Carding Training Course 2025 (Free Lecture)

01:00

Deleted Account

18 February 2025

Mars Walkman joined group by link from Group

MW

17:15

Mars Walkman

Hello Everyone First lecture strats tommorow 21:00 Msk

19 February 2025

SS

05:19

Sam Scrimar

Ok

MW

19:02

Mars Walkman

Alright, let's get started. The first lecture will be dedicated to registering PayPal accounts.

19:02

PayPal is ultimately a universal tool that combines all the functionality needed for a carder.

19:02

The basic principles of registering PayPal accounts aren't much different from registering with regular banks.

19:02

Its anti-fraud system is set up in a rather peculiar way.

19:02

Over time, as you work closely with PayPal, you'll start noticing patterns in how its security systems operate.

19:02

Here’s what we’ll need for registration:

19:03

1. Pre-made or purchased email account.
Each email has its own reputation, which can be checked using tools like https://t.me/reputmailbot I recommend buying high-reputation emails, as it will significantly improve performance, not just with PayPal.



SS

19:03

2. A configured anti-detect browser. (Portable versions of Firefox and similar browsers won't work well for large account volumes). OctoBrowser and Undetectable perform quite well.

19:03

3. Full info (fullz) with a current address. To verify the address, I recommend using services like BeenVerified or InstantCheckmate for background checks.



SS

19:03

4. A disposable phone number (In 90% of cases, if used correctly with PayPal in the US, you won't have to receive SMS constantly. For starters, you can try services like TextVerified or SMSPool).

19:03

5. Proxy/VPN/PPTP, not necessarily in the full info's state (Personally, I lean more towards VPN connections; PayPal tends to be more stable when it sees the same IP during logins)

19:03

PayPal generally doesn't respond well to duplicate accounts, so I strongly recommend using BeenVerified to obtain fullz yourself.

19:03

We turn on the connection, open the anti-detect browser, log into the email, and go to the PayPal.com website. In the top right corner, click 'Sign Up' https://prnt.sc/8PJPgcHxt8aQ

19:03

and choose a personal account (we won't be covering business accounts in these lessons). https://prnt.sc/WoBmISUSiuiV

19:04

Go through the registration process:

19:04

https://prnt.sc/zDjynUfeK-oV

19:04

Receive the code on the purchased disposable phone number

19:04

https://prnt.sc/-25fWAPbTOOk

19:04

https://prnt.sc/sKQBCMrUjeNY

19:04

https://prnt.sc/MBlhuAPNIBkh

19:04

https://prnt.sc/PdsAAlUiSuNy

19:04

enter your last name, first name, email, password (come up with one yourself), and a valid address.

19:04

https://prnt.sc/kP9xiCoRf1Oi

19:04

Make sure to save everything you've entered in a text file!

19:04

Next, it will prompt you to link a card, etc.

19:04

At this point, I usually just type PayPal.com in the address bar and get directly to the dashboard.

19:05

Next, I recommend logging out

19:05

And you should receive an email
https://prnt.sc/ehGbTt7qs07c
Please confirm your email adress

19:05

Click the link and confirm.

19:05

Go to the 'Finances' tab, select 'Savings,' and go through the process of getting a savings account.
https://prnt.sc/tf_FEAbvbwDN

19:05

There are three possible outcomes:

19:05

1. After filling in the information, everything will open successfully, and you will see your savings balance.

19:05

2. After clicking the confirmation button, you may receive an error stating that your SSN is incorrect (this error can usually be resolved by changin

19:05

3. You cannot access savings right now (this cannot be fixed)

19:05

Next

19:05

Let's try to get a VCC (Virtual Debit Card) on PayPal...

19:05

https://prnt.sc/n_nh6prrnyza

19:05

https://prnt.sc/YPHCzUYUiswA

19:05

After confirming the address, you might receive a security check for obtaining a card. Just click the 'reuse' button in the service where you purchased the number and get the code.

19:06

After that, we will be asked to create a PIN for the card

19:06

And in the end, we will receive our VCC from PayPal

19:06

Homework:
1. Consider and describe a method for gathering fullz with high credit scores using this background check service and others as well..

19:06

2.Register 10-20 PayPal accounts (you can modify the registration process as needed)
Try to obtain a virtual debit card.

19:06

Any questions?

20 February 2025

SS

06:10

Sam Scrimar

In reply to this message

So it is better to buy gmail account with warming up

MW

06:11

Mars Walkman

yes

SS

06:13

Sam Scrimar

So the lesson is how to create a PayPal account and get VCC

06:14

and this will make it easier for us in carding, for example, to accept from another card funds to the VCC card

06:14

I heard that working with PayPal is the most difficult thing in carding, because they have a good security system, and it is improving every day

P

14:21

Preacher

In reply to this message

all this requires no extra identity verification like ID card?

P

15:29

Preacher

In reply to this message

@maskwalkr223 this bot has nothing for sale again

MW

17:36

Mars Walkman

@Kiroshiproject use this

MW

17:36

Mars Walkman

P

Preacher 20.02.2025 15:29:41

@maskwalkr223 this bot has nothing for sale again

MW

17:48

Mars Walkman

Yes
In 99% of cases, PayPal doesn’t ask for ID verification. They only ask for documents if you trigger their fraud checks.

MW

17:48

Mars Walkman

P

Preacher 20.02.2025 14:21:00

all this requires no extra identity verification like ID card?

