram or Jabber to get the list:
Telegram | Jabber: [email protected]


Track a scammer:
Scam Search
Dating Scam database
Scammer Email Database
Track Cryptocurrency
List of Dark Web scams - Can Vouch for 99% Accuracy, I did my own checking.


Tor Hidden Service Navigation (Find Scams & Legit markets)
DarkDotFail - PGP Verified Links (Good for High Profile shutdowns).
DNL - Dark Net Live (Good & Trusted Site).

Note: The Next set of links & filled with scams. However some contain Immoral content or legal content that is restricted to ages 18+ I Do not condone visiting any website that possess illegal content or visiting a website restricted by the age of majority in your country. These are solely provided for finding scams on the Tor Network. If you’re of the age of majority please review the slang used on within the cyber criminal underworld to avoid visiting a site you regret.

Onion Land Search Engine
UnderDir: (Tor Hidden Service)
(others will be added, I’m too lazy to open tor to find them).


Email Services:
Protonmail
Gmail
Yahoo Mail
Temp-Mail - For Spam from mailbait
Firefox Relay - Same as temp-mail but keeps your real email private.


Fake Name Generator
Fake Name Generator


Legit throwaway Visa Debit cards
Throwaway Debit cards with set limits


VPNs
Express VPN - Has privacy concerns, Good company security measures.
ProtonVPN - Free but slow
NordVPN - Shitty please avoid using
Mullvad VPN - Best Privacy but highly blacklisted due to fraudsters
Mozilla VPN - Haven’t used, so no judgements


Fake photos - use with fake names & Backstories. Might as well pick up the entire family + the horses for the ranch house right?
This Person Does Not Exist
This cat does not exist
This Artwork does not exist
This horse doesn’t exist
Dall-E Mini Bot (Telegram Messenger)


SEARCH ENGINES - USE THEM ALL TO FIND MORE SCAMS
Yandex (EN) Yandex (RU)
Google
Yahoo
Bing - I know you’re going to meme, but keep it out of the thread
DuckDuckGo
Startpage - DuckDuckGo Alt
Swisscows - Another privacy based search engine
Telegram Channels - Dark Web


INTRUSION DETECTION SYSTEMS (IDS)
If you hate how ugly wire-shark is, but don’t wanna be a skid using octosniff, Than these might be better as they’ll categorize traffic better and are suited for people who aren’t network engineers.

Glasswire Intrusion Detection system (Windows)
LittleSnitch (Mac OS X)
OpenSnitch - linux

Great for malware testing, Scambaiting or generally spying on web traffic origins.


Malware :
Any Run
Virustotal
hybrid analysis
Jotti
Ollydbg - Decompiling tool
IDA Pro - Decompiling tool


ILLICIT MARKETPLACE KEYWORDS
Keywords/phrases for searching on any search engine


Want malware?
Simply go to youtube and search for the following
Call of Duty Hacks
Fortnite Hacks
CS:GO Hacks
Apex legends hacks
You’ll find a ton of .zip/.rar/.7z files loaded with free malware. Mostly Redline stealer, NJRat, NannyCorn, and other cheap/cracked rats most aren’t even crypted so everyone who downloads it should know what it does.

NEED MORE MALWARE?
VX Underground - Password = Infected
Malshare
Any Run
Malware Bazaar


Need a constant flow of what hackers are up to these days?
XSS.IS - A Russian Cyber crime forum
Exploit.in - (Best to use on tor after you paid $100 or show skills)
Hackforums AKA SkidForums
Twitter-dee tweeter-dumb
BreachForums


PHISHING
Want some phishing links:

Check this post for ‘account hackers’ - Works on TikTok (I do have an account with 1 post).
FT Domain Scanner - Discord Server


Exploitation
Note: I do not condone illegal acts of “Hacking” which includes but not limited to Exploitation, using malicious post-exploitation software (RATS, Stealers, Botnets etc.), Scripts, Scanners, Spoofers, Trollware, Jokeware, Ransomware or whatever that intends to destroy, disrupt or etc any business without any explicit written permission.

