Advanced Scambaiting
Disclaimer
DO THESE THINGS AT YOUR OWN RISK
IT IS NOT RECOMMENDED TO DO THESE THINGS AS SCAMBAITING
Reverse Anydesk connection
First you have to let them connect to your PC, make sure you see their anydesk ID before accepting their connection request.
then send them anydesk request from another PC or the host PC (if you are using VM) at the same time, when accepting their anydesk connection request. If you time it perfecting and you have an inexperienced scammer, you should be connected to the scammer’s PC.
Getting their IP
For this you need a software known as Wireshark
Windows:
winget install -e --id WiresharkFoundation.Wireshark
Debian/Ubuntu:
sudo apt install wireshark
When connected via Anydesk:
run a scan before scammer’s request, accept the request and save the wireshark capture (just in case). enter “ip.src == [your-local-ip] && tcp.port 7070” as filter, this will narrow down capture results to packet from the given ip and only tcp packets.
In most cases, the scammer’s IP would be from the result as shown here:
You might have to look-up all the IPs to know the exact one.
When connected via TeamViewer
You can’t really get their IP via TeamViewer since TeamViewer uses proxy servers to connect both parties which is a bummer for us, your only option at this point is social engineering.
IP Address OSINT
There is not much you can do with just their IP so scanning for ports can be the first step for doing various other things.
We can use Nmap to scan for ports. I have an article explaining the tool in general. You can also watch this video for more help: Nmap Tutorial to find Network Vulnerabilities | NetworkChuck
You can install nmap on Debian/Ubuntu:
sudo apt install nmap
for other installation options, visit nmap.org.
You can also lookup their IP address for more information like their city/coutry & ISP.
I use whatismyipaddress.com for this.
Phone Number OSINT
You can use smth like PhoneInfoga to get information about a number.
Install process & usage is explained here.
that’s it ✌🏽