MW

17:50

Mars Walkman

Honestly, dealing with PayPal isn’t exactly easy—that’s true. But if you keep practicing and learn the key anti-fraud triggers, it can become an almost indispensable tool in some cases.

MW

17:50

Mars Walkman

SS

Sam Scrimar 20.02.2025 06:14:53

I heard that working with PayPal is the most difficult thing in carding, because they have a good security system, and it is improving every day

SS

19:16

Sam Scrimar

In reply to this message



MW

19:22

Mars Walkman

You linked your card, cool—but what does that have to do with the homework?

SS

19:32

Sam Scrimar

VCC

MW

19:35

Mars Walkman

bro, read please again

MW

19:35

Mars Walkman

MW

Mars Walkman 19.02.2025 19:05:44

Let's try to get a VCC (Virtual Debit Card) on PayPal...

SS

19:37

Sam Scrimar

Yes, understand, but we should work from mobile, bcs they asking for scan the QR code from application to get this log in from phone and get VCC

MW

19:38

Mars Walkman

no, you can use web-version

19:38

for start

19:40

Yeah, the mobile version has more features and is way more fun to use, but it’s better to start with the web version—it’s more straightforward.

P

20:15

Preacher

In reply to this message

is he a vendor ?

MW

21:43

Mars Walkman

yes

21 February 2025

MW

13:17

Mars Walkman

next lesson 02.24 21:00 msk

24 February 2025

Class has set messages not to auto-delete

MW

19:03

Mars Walkman

Hello everyone

19:04

Alright, let’s begin

19:04

Let's talk about linking banks to PayPal.

19:04

PayPal has its own API for bank verification—it's called Yodlee Money

19:04

You can link a bank to PayPal either by entering the bank login and password or by adding the account and routing numbers, followed by verifying it through micro-deposits.

19:04

In the first case, it’s straightforward: select the bank, enter the password, and the account is linked. From now on, we’ll refer to this method as the 'instant bank link

19:04

In the second case, we need to take the account and routing numbers from our brute or self-registered account and perform the following actions:

19:04

https://prnt.sc/LPwNFar6aIxH

19:04

Click on 'Link Bank'.

19:04

https://prnt.sc/vAXdi_J5YsAM

19:04

https://prnt.sc/PmeJM8JNsgA6

19:04

https://prnt.sc/pVvc29iu2MC2

19:04

Here, enter the account and routing numbers for the bank. Click 'Agree,' and PayPal will send us micro-deposits to the bank account.

19:05

Now we need to catch these micro-deposits, or rather, see the transactions on the bank account (micro-deposits usually arrive 2-3 business days after being sent)

19:05

There is a small pool of banks that will allow us to use a service like.. https://www.quicken.com/products/simplifi/

19:05

SimpleFi or Quicken (they're roughly the same, but Quicken works more reliably) to view transactions on the account.

19:05

The registration process is quite simple. For purchasing, you can use a credit card, a debit card, or PayPal itself with a linked payment method

19:05

https://prnt.sc/9QiCoTKIMKEa

19:05

Click 'Add.

19:05

https://prnt.sc/43Lyv1eyiBeP

19:06

Select your bank.

19:06

https://prnt.sc/DelfD7nzHHHV

19:06

Add all the accounts that interest us

19:06

Wait a couple of days from the moment you link the bank to PayPal, and you will see similar transactions

19:06

https://prnt.sc/auibNoQ7GGyV

19:06

Everything that’s green is the micro-deposits

19:06

Then we go to PayPal, click on the bank, and confirm it using the micro-deposits

19:06

Now, here’s what we can do with PayPal and the linked bank:

19:06

1. Simply go and make a purchase on the website that interests us

19:06

2. Make a deposit to the PayPal account (you can also make a deposit to the PayPal savings account)

19:06

3. Send a payment to your second self-registered account from the bank.

19:06

4. Buy cryptocurrency on PayPal using the bank.

19:06

5. Send money through Xoom.

19:07

Look for sellers, find out which banks are instant in PayPal and which are not. Take 5-6 different brute banks and try to link them to your PayPal. Also, try to make a deposit, a purchase, send a payment, buy cryptocurrency, and send money from different accounts.

19:07

Next lesson tommorow 21:00 msk

19:07

Any questions?

MP

19:12

Ma Pony

All lessons from 1 month ago have been deleted.

19:13

Please send it back to the teacher. Thank you.

MR

19:27

Mr Rain

In reply to this message

hi, i'll send it again soon

❤

MP

MP

20:01

Ma Pony

Thanks Teacher

25 February 2025

MW

19:01

Mars Walkman

Hello Everyone

19:01

Now let’s talk a bit about warming up a PayPal account

19:01

Essentially, warming up involves performing trust-building actions with your PayPal account. Primarily, this includes making trustworthy transactions such as:

19:01

1. Purchases

19:01

2. Sending/receiving payments

19:02

3. Receiving payroll deposits

19:02

4. Receiving direct deposits

19:02

5. Linking a card to Apple/Google Wallet (yes, PayPal can see these links and responds positively to them)

19:02

6. Making payments from Apple/Google Wallet.

19:02

7. Receiving/sending payments for goods and services (G&S)

19:02

8. Receiving a refund for a purchase/payment.

19:02

9. Depositing from a card/bank to the balance/savings.

19:02

But first, let's figure out how to fund our PayPal account for warming it up. The simplest and most convenient way is to take a ready-made PayPal account with completed KYC for cryptocurrency and send your own LTC/BTC/ETH to it

19:02

What to do next? It might seem simple—just send payments to your other newly registered accounts. This way, we will create a chain of accounts

19:02

What’s the benefit of this? If we don’t create suspicious activity in the accounts involved in this chain, then later,

19:02

the payments will go through between them without any issues.

