Scambaiting resources mega thread

Hello, fellow scam baiters, random folks strolling on in, Law Enforcement agencies and scammers trying to keep up with our Anti-Scam ops.

Scam Vocabularity - Will be edited as time goes on, But It’s basic for right now will be very long. It’s hosted on Pastebin right now.

With these basic vocabularies out of the way, I’ll provide some other posts to make a Master thread here:

How to find info about a scam page
The following links are provided for educational purposes and if you use them illegally to break into a protected website I am not responsable whatsoever.

WeLeakInfo - Sign up Required (Use the OSINT Page)
Wappalyzer - Web Technolgy detection (Do not use to find outdated software).
Shodan - Find IoT Devices, And General info about an IP or device
Censys A Newer Shodan with different features. Used for SSL Info mostly.
OSINT - Framework - For any job you really could think of
Whois Domain Search - Find who is the domain registrar or info about a site.

Usernames, Emails, Real Names, Business info, Government resources and more
Sometimes you need some data about a business, This Focuses on the US mostly as other nations aren’t so free when it comes to release of information.

BeenVerified - Used for US Residences maybe able to uncover a lot of data about someone. $1 for 30 days (New members only, Please do not abuse this).

That’s Them - Semi-Free website for those who just want to do a few searches about an Email, Name or address.

Skype Resolver 2019 - Haven’t used but skype is a P2P Messaging client. Still used by many scammers.

WeLeakInfo: Mentioned above

Freedom of Information Act: Can be used to aquire data from any federal agency within the US. There’s over 100 of them & only 9 exemptions to what isn’t allowed to be requested.

Know the law & Your rights
whether you’re falsely accused of illegal or immoral practices, Caught up in illegally accessing a protected device, Doxed, Hacked or slandered. You have the right to know the protections under the law.

US Law
Miranda Rights - US
UK Law
India Law


Tools/Source Codes/Programs:
PopupDB - Generator for those good ol popups
Oracle Virtual box
Wireshark - Internet Traffic analysis
Scam Baiting tools - A little outdated but easy to doctor up into modern standards.
xSerpentineX’s Scambaiting setup
Google Dorks, Varity of dorks for other things
Dirsearch, Webpath detection tool/Hidden Dir Finder
The Tor Browser bundle
Mailbait - Fill your inbox
Grabify - IP Grabber (No, I Don’t grab IPs)
OBS (Open Broadcasting Studio) - Record your baits
Python3 - Use for making your own tools/programs
Async RAT - Use at your own risk
OVH Cloud Hosting
Google Translate
Report a Decepive site
phonerator - Credit to @TheUnsocialEngineer for posting this to the discord server.

Forums/Anti-Scam Resources
This website you’re on right now.

VoIP Providers:
Google Voice
Text Now

Call Spoofing: - Use at your own risk:
SpoofTel - Paid for service

SMS Verification - Use for google voice, Telegram or whatever that requires you to have a valid phone number to receive a OTP to verify your account


Personal List questions I ask people to prove they’re not a scammer:
Contact me on Telegram or Jabber to get the list:
Telegram | Jabber: [email protected]

Track a scammer:
Scam Search
Dating Scam database
Scammer Email Database
Track Cryptocurrency
List of Dark Web scams - Can Vouch for 99% Accuracy, I did my own checking.

Tor Hidden Service Navigation (Find Scams & Legit markets)
DarkDotFail - PGP Verified Links (Good for High Profile shutdowns).
DNL - Dark Net Live (Good & Trusted Site).

Note: The Next set of links & filled with scams. However some contain Immoral content or legal content that is restricted to ages 18+ I Do not condone visiting any website that possess illegal content or visiting a website restricted by the age of majority in your country. These are solely provided for finding scams on the Tor Network. If you’re of the age of majority please review the slang used on within the cyber criminal underworld to avoid visiting a site you regret.

Onion Land Search Engine
UnderDir: (Tor Hidden Service)
(others will be added, I’m too lazy to open tor to find them).

Email Services:
Yahoo Mail
Temp-Mail - For Spam from mailbait
Firefox Relay - Same as temp-mail but keeps your real email private.

Fake Name Generator
Fake Name Generator

Legit throwaway Visa Debit cards
Throwaway Debit cards with set limits

Express VPN - Has privacy concerns, Good company security measures.
ProtonVPN - Free but slow
NordVPN - Shitty please avoid using
Mullvad VPN - Best Privacy but highly blacklisted due to fraudsters
911 Residential Proxies - Good Proxies, 38% or less is blacklisted
Mozilla VPN - Haven’t used, so no judgements

Fake photos - use with fake names & Backstories. Might as well pick up the entire family + the horses for the ranch house right?
This Person Does Not Exist
This cat does not exist
This Artwork does not exist
This horse doesn’t exist

Yandex (EN) Yandex (RU)
Bing - I know you’re going to meme, but keep it out of the thread
Startpage - DuckDuckGo Alt
Swisscows - Another privacy based search engine
Telegram Channels - Dark Web

If you hate how ugly wire-shark is, but don’t wanna be a skid using octosniff, Than these might be better as they’ll categorize traffic better and are suited for people who aren’t network engineers.

Glasswire Intrusion Detection system (Windows)
LittleSnitch (Mac OS X)
OpenSnitch - linux

Great for malware testing, Scambaiting or generally spying on web traffic origins.