Vigilante-Toolset - used for taking down pedophile sites on the dark web but can be used for anything you want to use it for as long as it’s a .onion site on the tor network.

Metasploit - Used for a a variety of things.

Burp Suite - One of the best web application exploitation tools, Highly recommend the pro edition.

Exploit DB - Filled with the most common exploits, can be searched for a majority of CVEs.

Hosted Scan - Use with temp-mail.org to make unlimited accounts.


Gift Card Formats:
Ah yes, Figured everyone wanted to make their own Fake Amazon, Xbox, Google Play gift cards to bait scammers with, Obviously they’re not going to work unless someone managed to get super unlucky but I’ll walk everyone through the steps of ensuring no issues.

XBOX:
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (0-9 AZ, Not case sensitive)

PSN:
XXXX-XXXX-XXXX (0-9 A-Z Not Case Sensitive)

Amazon(.)com “US Digital”:
(AG)XXXXX-XXXXXXX-XXXXX (A-Z 0-9 Begins with “AG” but maybe different nowadays)

Amazon(.)com Physical US
(AQ)XXXXX-XXXXXXX-XXXXX

Google Play
XXXXXXX-XXXXXXX-XXXXX

X = Whatever character that’s A to Z and 1 to 9 pick whatever you wish but do remember some cards have a 4, 6 or 8 digit pin number I.e Gamestop, Walmart and Victoria’s Secret (I Have a GF, So I know VS and GS does at the very least)

DO NOT MAKE MORE THAN YOU NEED FOR THAT BAIT, OBVIOUSLY THE SCAMMER WILL NEED TO WAIT AS YOU"GO TO THE STORE BUT OFC SERVICE DROPS OR YOU SEEN A COP THIS REASON BEING IS YOU’RE GOING TO NEED TO CHECK THE INFO AND DISPOSE OF IT AFTER THE BAIT THE SCAMMER ISN’T INTERESTED IN THESE CARDS AS THEY’RE VERY UNLIKELY TO WORK SO MAKE THEM, VERIFY THEY’RE NON-WORKING AND DISPOSE OF THEM AFTERWARDS.


Programming Resources
Google - Obviously a good one
Stack Exchange - General All Around Programming Forum
YouTube - Good for learning the basic
Learn Python
W3Schools Freemium learning site dating back to 1998 good for Learning most of the common programming langs so no worries all around good site worth paying for premium features.


Desktop Configurations
I wanted to “Dedicate” a section based on setting up your desktop or for those looking for proper specs.

  1. You want around 16 GBs of DDR4 Memory for running VMs
  2. Desktops over laptops, They’re built to last longer and are more stable
  3. You want a good threaded CPU, I do not have a personal choice here but whatever
  4. For GFX Cards, an NVIDIA 1050-2080 is a good range to start with reduces strain on CPU graphics
  5. 1TB SSD/HDD/NVMe is a good if you opt to steal files or have more than one VM
  6. Having good internet connection is a a must but even having “slower” speeds is fine, a scammer don’t care and is more likely to believe it because you’re running Windows 7 Professional in 2022.
  7. Have a linux host, this will greatly reduce GPU/CPU usage while baiting.

Not much of a config really but it’ll do for now


Law Enforcement Resources
IC3
FTC - Federal Trades Commission
Better Business Bureau
Department of Transportation
Federal Bureau of Investigation (FBI | DOJ)
Reporting a scammer on paxful


I’ll be updating this list semi-often to add more stuff, this is just a generic list. I’ll push updates with replies formatted as following:

Update [DATE: MM/DD/YYYY] ADDED/REMOVED: [LINK, COMMENT OR SOMETHING ELSE]

This keeps the thread at the top and helps new or old baiters find new resources to tackle scams more efficiently

If this guide has helped you, Please leave a like, Comment or don’t.