19:02

What’s the downside? PayPal's anti-fraud system will see that these are newly registered accounts (unless, of course, you’re combining accounts with different registration frequencies and varying warming-up activities) and may limit all the accounts. Some might get unlocked, and some might not—either way, it's not a pleasant situation.

19:03

Additionally, if you commit a fraudulent action on an account, such as depositing from a bank account and you receive a chargeback, then the entire chain is again at risk of being limited.

19:03

What I do: I simply break the chain using Xoom, specifically by sending from one account to PayPal virtual cards and making direct deposits of $10-30.

19:03

There are more interesting options, such as: asking a real person to send you a payment in exchange for cryptocurrency, creating a seller account on the same eBay and linking PayPal as a payment method, and selling eGifts, and so on. It all depends on your imagination.

19:03

Basically, you can avoid funding your PayPal account and instead use a virtual card with a balance to start making payments/purchases and deposits to your balance. The same applies to self-registered bank accounts.

19:03

And now, those who completed the homework, please write down what you did and what difficulties you encountered.

28 February 2025

SS

12:41

Sam Scrimar

Where is lecture?

B

14:22

Bob

In reply to this message

hi, you talked about how pay pall works in America, is the approach the same in Europe or are there some nuances?

It turns out that our pay pall account is registered with the same data, and we will make a deposit from a third party card, right?

MW

15:13

Mars Walkman

next lecture today 21:00 msk

15:16

I can’t give any comments on working with PayPal in Europe. And yes, PayPal does allow deposits from a third-party bank.

MW

15:16

Mars Walkman

B

Bob 28.02.2025 14:22:43

hi, you talked about how pay pall works in America, is the approach the same in Europe or are there some nuances?

It turns out that our pay pall account is registered with the same data, and we will make a deposit from a third party card, right?

MW

18:59

Mars Walkman

Hello Everyone

19:00

What withdrawal methods are available from a PayPal balance? Let's go over them:

19:00

The simplest way is to withdraw to a card: just link a previously registered or purchased virtual/physical card to PayPal and withdraw.

19:00

https://prnt.sc/1qKwO4RBmjnI

19:00

https://prnt.sc/sce3IXfEzUJm

19:00

https://prnt.sc/fdSBpCysiIxO

19:00

Withdraw to a bank. To do this, either link it to PayPal via instant link or input the account and routing number, as we remember from previous lessons. It's not even necessary to confirm it with micro-deposits; PayPal will still allow the withdrawal, which typically arrives at the bank within 1-3 days, depending on the bank and the day of the week when you made the transfer.

19:00

https://prnt.sc/1qKwO4RBmjnI

19:00

https://prnt.sc/sce3IXfEzUJm

19:01

https://prnt.sc/SQunhzJsA8Av

19:01

If your PayPal account has completed the KYC process for crypto, it’s even simpler. Buy cryptocurrency, like Litecoin, click the exchange button, and transfer it to an external wallet. For this method, it’s recommended to have a rented phone number linked to your PayPal account, as PayPal often requires SMS confirmation for withdrawals. You can rent a number, for example, on a service like this

19:01

Send money to a friend on another self-registered account, or directly to cash-out services (they typically accept around 70%). I personally don’t use this method, as it results in a fairly low percentage compared to other options

19:01

Simply buy gift cards using your PayPal balance. It’s the easiest but also not the most efficient cash-out method

19:01

Send money via Xoom. This company is a subsidiary of PayPal and is used for international transfers. The minimum amount for sending is $10.25. To do this..

19:01

https://prnt.sc/1qKwO4RBmjnI

19:01

https://prnt.sc/Dkn2GsYN1lny

19:02

https://prnt.sc/Y2uuBxp8Plng

19:02

https://prnt.sc/lACVgd78BLEp

19:02

https://prnt.sc/md-k8tGkbKP3

19:02

https://prnt.sc/lFFaKD884OWT

19:02

Then, depending on where you intend to send the money, choose either a debit card deposit or bank deposit, enter all the recipient's details, and send.

19:02

This method allows us to send money to our recipient without attaching it to PayPal, and interestingly, we can send money from multiple PayPal accounts to the same recipient. Additionally, if PayPal's anti-fraud system often restricts our ability to withdraw funds using the previously described methods, it tends to be more lenient with Xoom and will always allow you to do so. However, keep in mind that Xoom has its own anti-fraud system

19:02

Order a check. Personally, I have never used this method, as it is too slow and cumbersome to work with.

19:02

And let's touch on credits in PayPal

19:02

PayPal has three types of credit:

19:02

1. Credit line https://www.paypal.com/credit-application/paypal-credit/da/us/landing?fromCape=true

19:03

2. Credit card https://www.paypal.com/us/digital-wallet/manage-money/paypal-cashback-mastercard

19:03

Business loan https://www.paypal.com/us/business/financial-services/business-loan

19:03

4. Installment plan https://www.paypal.com/us/digital-wallet/ways-to-pay/buy-now-pay-later

19:03

With the credit line, it's straightforward: we go to the PayPal website, preferably using an already registered and somewhat established account, and we try to obtain it. After a thorough review, we either get approved right away or are asked to upload documents. From my experience, in about 1 out of 3 cases, after uploading the documents, approval occurs, and the amount shows under our balance.