Malware :
Any Run
hybrid analysis
Ollydbg - Decompiling tool
IDA Pro - Decompiling tool

Keywords/phrases for searching on any search engine

Want malware?
Simply go to youtube and search for the following
Call of Duty Hacks
Fortnite Hacks
CS:GO Hacks
Apex legends hacks
You’ll find a ton of .zip/.rar/.7z files loaded with free malware. Mostly Redline stealer, NJRat, NannyCorn, and other cheap/cracked rats most aren’t even crypted so everyone who downloads it should know what it does.

VX Underground
Any Run
Malware Bazaar

Need a constant flow of what hackers are up to these days?
XSS.IS - A Russian Cyber crime forum - (Best to use on tor after you paid $100 or show skills)
Hackforums AKA SkidForums
Twitter-dee tweeter-dumb

Want some phishing links:

Check this post for ‘account hackers’ - Works on TikTok (I do have an account with 1 post).

Note: I do not condone illegal acts of “Hacking” which includes but not limited to Exploitation, using malicious post-exploitation software (RATS, Stealers, Botnets etc.), Scripts, Scanners, Spoofers, Trollware, Jokeware, Ransomware or whatever that intends to destroy, disrupt or etc any business without any explicit written permission.

Vigilante-Toolset - used for taking down pedophile sites on the dark web but can be used for anything you want to use it for as long as it’s a .onion site on the tor network.

Metasploit - Used for a a variety of things.

Burp Suite - One of the best web application exploitation tools, Highly recommend the pro edition.

Exploit DB - Filled with the most common exploits, can be searched for a majority of CVEs.

Hosted Scan - Use with to make unlimited accounts.

Law Enforcement Resources
FTC - Federal Trades Commission
Better Business Bureau
Department of Transportation
Federal Bureau of Investigation (FBI | DOJ)
Reporting a scammer on paxful

I’ll be updating this list semi-often to add more stuff, this is just a generic list. I’ll push updates with replies formatted as following:


This keeps the thread at the top and helps new or old baiters find new resources to tackle scams more efficiently

If this guide has helped you, Please leave a like, Comment or don’t.


Thank you so much! Have a great day!

1 Like

First update pushed: 02/13/2022: Removed the vocabulary, Exported to Pastebin where it’ll be updated.

Added Numerous links to the post including subcategorization to make it cleaner and more user friendly

1 Like

No Problem updated the post to include more resources

1 Like

Doxxing is illegal if you do it for the purpose of stalking someone/harming someone/getting people to do any of those.

You can also simply report scam websites to domain registrars & hosting providers - I’m not sure if you mentioned that. Also, same for scam phone numbers & their cellular providers.

1 Like

Yes indeed It’s in their somewhere but I forget where

Depends on the context I’d say & Laws vary from country to country. Cyber Stalking or Swatting is illegal everywhere due to the fact someone could die as a result or suffer massive mental issues at a later date which causes a plethora of issues.

As I said doxing is typically not illegal until someone makes it illegal, which would be considered using hacked/stolen data, harassing someone or swatting someone or etc.


Update 2 Pushed: 02/16/2022
New Malware related tools/websites
New IDS tools for web traffic analysis/Anti-Hacking
1 New tool thanks to Dragon#0122 on discord (Other is in Kali linux)
Several New search engine entries for finding more scams

1 Like

Update pushed: 02/20/2022
Added a few links, Cleaned it up a bit to look more professional.
This message is to push the thread so more people read this more or less.


Raidforums was… Raided. Ironic hey?

When did that happen, and why was HF not raided? Is HF a glowie hunnyp0t?

1 Like

Do you mean HackForums? There are too many of these forums for them to raid all of them.


You realize that Hackforums Owner is publicly known? Jessie lives in North Las Vegas with 4 kids and a wife. Google it. Hackforums is legal on the basis of Section 230. The reasons is: Jessie doesn’t do anything illegal, Most of the stuff published is rather terrible, Yes Hackforums has had it’s legal problems see blackshades & Botnets but he removed it entirely.

1 Like

Not an attorney but I feel there are ways around this. For example, the feds could try to subpoena HackForums for subscriber information. When this obviously goes nowhere, they could get HF in trouble for disobeying a subpoena.

Also, you can arrest anyone for tax evasion at this point. See Al Capone.

IIRC the IRS went after a child porn ring once, with the help of the FBI of course.

Hack forums gives out user info when requested by law. This has occurred numerous times

1 Like

Ah, that is good. That, in a way, does make it a honeypot.

It has federal agents looking at it as does other forums.

Update pushed Added New Phishing, Malware Sample sources, Telegram search engines.

1 Like

Yeah HF = Hack Forums

I figured they were somehow protected for some reason, I guess they just hand over everything asked for so there’s not much reason to take them down.

I guess Raid Forums was not co-operating and that’s why they got raided lol

HF is protected by section 230. If you read Omni (AKA Jessie W.)'s BIO he doesn’t contribute to any illegal activities. He’s been very nice when it comes to handing over information to police. However there’s 1 scammer who did try to extort him. Jessie’s Personal Information can be found without any issue. He lives In north Las Vegas if you’re curious. He has a wife & 4 kids. He owned a comic book shop in The american north east (I Think boston). Regardless of this Jessie complies with the law & Doesn’t allow a majority of illegal things. The leading causes of RF being taken down come as no surprise. The Admin Omni never complied with legal requests and ran escrow.

Hack forums has a thread made by Jessie titled: “Stop Asking about Escrow, It’s not going to happen” This means Jessie is fully aware it’s illegal to provide a service that caters to illegal activities or he ‘doesn’t have the correct licensing to do so’ this also becomes an issue as the owner of DeepDotWeb got thrown in prison for getting ‘kickbacks’

Either way, not the thread to discuss this topic.