How to post + Basics. (IP Spoofing, WEBRTC, Socks5, and more)
Hello, sorry for the long post in Part one, here is section two for noobs. If it’s not too much trouble make sure to like this post also, it would be valued! On the off chance that I see you duplicating this guide please attempt to give credit! much obliged.
Webrtc: About webRTC: ( Web Real-Time Communication) is an API definition drafted by the World Wide Web Consortium (W3C) that supports browser-to-browser applications for voice calling, video calling, and P2P file sharing without the need for either internal or external plugins.How to post + Basics
We might be vulnerable to Webrtc IP leaks, WebRTC leaks your actual IP address from behind your VPN, by default. Luckily Fraudfox can spoof Webrtc, the latest Anti detect has a Webrtc changer too.
You can do a WebRTC leak test here: https://browserleaks.com/webrtc
Please don’t disable Webrtc from about: config, it really doesn’t look legit.
Plugins: Plugin Detection: all the plugins that you have installed can leave a footprint, both AD and Fraudfox can help to avoid this. How to post + Basics
Time zone and Clock: when you perform operations of carding or impersonating identities of people residing in different places with the different time zone you are in the position of having to change your time zone to have to align with one of the victims.
You should match the time zone of the socks you are currently using, fortunately, Windows
this operation is very simple, just go to the clock in the bottom right of windows and click: ̈Edit Time and Date Settings.
Font Detection: Font fingerprinting – is what fonts you have, and how they are drawn. Based on measuring the dimensions of the filled with the text HTML elements, it is possible to build
an identifier that can be used to track the same browser over time. Long story short, if we install new fonts, that would leave a fingerprint. This is really a minor factor from my experience but we can still randomize and spoof that, so, no problem.
IP Spoofing: We will need to spoof the Cardholder’s location, we do that via SSH, RDP, Socks5, etc. How to post + Basics
1) The IP should Country/State/City match the cardholder. The closer the better. 2) The chosen IP should have immaculate blacklisting (you can check blacklists on: http://www.ip- score.com and click MORE BLS) but the truth is told, sometimes it’s hard to tell whether a site has really blacklisted
a given IP or not, as most have an internal blacklisting, for instance, Paypal might have its own internal blacklisting. Checking blacklists is still a good indicator though. Also, you might notice that your personal IP might be blacklisted, even if you never did spam/fraud with it, so take that into consideration, even my real IP is blacklisted for I don’t know what reason. 3) How to post + Basics
The chosen IP should have a low RiskScore, try to keep this riskscore at less than 5 it’s a metric
from Minfraud, you can read more here: https://www.maxmind.com/en/explanation-of- minfraud-riskscore. I use http://mcs.sx for checking RiskScore. You can also check it on xdedic.biz 4) Low Proxyscore: Go to getipintel.net and test the IP, the proxy score should be 0. 5) The IP has to be residential:
you want to avoid data center IPs as they don’t really look legitimate in the eyes of anti-fraud systems, also business IPs look good. If you are wondering whether the IP is residential or not, simply go to whoer.net, and on the top, you will read ISP. Generally if the IP has an American ISP, you are on a good track, simple google: ̈list of American Internet service Provider ̈to get a good list of American ISP. Datacenter IPs have ̈data ̈, ̈hosting ̈ ̈Cloud and related words as ISP. 6) The IP should be as close as possible to the FULLZ location, at least within 80 miles, I use distancebetweencities.com. Ok, I also like to discuss socks5 RDP and SSH.
Socks5 is a protocol that works with the proxy server, a popular choice amongst carders, I believe it’s the most effective way of spoofing your IP. However, most fraudsters are carding through SSH nowadays, so I suggest SSH as your main way of IP Spoofing. I use to like to use; proxifier or Foxyproxy to link socks to my machine.
Some proxy providers: http://www.seproxysoft.com/en
luxsocks.ru(provider has closed registration but still worth mentioning )
Premsocks.com, truesocks.net, ironsocket.com, sockslist.net, isocks.biz
Vip72.com (overly blacklisted but they have plenty of locations worth mentioning)How to post + Basics
For linking socks to the machine, I recommend you proxifier and Foxyproxy. RDPs stands for Remote Desktop Protocol, you are basically connecting to a remote computer. In fraud, they are generally used to maintain Bank Drops and PayPal Middleman Accounts. But they are also used for carding. You can get RDPs from the clearnet, just googling RDP will do. The problem with non-hacked RDPs is that their IPs come from a range of database IPs that have some history with fraud. How to post + Basics
That’s where HACKED RDP comes in handy, hacked RDP generally have a clean residential IP, and there are plenty of illegal auto shops selling them: You can buy them from: xdedic.biz, http://uas- store.ru, pp24.ws, tunastock.ru, rdpterminals.tw.