19:03

https://prnt.sc/W4mrg0GLd97_

19:03

How can we get this money? The main thing is not to make any sudden moves; let the account rest for a couple of days, and then the cashing out can only occur through purchasing something from your drops or through buyout services.

19:03

The credit card is more interesting. The application process is exactly the same as in the previous case, but in the end, we may receive an amount that can vary from $300 to $5000, depending on the credit rating of your full profile https://prnt.sc/es2qmbbgHcZC

19:03

But there is an important condition: we won't be able to withdraw the entire amount at once, but only a portion. For example, if we receive a credit card with a limit of $5000, we might only be able to withdraw $3500 until the physical card arrives at the address and is activated.

19:03

In contrast to the first case, here the process of cashing out is quite simple. The money is sent to another account using the send feature

19:03

Business Credit, commonly known as BML, is only available for PayPal business accounts. You can start by warming up a personal account and then convert it to a business account. After that, follow the link and try to obtain credit as in the first case. If everything goes well, you can cash out the funds through purchases.

19:04

https://prnt.sc/MFgvCaqubZDX

19:04

Lastly, the installment plan typically also requires a slightly warmed-up account. Its essence is simple: PayPal allows you to split a payment into 4 parts or pay monthly. It often requires linking a card, and less frequently a bank.

19:04

How to work with this: Suppose we were approved for an installment plan of 4 payments. We take a highly liquid digital or physical product, set up the installment plan, and link our self-registered virtual card, which should ideally have around 1/4 of the total amount we need to pay.

19:04

We buy the product, receive it, sell it, potentially taking a profit of around 50% from the product purchased this way. The same process works with monthly installment plans.

19:04

That's all for today

19:04

who completed the homework, please write down what you did and what difficulties you encountered.

3 March 2025

MW

16:22

Mars Walkman

next lesson tommorow 20:00 msk

P

19:03

Preacher

any Russian SMS verification website ?

MR

19:22

Mr Rain

Hi guys
Sorry had spamblock on my account, i'll try to send all lessons again today later

MW

20:53

Mars Walkman

textverifed,grrizzlysms

P

21:40

Preacher

In reply to this message

not Russian and expensive

4 March 2025

MW

12:31

Mars Walkman

In reply to this message

sms-activate

MW

18:19

Mars Walkman

Hello everyone.

18:19

Today, we'll touch on the topic of account warming again and working with limits

18:19

PayPal treats each store differently: fraud detection is heightened in some places, while in others it's minimized.

18:19

For example, sites like https://give.feedingamerica.org/ and similar donation platforms generally have a lower fraud score with PayPal. Transactions with banks or cards can often be made for relatively large amounts, even with minimal account activity.

18:19

This is useful because PayPal gets accustomed to your account. After a few successful transactions on sites like these, it’s quite possible that PayPal will then allow you to make purchases at stores of interest, make deposits from a card or bank, or even send funds.

18:19

There are two options for making a purchase with PayPal: a one-time purchase and a subscription

18:19

A subscription, as you understand, involves recurring payments. For this, PayPal generally requires a linked bank account or card. For a regular purchase, neither of these is needed if you have a balance.

18:19

Next, I'll share a bit about sending funds. Here's what I do: I go to https://randomwordgenerator.com/name.php
to generate a random American name and surname. I enter these in the PayPal search when sending, then select a random account that appears from the list

18:19

PayPal’s anti-fraud system tends to respond positively to actions like these

18:19

The next point: 99% of anti-detect browsers are garbage. And working from the main computer all the time doesn’t make sense—you’ll get detected, and all your accounts will be restricted.

18:19

I can recommend using smartphones instead.

18:20

The PayPal app has more extensive features such as mobile check deposits, payment acceptance via QR code, and several other functions

18:20

The conclusion is to keep some accounts in an anti-detect browser while maintaining others on mobile devices.

18:20

Now, let's go over the limits

18:20

You can get limited for anything, for example: repeating the same purchase day after day, or it may not limit you for that at all. How it imposes limits is almost always a big mystery...

18:20

Every time after the next mass limit occurs, I analyze which accounts were limited and based on what principle

18:21

Typically, to lift the block, they request documents, mainly a driver's license and a utility bill, but they may also ask for a bank or card statement. The set of documents can vary depending on what has happened with your account

18:21

It might seem simple: just prepare the documents, upload them to the resolution center, and wait...

18:21

But no, if you do nothing, your account will, in 99% of cases, drop into a 120-day hold the next day, meaning you won't see your money for more than 4 months, or maybe never at all

18:21

What should you do?

18:21

You need to call PayPal and try to act like a very clueless user!

18:21

In most cases, you should upload documents while on the call, asking questions like: "Where do I click?", "What should I upload?", "How do I upload it?", and "Oh, I'm getting an error...

18:21

You should annoy the support agent as much as possible so that they are eager to see your documents quickly, close the case, and never have to deal with you again.

18:21

You can also work with the support chat (think about how to force the bot to connect you with a support agent).

18:21

And a little more about the chat, specifically the support agents: whether in chat or on the phone, I highly recommend against working with Indians.