27 Likes

Thank you so much! Have a great day!

1 Like

First update pushed: 02/13/2022: Removed the vocabulary, Exported to Pastebin where it’ll be updated.

Added Numerous links to the post including subcategorization to make it cleaner and more user friendly

1 Like

No Problem updated the post to include more resources

1 Like

Doxxing is illegal if you do it for the purpose of stalking someone/harming someone/getting people to do any of those.

You can also simply report scam websites to domain registrars & hosting providers - I’m not sure if you mentioned that. Also, same for scam phone numbers & their cellular providers.

1 Like

Yes indeed It’s in their somewhere but I forget where

Depends on the context I’d say & Laws vary from country to country. Cyber Stalking or Swatting is illegal everywhere due to the fact someone could die as a result or suffer massive mental issues at a later date which causes a plethora of issues.

As I said doxing is typically not illegal until someone makes it illegal, which would be considered using hacked/stolen data, harassing someone or swatting someone or etc.

3 Likes

Update 2 Pushed: 02/16/2022
New Malware related tools/websites
New IDS tools for web traffic analysis/Anti-Hacking
1 New tool thanks to Dragon#0122 on discord (Other is in Kali linux)
Several New search engine entries for finding more scams

1 Like

Update pushed: 02/20/2022
Added a few links, Cleaned it up a bit to look more professional.
This message is to push the thread so more people read this more or less.

2 Likes

Raidforums was… Raided. Ironic hey?

When did that happen, and why was HF not raided? Is HF a glowie hunnyp0t?

1 Like

Do you mean HackForums? There are too many of these forums for them to raid all of them.

Goldmine!

You realize that Hackforums Owner is publicly known? Jessie lives in North Las Vegas with 4 kids and a wife. Google it. Hackforums is legal on the basis of Section 230. The reasons is: Jessie doesn’t do anything illegal, Most of the stuff published is rather terrible, Yes Hackforums has had it’s legal problems see blackshades & Botnets but he removed it entirely.

1 Like

Not an attorney but I feel there are ways around this. For example, the feds could try to subpoena HackForums for subscriber information. When this obviously goes nowhere, they could get HF in trouble for disobeying a subpoena.

1 Like

Also, you can arrest anyone for tax evasion at this point. See Al Capone.

IIRC the IRS went after a child porn ring once, with the help of the FBI of course.

Hack forums gives out user info when requested by law. This has occurred numerous times

1 Like

Ah, that is good. That, in a way, does make it a honeypot.

It has federal agents looking at it as does other forums.

Update pushed Added New Phishing, Malware Sample sources, Telegram search engines.

1 Like

Yeah HF = Hack Forums

I figured they were somehow protected for some reason, I guess they just hand over everything asked for so there’s not much reason to take them down.

I guess Raid Forums was not co-operating and that’s why they got raided lol

HF is protected by section 230. If you read Omni (AKA Jessie W.)'s BIO he doesn’t contribute to any illegal activities. He’s been very nice when it comes to handing over information to police. However there’s 1 scammer who did try to extort him. Jessie’s Personal Information can be found without any issue. He lives In north Las Vegas if you’re curious. He has a wife & 4 kids. He owned a comic book shop in The american north east (I Think boston). Regardless of this Jessie complies with the law & Doesn’t allow a majority of illegal things. The leading causes of RF being taken down come as no surprise. The Admin Omni never complied with legal requests and ran escrow.

Hack forums has a thread made by Jessie titled: “Stop Asking about Escrow, It’s not going to happen” This means Jessie is fully aware it’s illegal to provide a service that caters to illegal activities or he ‘doesn’t have the correct licensing to do so’ this also becomes an issue as the owner of DeepDotWeb got thrown in prison for getting ‘kickbacks’

Either way, not the thread to discuss this topic.