Hello, fellow scam baiters, random folks strolling on in, Law Enforcement agencies and scammers trying to keep up with our Anti-Scam ops.
Scam Vocabulary - Will be edited as time goes on, But It’s basic for right now will be very long. It’s hosted on Pastebin right now.
Top tier thread
SpamBaitMail.org
With these basic vocabularies out of the way, I’ll provide some other posts to make a Master thread here:
-
Set up a fake bank - Credit to JustAnotherJim
-
Pre-Made Windows 10 VMs - Credit NeeP
-
Pre-Made Windows 11 VMs - Credit NeeP
How to find info about a scam page
The following links are provided for educational purposes and if you use them illegally to break into a protected website I am not responsible whatsoever.
Wappalyzer - Web Technolgy detection (Do not use to find outdated software).
Shodan - Find IoT Devices, And General info about an IP or device
Censys A Newer Shodan with different features. Used for SSL Info mostly.
OSINT - Framework - For any job you really could think of
Whois Domain Search - Find who is the domain registrar or info about a site.
Usernames, Emails, Real Names, Business info, Government resources and more
Sometimes you need some data about a business, This Focuses on the US mostly as other nations aren’t so free when it comes to release of information.
BeenVerified - Used for US Residences maybe able to uncover a lot of data about someone. $1 for 30 days (New members only, Please do not abuse this).
That’s Them - Semi-Free website for those who just want to do a few searches about an Email, Name or address.
Skype Resolver 2019 - Haven’t used but skype is a P2P Messaging client. Still used by many scammers.
Freedom of Information Act: Can be used to aquire data from any federal agency within the US. There’s over 100 of them & only 9 exemptions to what isn’t allowed to be requested.
I NOW HAVE MORE THAN 2.3K DATABASES BACKED UP WITH 11 BILLION+ RECORDS
Know the law & Your rights
whether you’re falsely accused of illegal or immoral practices, Caught up in illegally accessing a protected device, Doxed, Hacked or slandered. You have the right to know the protections under the law.
US Law
Miranda Rights - US
UK Law
India Law
PRO TIP SHUT THE FUCK UP, SPEAK WITH YOUR LAWYER AND LAWYER ONLY NOT THE COPS, NOT YOUR FAMILY AND NOT YOUR FRIENDS DOING SO CAN RUIN YOUR CASE
Tools/Source Codes/Programs:
PopupDB - Generator for those good ol popups
Oracle Virtual box
Wireshark - Internet Traffic analysis
Scam Baiting tools - A little outdated but easy to doctor up into modern standards.
xSerpentineX’s Scambaiting setup
Google Dorks, Varity of dorks for other things
Dirsearch, Webpath detection tool/Hidden Dir Finder
The Tor Browser bundle
Mailbait - Fill your inbox
Grabify - IP Grabber (No, I Don’t grab IPs)
OBS (Open Broadcasting Studio) - Record your baits
Python3 - Use for making your own tools/programs
Amazon AWS
OVH Cloud Hosting
OpenVPN
Google Translate
Report a Decepive site
phonerator - Credit to @TheUnsocialEngineer for posting this to the discord server.
Google based scam finder (works very well) credit to @ARMN88 for this lovely addition to the list. It uses dorks to find latest scam results in google. Thx for the tool
Forums/Anti-Scam Resources
This website you’re on right now. Scammer.info
419-Eater
r/Scams
r/Scambait
r/scambaiting
VoIP Providers:
Google Voice
Text Now
Skype
Call Spoofing: - Use at your own risk:
SpoofTel - Paid for service
SMS Verification - Use for google voice, Telegram or whatever that requires you to have a valid phone number to receive a OTP to verify your account
Personal List questions I ask people to prove they’re not a scammer:
Contact me on Telegram or Jabber to get the list:
Telegram | Jabber: [email protected]
Track a scammer:
Scam Search
Dating Scam database
Scammer Email Database
Track Cryptocurrency
List of Dark Web scams - Can Vouch for 99% Accuracy, I did my own checking.
Tor Hidden Service Navigation (Find Scams & Legit markets)
DarkDotFail - PGP Verified Links (Good for High Profile shutdowns).
DNL - Dark Net Live (Good & Trusted Site).
Note: The Next set of links & filled with scams. However some contain Immoral content or legal content that is restricted to ages 18+ I Do not condone visiting any website that possess illegal content or visiting a website restricted by the age of majority in your country. These are solely provided for finding scams on the Tor Network. If you’re of the age of majority please review the slang used on within the cyber criminal underworld to avoid visiting a site you regret.
Onion Land Search Engine
UnderDir: (Tor Hidden Service)
(others will be added, I’m too lazy to open tor to find them).
Email Services:
Protonmail
Gmail
Yahoo Mail
Temp-Mail - For Spam from mailbait
Firefox Relay - Same as temp-mail but keeps your real email private.
Fake Name Generator
Fake Name Generator
Legit throwaway Visa Debit cards
Throwaway Debit cards with set limits
VPNs
Express VPN - Has privacy concerns, Good company security measures.
ProtonVPN - Free but slow
NordVPN - Shitty please avoid using
Mullvad VPN - Best Privacy but highly blacklisted due to fraudsters
Mozilla VPN - Haven’t used, so no judgements
Fake photos - use with fake names & Backstories. Might as well pick up the entire family + the horses for the ranch house right?
This Person Does Not Exist
This cat does not exist
This Artwork does not exist
This horse doesn’t exist
Dall-E Mini Bot (Telegram Messenger)
unreal person
SEARCH ENGINES - USE THEM ALL TO FIND MORE SCAMS
Yandex (EN) Yandex (RU)
Google
Yahoo
Bing - I know you’re going to meme, but keep it out of the thread
DuckDuckGo
Startpage - DuckDuckGo Alt
Swisscows - Another privacy based search engine
Telegram Channels - Dark Web
INTRUSION DETECTION SYSTEMS (IDS)
If you hate how ugly wire-shark is, but don’t wanna be a skid using octosniff, Than these might be better as they’ll categorize traffic better and are suited for people who aren’t network engineers.