18:21

They are extremely lazy people, and it’s easier for them to lock your account in 120 than to try to understand the situation and help you.

18:22

If you see a name like Rajesh, immediately end the conversation/chat and start a new call or chat!

18:22

Questions?

5 March 2025

Class invited Nuck [offline]

6 March 2025

N

21:05

Nuck [offline]

In reply to this message

I was banned on telegram, Are you able to resend this to me?

L

21:19

LiteOFF

In reply to this message

y.

9 March 2025

MR

14:00

Mr Rain

#lesson (Introduction and security)

I'll mark every lesson with hashtag #lesson and so u always can find it here
also I'll add tag #useful to posts with useful links and contacts

So, our first lesson is about what is carding and about some important terms for our next work, then we'll talk about security
Also please ask any questions after lesson, so if anybody missed lesson he could read it and then read other questions and answers

There Is a delusion about carding that carding is very easy and very profitable, just like the money button
and it's not exactly, because carding is really profitable, but not so easy, it's real work, but just not legal

From the term "carding" I think you all understand that we'll work with cards, which doesn't belong to us
And maybe some of you worked with cards earlier, but if not, it's okay, we'll have training practice for beginners and also today we'll talk about some important terms

So let's Imagine that we bought a credit card and here is the example how it usually looks like:
4393598220284327|11\21|041|Somebodys Name|3109 Forest Drive|Washington|VA|20005|703-
871-1263

We've got there:
NAME: Somebodys Name
ADDRESS: 3109 Forest Drive
CITY: Washington
STATE: VA=Virginia
ZIP CODE: 20005
TEL. BILLING NUMBER: 703-871-1263
CARD NUMBER: 4393598220284327
CARD EXP DATE: 11\21
CVV CODE: 041

Also it can be in another format, but the point is the same
And sometimes there is Middle name in name, it's okay, we may not use it, because shops don't check it

Some cards beside this info can contain ssn and dob (social security number and date-of-birth) and rarely mmn (mother's maiden name), it can be useful in some cases such as enrolling cards or for additional verifications, we'll talk about that
And now let's take a look at the card number, there is a very important thing - BIN number
bin is the first 6 numbers in card for example 400395, it can give us a lot of information

At first, we can check emitent, it can be AmericanExpress, MasterCard, Visa, Discover and many other companies that we don't care cause they are unuseful for us (for example in Russia we have МИР and it's piece of shit, really, I don't recommend to use it for carding too)
We usually work with Visa and MasterCard because Discover processes payments slowly and Amex cards have fast chargebacks, it's not good for us

So, chargeback is when cardholder calls to his bank and says that his money was stolen from card and after that bank calls to shop and says the same shit and after this shop usually cancels our orders and we don't get our money
Amex and Discover have fast chargebacks so we usually don't work with them

We may use bindb.com or bins.su to check info about bin, and it's really easy to differ companies which made card by bin:
-CC's that start with number 3 such as 3xxx-xxxx-xxxx-xxxx are AMEX
-CC's that start with number 4 such as 4xxx-xxxx-xxxx-xxxx are VISA
-CC's that start with number 5 such as 5xxx-xxxx-xxxx-xxxx are Mastercard
-CC's that start with number 6 such as 6xxx-xxxx-xxxx-xxxx are Discover

To get payments shops usually have payment system. Also some payment systems can be e-commerce platform too, I mean beside getting payments they can process orders and hassle shop's manager if something is wrong with our card or ip address, or browser and so on

BUT
Sometimes there are exceptions, which we'll talk about
Especially in Asian shops

Also there is antifraud system beside payment system, it's not the same, but they are usually used together, we'll talk about antifraud, it's very important thing in carding

Using checkers such as bins.su we also can check what bank issued out the card (Bank-emitent), what is it's level and type
So, Card can be of two types - debit and credit, and also it has a lot of levels (and debit with overdraft sometimes)

14:00

debit card resembles the credit card by the method of using, but it realizes direct buyer account debiting at the moment of the payment. And credit card has credit limit so we can spend additional money, it depends on the size of the credit limit
this size depends on card level. There are a lot of levels - classic, standard, prepaid, platinum, gold, premium, premier and so on

You don't really need to know about each level for now but I recommend not to use debit classic, debit electron, debit standard and debit prepaid, because almost always they have about 100$-150$, it's not worth our time
Also there are such levels as business, world, reward etc
I recommend not to use it when it's possible
It can have additional restrictions

And some useful things for our next work
our team have main board — carder.market
here u can find useful contacts and vendors
but always check if it's trusted and if admin checked it and verify contact in personal message on forum

And now let's talk about security etc
So, we should differ privacy from security and also from pretending to be a holder, first of all privacy ≠ anonimity ≠ security, all of them have differences

Privacy is when anyone can find out who you are in internet but "they" don't know what are you doing here
Security is just when it doesn't matter if anybody knows who you are and what do you do, but it's secure, because can't be watched

When we do something not really legal like carding, we need privacy and anonimity and security as well and it's not so hard to set it up and keep
First of all when we surf some darknet sites and just not legal sites as carder.market, home provider can see our dns-requests and direct IP requests

DNS is system which connect domain and server
So any website is stored on server, but it has domain to connect to it
So when we put google.com for example to address bar dns system search dns-record for google.com, then give us the server's IP
So providers can see it and it's too suspicious when we surf any illegal sites
Also they can use DPI, but i'll show how to bypass it

