Open-Source Scammer Intelligence Archive
Internal data, chat logs, admin panels, and infrastructure from criminal scam networks
📂 Browse Archive • 🤖 Report Scammers • 🐦 Twitter • 🌐 Website
ScamIntelLogs is a public intelligence archive containing leaked, dumped, and collected data from cryptocurrency scam operations. This repository preserves evidence that scammers typically delete to evade accountability.
| Data Type | Description |
|---|---|
| 💬 Internal Chats | Telegram group conversations, private messages, operational discussions |
| 🎛️ Admin Panels | Screenshots, configs, and audits of scam infrastructure |
| 👥 Scammer Identities | Telegram IDs, usernames, wallet addresses, known aliases |
| 💰 Theft Records | Victim wallets, stolen amounts, transaction hashes |
| 🎨 Phishing Assets | Design templates, clone sites, drainer configs |
| 📊 Financial Flows | Payment records, affiliate payouts, laundering paths |
| 🌐 Infrastructure | Domains, hosting providers, bot tokens, API endpoints |
We do NOT hack, attack, bruteforce, or compromise any systems.
All data is collected through passive intelligence gathering:
- 🔍 OSINT — Open-source intelligence from public sources
- 📥 Leaked Data — Community-submitted dumps from insiders
- 🕵️ Social Engineering Artifacts — Data exposed by scammers themselves
- 📡 Passive Monitoring — Public channels, forums, blockchain analysis
- 🎁 Voluntary Submissions — Victims and researchers sharing evidence
When admin panel access is obtained (through leaks or misconfiguration), we conduct non-destructive audits to document infrastructure without modification.
| Audience | Use Case |
|---|---|
| 🔬 Security Researchers | Study scam TTPs, drainer mechanics, social engineering |
| 👮 Law Enforcement | Evidence for investigations and prosecutions |
| 📰 Journalists | Exposés on organized crypto fraud |
| ⚖️ Victims | Identify attackers, support recovery efforts |
| 🛡️ Threat Intel Teams | IOCs, infrastructure patterns, actor tracking |
Scammers systematically destroy evidence — deleting Telegram chats, burning wallets, rotating domains. This archive ensures:
- Permanent Record — Evidence survives deletion attempts
- Pattern Analysis — Cross-reference actors across operations
- Accountability — Public exposure deters future activity
- Community Defense — Shared knowledge protects potential victims
Each scam operation gets its own directory. Inside, evidence is organized by type:
TeamName/
├── chat/ # Internal Telegram group conversations
├── channel/ # Public channel announcements
├── successful_thefts/ # Confirmed theft records (wallets, tx hashes, amounts)
├── designs/ # Phishing page templates and clone assets
├── payments/ # Payment logs, affiliate payouts
├── scammers_login.txt # Known participant Telegram IDs and usernames
├── domains.txt # Associated phishing domains
├── iocs.json # Machine-readable indicators of compromise
└── index.html # Visual evidence browser for this team
Not every team has all folders — it depends on what evidence was collected. The root index.html lists all archived operations with descriptions and direct links to every subfolder.
This archive is part of the PhishDestroy threat intelligence ecosystem:
| Project | Description |
|---|---|
| destroylist | 70,000+ malicious domains blocklist |
| PhishDestroy Bot | Telegram bot for scam reporting |
| phishdestroy.io | Main project website |
We accept submissions of scam-related intelligence:
- Telegram chat exports (JSON/HTML)
- Admin panel screenshots/configs
- Scammer identity information
- Domain/infrastructure data
- Wallet addresses and transaction evidence
Option 1: Pull Request
git clone https://github.com/phishdestroy/ScamIntelLogs.git
# Add data to new directory: NewTeamName/
git commit -m "Add NewTeamName data"
# Submit PROption 2: Anonymous Submission
- Telegram: @PhishDestroy_bot
- We protect source confidentiality
- Remove personal victim data (redact if necessary)
- Include context: team name, operation type, timeframe
- Provide source attribution if comfortable
- Structure data in readable format
- This repository contains evidence of criminal activity for research purposes
- Data is provided "as-is" without verification guarantees
- Do not use this data for harassment, vigilante justice, or illegal purposes
- Victim PII should be handled responsibly
- We are not responsible for misuse of this information
MIT License — Free to use, clone, modify, and distribute.
Law enforcement agencies are explicitly authorized to use this data for investigations.