Glasswire Intrusion Detection system (Windows)
LittleSnitch (Mac OS X)
OpenSnitch - linux
Great for malware testing, Scambaiting or generally spying on web traffic origins.
Malware :
Any Run
Virustotal
hybrid analysis
Jotti
Ollydbg - Decompiling tool
IDA Pro - Decompiling tool
ILLICIT MARKETPLACE KEYWORDS
Keywords/phrases for searching on any search engine
Want malware?
Simply go to youtube and search for the following
Call of Duty Hacks
Fortnite Hacks
CS:GO Hacks
Apex legends hacks
You’ll find a ton of .zip/.rar/.7z files loaded with free malware. Mostly Redline stealer, NJRat, NannyCorn, and other cheap/cracked rats most aren’t even crypted so everyone who downloads it should know what it does.
NEED MORE MALWARE?
VX Underground - Password = Infected
Malshare
Any Run
Malware Bazaar
Need a constant flow of what hackers are up to these days?
XSS.IS - A Russian Cyber crime forum
Exploit.in - (Best to use on tor after you paid $100 or show skills)
Hackforums AKA SkidForums
Twitter-dee tweeter-dumb
BreachForums
PHISHING
Want some phishing links:
Check this post for ‘account hackers’ - Works on TikTok (I do have an account with 1 post).
FT Domain Scanner - Discord Server
Exploitation
Note: I do not condone illegal acts of “Hacking” which includes but not limited to Exploitation, using malicious post-exploitation software (RATS, Stealers, Botnets etc.), Scripts, Scanners, Spoofers, Trollware, Jokeware, Ransomware or whatever that intends to destroy, disrupt or etc any business without any explicit written permission.
Vigilante-Toolset - used for taking down pedophile sites on the dark web but can be used for anything you want to use it for as long as it’s a .onion site on the tor network.
Metasploit - Used for a a variety of things.
Burp Suite - One of the best web application exploitation tools, Highly recommend the pro edition.
Exploit DB - Filled with the most common exploits, can be searched for a majority of CVEs.
Hosted Scan - Use with temp-mail.org to make unlimited accounts.
Gift Card Formats:
Ah yes, Figured everyone wanted to make their own Fake Amazon, Xbox, Google Play gift cards to bait scammers with, Obviously they’re not going to work unless someone managed to get super unlucky but I’ll walk everyone through the steps of ensuring no issues.
XBOX:
XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (0-9 AZ, Not case sensitive)
PSN:
XXXX-XXXX-XXXX (0-9 A-Z Not Case Sensitive)
Amazon(.)com “US Digital”:
(AG)XXXXX-XXXXXXX-XXXXX (A-Z 0-9 Begins with “AG” but maybe different nowadays)
Amazon(.)com Physical US
(AQ)XXXXX-XXXXXXX-XXXXX
Google Play
XXXXXXX-XXXXXXX-XXXXX
X = Whatever character that’s A to Z and 1 to 9 pick whatever you wish but do remember some cards have a 4, 6 or 8 digit pin number I.e Gamestop, Walmart and Victoria’s Secret (I Have a GF, So I know VS and GS does at the very least)
DO NOT MAKE MORE THAN YOU NEED FOR THAT BAIT, OBVIOUSLY THE SCAMMER WILL NEED TO WAIT AS YOU"GO TO THE STORE BUT OFC SERVICE DROPS OR YOU SEEN A COP THIS REASON BEING IS YOU’RE GOING TO NEED TO CHECK THE INFO AND DISPOSE OF IT AFTER THE BAIT THE SCAMMER ISN’T INTERESTED IN THESE CARDS AS THEY’RE VERY UNLIKELY TO WORK SO MAKE THEM, VERIFY THEY’RE NON-WORKING AND DISPOSE OF THEM AFTERWARDS.
Programming Resources
Google - Obviously a good one
Stack Exchange - General All Around Programming Forum
YouTube - Good for learning the basic
Learn Python
W3Schools Freemium learning site dating back to 1998 good for Learning most of the common programming langs so no worries all around good site worth paying for premium features.
Desktop Configurations
I wanted to “Dedicate” a section based on setting up your desktop or for those looking for proper specs.
- You want around 16 GBs of DDR4 Memory for running VMs
- Desktops over laptops, They’re built to last longer and are more stable
- You want a good threaded CPU, I do not have a personal choice here but whatever
- For GFX Cards, an NVIDIA 1050-2080 is a good range to start with reduces strain on CPU graphics
- 1TB SSD/HDD/NVMe is a good if you opt to steal files or have more than one VM
- Having good internet connection is a a must but even having “slower” speeds is fine, a scammer don’t care and is more likely to believe it because you’re running Windows 7 Professional in 2022.
- Have a linux host, this will greatly reduce GPU/CPU usage while baiting.
Not much of a config really but it’ll do for now
Law Enforcement Resources
IC3
FTC - Federal Trades Commission
Better Business Bureau
Department of Transportation
Federal Bureau of Investigation (FBI | DOJ)
Reporting a scammer on paxful
I’ll be updating this list semi-often to add more stuff, this is just a generic list. I’ll push updates with replies formatted as following:
Update [DATE: MM/DD/YYYY] ADDED/REMOVED: [LINK, COMMENT OR SOMETHING ELSE]
This keeps the thread at the top and helps new or old baiters find new resources to tackle scams more efficiently
If this guide has helped you, Please leave a like, Comment or don’t.