Also sometimes you can read about changing Mac address
But it's senseless
Because mac address is local network identificator

We must keep our sites in secret from other people especially from home internet provider as well as our internet traffic, and so we may use vpn or tor
we can use TOR or I2P for surfing forums. It's a good way to keep privacy and anonimity, by the way you can use tor browser as well as tor proxy

If you want to use tor proxy, just start tor and put 127.0.0.1:9050 as socks-proxy in your any program or any browser, for example you can use it for your wallets

Also I recommend to use personal vpn and we'll make our own VPN on the first practice. I really not recommend to use any VPN services. They can log us. It's absolutely not safe, so it's better to make own VPN without logs

The next important point is payments
First of all, obviously, never pay for any dark services with your own card or PayPal, pay using crypto

Secondly, never use Binance or other services like that
It requires kyc and they control your money, also they send your info to police without any doubts
I recommend to use exodus or trustee or any other free wallets with no kyc
And changelly or changenow for money exchange

Also it's better not to use usdt, because it's observed by CIA
Monero is the very best crypto if we talk about anonymity

The next very important thing - security of our own data and how to keep it
So let's imagine that all of our data keep on our hard-disk unencrypted and some script kiddy schoolboy hacks us and get it
It's really bad cause after that he can blackmail us. also guys from police can do the same in fact

So, we need to protect our personal data, the best way is to encrypt it, I mean not all data but just tutorials, any files with bins, ccs and other work stuff

14:00

But before it let's talk some about OS
Windows is insecure, it's a fact
The best way is to use Linux systems, there are a lot of it:
Home systems such as Ubuntu, Debian, Fedora etc
Strongly secure systems: Qubes, Whonix
and many others

Sorry guys, lost my internet connection
let's continue

It's not necessary for now, but If you'll want to start learning Linux, I recommend to try Ubuntu on virtualbox at first, it looks like windows and it's pretty easy for new users, or debian, or fedora
And there is one big problem in linux systems — some tools don't work there correctly
For example some antidetects, in that case I recommend to use it on Windows VM or just on other PC with Windows

And for encryption i recommend to use VeraCrypt (https://www.veracrypt.fr/) for this purpose because it's strong and easy to use
It can create a small disk partition just in file and after that you can mount it and save your files to this partition and also it can make hidden partition, nobody can prove that it even exists because it's really hidden under the first encrypted partition

Another thing is fingerprinting. Today almost each modern site has fingerprinting system, it collects information about your browser type and version, as well as your operating system, active plugins, timezone, language, screen resolution and various other active settings

So we should use browsers which can prevent it, there are many antidetect-browsers, we'll talk about it on next lessons when we'll talk about how to be disguised as holder, but there is newest version of Mozilla, which also can prevent fingerpring leakage. I strongly recommend to use it as well as vpn to surf websites

Also there is free version on dolphin, it can be used for personal security , and we'll use it on training practice (BUT I don't recommend to use it for carding usually)

That's all for today, feel free to ask any questions
We'll have practice with setting up VPN tomorrow, I'll send homework soon

First homework for you is to buy server and download tools:
You need these tools to connect to server from windows

#useful_info
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

and Servers

https://www.vps.ag/
https://csrdp.host (best)
https://yourserver.se (the best)
https://itldc.com (the best)

I recommend to buy server with the last version of Ubuntu or Debian without RDP installed on it

N

14:01

Nuck [offline]

In reply to this message

Regarding the browser, is Firefox still what you recommend after the latest news about it.

Can we use Linken Sphere?

MR

14:02

Mr Rain

#lesson (Antifraud)

So, antifraud is the system which checks different parameters in our browser and connection and then add fraud scores if it find something strange and often it causes to decline our payment

Beside that, of course, every time when we card, we need to be like a holder
because otherwise bank-emitent, merchant and af-system just decline our payment

So we can't use only VPN or Tor when card some stuff
VPN and tor are just for privacy and personal security, but when we card, we need to use something that can make our connection and it's location closer to holder billing address and also it must be clear

So we can use:
- SOCKS
- SSH-tunnels
- Home dedicated servers (RDP or VNC)
- OpenVPN home configs

Socks is stable and fast way to connect to other server and use it's ip for hide us and mask us as holder, but It can die very fast

Ssh tunnel is connection when we connect to server and then proxify our system
So when we buy ssh-tunnels we connect to home servers, after that we can proxify our traffic and use ssh as the way to mask our connection

Dedicated servers are real home PCs which we can use for carding but often it has dirty IP, it's not good because we'll get additional fraud scores
It can be used via RDP protocol or VNC

And home OpenVPN config is when somebody set up vpn on home router in USA or in other country, then we can use such VPNs for carding because it has pretty clean ip
it's nice way but sometimes it's difficult to buy such configs
IT'S NOT THE SAME AS VPN ON VPS

Always check contacts of sellers on forums, it's better to always use only trusted services, and there a lot of it on carder.market

And now let's talk about one of the most important thing in carding
After we buy any of these things (SSH or Socks or Dedic) we need to check some very important things and check it's clearance

So at first - black lists
Let's check our current connection, it's safe, just for example, just imagine that we connect to ssh or socks
so, go to https://dnschecker.org/ip-blacklist-checker.php and let's check if our IP is in black list just for example (we don't need to check it later, just for example now, the same thing we always do with socks or ssh or rdp before carding some stuff)