Once you log in to the RDP, remember to change the password and create an hidden username aka ghost user, so that the real owner will not notice, there is a tutorial on both xdedic and uas-store.ru for it. Also, you can card from there, you don’t have to think much about spoofing as they are an identity themselves and a real device.
Socks5 vs RDO vs SSH.
RDPs are more expensive but they identify themselves, you can card from there, absolutely no spoofing needed whereas socks are more cost-effective but they require a spoof setup. There’s a rumor that in 2019 carding with socks is dead, I say it’s bullshit it’s probably because these peope have bd socks and/or crappy spoof setup. I suggest starting from RDP carding and then moving on to Socks once you are more confident. SSH is a middle way and should be the most used way of spoofing IP for intermediate carders, they cost slightly more than socks.
SSH Tunnel: Port forward via SSH (SSH Tunneling) creates a secure connection between a local computer and a remote machine through which services can be relayed. Because the connection is encrypted, SSH tunneling is useful for transmitting information that uses an encrypted protocol, such as IMAP, VNC, or IRC.
Long story short thanks to SSH you can connect to a remote machine and get its IP. Now the thing about SSH Tunnels, is that we get the IP of another machine and we can use it in our machine, I generally make a new virtual machine, use SSH Tunnel, and there we go. I buy SSH from: pp24.ws and tunastock.ru. in order to use SSH you need to:
1) Download and install bitvise client from bitvise.com
2) Launch the software and go to the SSH tab, Click on all the blue links such as Key Exchange Algorithms and tick all the Checkboxes for all links.
3) Go to the services tab and tick the ̈enabled ̈ box in the SOCKS/HTTP proxy forward part
4) Now, on that part, the listen interface should be 127.0.0.1, Listen Port on 5555
5) You are done with bitvise, you will need to click on ̈the login ̈ tab and put the login data for SSH. Another step is to install proxifier if you have not done it already, proxifier allows you to tunnel SSH IP to ALL your VM software.
- open Proxifier and go to profile -> Proxy Servers ->Add
- on ̈Server ̈ put 127.0.0.1 and on Port put 555 3) On Protocol check SocksV5 Server
- Go to Profile -> Name Resolution -> Uncheck “Detect DNS automatically” -> Check “Resolves Hostnames Through Proxy”
- We are done with Proxifier, now all we have to do is to go on tunastocks.ru or pp24.ws and get an SSH.
Virtual Carding Beginner Walkthrough/Mentors together with the User-Agent HTTP header another HTTP header, which identifies the network, and the language used by the system that is making the navigation.
Use an Accept-Language header that matches the language of the victim.
Flash version spoofing: Always spoof the latest flash version.
Email Spoofing: We will need to use an e-mail that looks legit. This is not really that discussed on forums, according to emailage, Square and Western Union are their clients
So emailage checks on plenty of things:
- checks if the email has the name and surname of the customer.
- It calculates the score of the email domain.
- It calculates the age of a specific email, fraudsters are well known for creating quick e-mails, and that is how they can spot us.
So depending on the score you get from them, they will either approve your attempt, put your order on
review or simply decline it. To make things worse, they have an internal blacklist of e-mails, so reusing emails with them isn’t wise. They also have all the other IP validation stuff that any other anti-fraud protection provider has.
For private emails, I suggest getting an anonymous email provider, one like domain cheap (They accept BTC), and get whois protection. Also, will you attach the domain to an anonymous hosting provider? You can make as many emails as you wish with the same domain from Cpanel. Email doesn’t reveal all the info about their measures, but I think somehow they can also check the age of free emails, private emails are very easy as you can check the domain age of a website. Now let’s go to the actual spoofing software, I believe there are 3 main choices here: A Configured Portable Browser, Anti detect, and Firefox.
*
Hope you guys enjoyed this free method/how too. I will be making multiple posts for noobs as well if you need any more help. So please feel free to glance at those as well!.
WE ARE HERE FOR SERIOUS BUSINESS WE DO NOT ENTERTAIN OR RESPOND TO TIME WASTERS. WE HOPE YOU ARE AS SERIOUS AS WE ARE
Contact us for support. We sell fresh tools like CVV & Cards, SSN, Paypal accounts, Dumps with Pin, ATM Skimmers, Email Leads, Smtp, and lots more.
We have other services like Bank transfers to any bank account, we can Cards anytime for you and ship for half the price, Carding iPhone 11 pro, Botnet setup service, and Carding Classes where you will learn everything that will help you make money.
Lists Of Transfers Available for Grabs
You can make a lot of money as your mind can conceive. You don’t necessarily need to 9 am – 5 pm job to have a life. Live Your dreams, buy that house, go on that vacation, buy that dream car, and invest in real estate with these transfers.
Paypal Transfer —————————————Click Here
Cashapp transfer ————————————-Click Here
Western Union Transfer —————————Click Here
Bank transfer ——————————————Click Here
Venmo transfer —————————————Click Here