If ip for carding (not vpn) has more than 2 blacklists then it's not good
so it should have 2-3 black lists max and If more then we usually have to buy another ssh or socks

After that we always need to check score here http://getipintel.net/free-proxy-vpn-tor-ip-lookup/

If it's more than 0.6-0.7 then we should change ssh or socks to another and check it
so if our ip (of our SSH or Socks) is in more than 2-3 black lists or it's score more than 0.6-0.7, then we have to buy another one

After that we should sign up here https://www.ipqualityscore.com
Then we should go there https://www.ipqualityscore.com/user/proxy-detection-api/lookup and check our ip using 2nd method

So here we need to check:
Proxy/VPN Detection: ___
VPN: ___
TOR: ___
Fraud Score ___

The first three should be False, it's important
Fraud Score should be less than 65-70, 70+ is really bad because antifraud mark it as fraud IP

Also there are two bots @ipscorebot @zpcny_bot
They also can check it
Also they can check ASN, it's pretty important thing for large shops

So, ASN is an ID of group of IP addreses
Some companies thought that it's too difficult to check IPs and they decided to group it and give a number to each of groups, so if this group in black list, then all IPs in black list
They also can check ipqualityscore but not good, so we need it firstly for checking asn, don't use it instead of other checkers

So we always should check our IP using these checkers
That's all for today, feel free to ask any questions

For proxy I recommend:
https://piaproxy.com
https://www.mangoproxy.com/
tisocks.net

That's all for today

14:03

In reply to this message

Firefox is okay for personal usage
But for personal usage you also can use brave for example
For carding antidetect browser is always better



N

14:03

#lesson (Carding basics)

So, when we gonna card something we buy ssh or socks first, before buying card and we buy card just before the payment, so in that case we'll be able to refund it if it's dead, the best way is to get ssh just near the holder, but if we have not such ssh we can use with the same city or the same state

So let's imagine how holder usually buy something online

1. He just open any shop
2. Chose some stuff
3. Then he use his billing address and shipping address
4. Then he enters card's details and makes a payment

So he can easily do it and he doesn't care about his IP address or other things, but we must think about many things before making payment, because holder has real setup, but we just try to mask as holder

At first before we buy CCs we need to find SOCKS or SSH with ip near the billing address
Then we should check if it's pretty clean using checkers and then we should get some cookies
because holder has cookies in his browser so any shop will see that he is an active user а

And so when we gonna card we have to collect some cookies too, so we can just surf some news or shops and then open the shop which we wanna use

After we get cookies and go to shop we just choose some stuff and then when we gonna use shipping we must consider very important thing which is in most shops in USA - AVS. Its Address Verification System

AVS can check only numbers but if shop has this system (most of USA shops has it) then we must enter real billing address of card holder or we'll get decline, for example if address is 1212 Street Road, it'll check only 1212 and so, there are some another things that u should know

At first we can card some "not liquid" stuff such as blenders, hunting stuff etc, not large shops may ship it even if shipping address isn't the same as billing
or we can try to find shops without AVS and use it, but it's really difficult in USA (we'll talk about EU and Asian shops later, on next lessons)

So
Also we can use CCs of countries which don't have AVS, but many shops can see it when process order and it would raise questions, so it's good way but just for not large shops with "non-liquid" stuff
"Liquid" it's stuff which is easy to sell, iphones, mac and other electronics
"Non liquid" are blenders, hunting stuff etc

Regarding liquid stuff, we can use Enroll, or such ways of carding as pickup and redirect, we'll talk about it later on lessons
And now let's talk about where to buy CCs and how to choose the right CC

There are many cc shops and I recommend to use only trusted vendors, because besides good shops there are resellers and other scam, especially sometimes a lot of resellers appear on forums

At all times carders sometimes have troubles with quality of ccs and if anybody says that his shop has 100% validity, just know that it's bullshit

Some shops have not much filters, just base, bin, type

These filters are really not enough because we can't choose types of levels for example, but it helps to save some good ccs for those who search by bins

So I recommend to collect your personal notes and write any bins that you'll buy and use
but let's imagine that we don't know any bins but we really need to buy good ccs
In that case we should go to bins.su and find there some bins and then search by them in shop for example

Other shops have more filters, you can choose level and type there
But if you'll choose cards only by level and type, it's not the right way, because there are banks which I strongly recommend not to use

I recommend not to use these banks:
1. JP Morgan Chase
2. Bank of America
3. Citi Bank
4. Wells Fargo
5. US Bancorp
6. HSBC North America Holdings
8. PNC
9. Capital One
10. TD Bank US
11. BBDT
12. Barclays
13. Suntrust

They have strong antifraud system

14:04

#useful

Antidetects are browsers which allow to spoof fingerprints and hardware

Two main antidetects are linken sphere and multilogin

multilogin.com и ls.app (coupon for linken LS_YL59CEPDL2PF)

All info about setting up is in documentation on ls.app

So I just give some recommendations

1. Configshop

It's linken's feature, there are many opinions about if it's useful. Some people think that it decides any problems, some people think that it's useless. So use it if you don't want to set up antidetect features and want to use ready option.

Configshop is available only for pro subscription.

Also pro subscribers may use useragent-shops, but it's bullshit, because all useragents are in public access:https://www.myip.ms/browse/comp_browseragents/ http://www.useragentstring.com/pages/useragentstring.php

Then take a look at the main session window

It's about sessions
One carding session - one settings set

1. Connection

It supports all common ways: socks, ssh, tor+socks
U don't need additional tools, just put socks or ssh data in field and then it will be checked and connected

Take care about webrtc, it can compromised u, antidetect can spoof it automatically

Also antidetects can change timezone regarding local IP.

2. WebGL
You may change it or not, it's not necessary, but if you change it, take care that it's realistic combos (don't use for example Nvidia vendor and AMD model)
.

3. Fingerprints, the most important thing

I recommend to:
- Block pop-up
- Change canvas or use original (don't block it) *
- Spoof audiofingerprint
- Spoof plugins (for example u may use common holder's plugins as adblock)

I marked point with canvas because there is an important thing. IT MUSTN'T BE TOTALLY UNIQUE.

If after changing you check there https://browserleaks.com/canvas and see that it's 100% unique then switch off spoofing and use original canvas

Multilogin and Che has the same features, but it spoofs canvas better. Also u may take it for team.

After creating session check it here:
https://browserleaks.com/canvas (CANVAS MUST NOT BE UNIQUE)
https://pixelscan.net/
https://amiunique.org/fp (IT'S BETTER TO BE UNIQUE)

And there is some useful feature paste like a human

Never copypaste any data when u fill in address or cc in order page, but u may copypaste it when using paste-like-a-human module.

And I recommend to use webemulator of browser to get cookies from any site u put there

Also besides sphere I recommend multilogin, che, octo

Che especially good for start

14:04

Mr Rain:
#lesson (Drops and pickup)

These are two advanced methods in carding as well as enroll, which we'll talk about and it allows us to ship liquid stuff and deal with antifraud

The first one is pickup — pickup is when we make an order on cardholders address, then we hold it on local carrier station and then drop with fake ID go there and pick up our package and after that we get money from pickup-service for stuff

So if order will have cardholder's addresses, name and phone number in all fields, shops should ship your stuff more easy because it looks less fraudulent

Also it solves the problem with AVS system, because our billing address matches with the ones in bank file because we put cardholder's real address as billing

When we want to use pickup, we:
1. Ship package
2. Hold package on local carrier
3. Text pickup service
4. Get money
So at first we should find Pickup-service, there are many such services on carding forums.

So
All pickup services including this one has list of stuff that they want to get and also pickup-zone map

Pickup-zone is very important because pickup-service can get the package only in that zone, so when we want to work with them we'll check zone and look for CCs with ZIPs in this zone

Also there are blacklisted zips, you can see it on map, we mustn't ship anything to these zips because pickup-service will not be able to get it

So when we look for CCs we should take only CCs with zip in pickup zone, then after package are shipped we text any call-service (u can find them on forums) and ask them to call to the post-office and hold the package until holder gets it and then drop takes it and we get our money

Usually there are 3 methods of work with drop and pickup services

1 - 50/50 (not really often)
2 - stuff for % (in most cases)
3 - reshipping (sometimes)

So, 50\50 is when we ship two items, for example
pickup-service gets one on them and the second reships to us

When we get cc, we may check (it's optional) all the information about cardholder using BG services like instantcheckmate.com - just take any cc and pay for subscribtion there (30$) and u can have background reports with actual addresses, phone numbers, emails etc, it may help if we buy CC with wrong billing

So, if we use big popular shop for pickup-carding I recommend to put cardholders phone number (the oldest one from background report just not to let shop gave a call to him, but this phone will be on file and it's okay for shop) and e-mail address which cc shop gave u with cc (when we get to checkout just spam it via flooding services)
and also for smaller shops you may use google voice number instead of cardholder's one

And when we card little shops we can put google voice number for example instead of real one

After checkout and successful order sometimes we may call to shop and get order info, because some shops usually calls us so we may call them first, usually some shops call to verify the order, but sometimes they may ask additional info about cardholder which we can get from BG, but it's not often, if everything is allright - you will have tracking number on the next day or later

VERY IMPORTANT THING:
We can use only UPS and FEDEX for pickup, packages of other delivery services can't be holded

When we get tracking number we should check it and wait untill it will be at last post office, after that we text to call-service and ask it to call and to hold our package
After that we send data about order to pickup-service and wait when they get it

When we work with regular drop-service, not with pickup-service, we can work in three ways:
ship non-liquid stuff to drop,
change billing address to drop's one and send bill=ship (using enroll)
and use rerouting

Drop-service also has list of stuff which they can get and which they can buy and pay us, so we check this list and then send stuff to the drop

14:04

The process is the same
we need browser, CC and SSH or socks and also we should use UPS, FEDEX and sometimes we may reroute DHL

So we also ship to holder's address and then when we get tracking number we should wait and after one or two days (DON'T USE FAST DELIVERY) we should give the info to call service and try to redirect package to drop's address (we should get it before, in drop-service)

#useful_info

You can use for rerouting these call-services for example:
@fbi_call
@Nika_Nikola

Also you can find another callers on forums

That's all for today
Feel free to ask any questions

14:05

#lesson (Gifts and Enrollment)

Let's start about gifts
There are two types of gifts — plastic cards and electronic gifts
First of all gifts are not good way to start in carding, because it has very strong antifraud in most of the shops

So, plastic gift card is not so useful for us because it's not easy to use it after we card it, because it's delivered too long and we need drop which can get it and use in store

So carders usually buy e-gifts, it looks like mix of numbers and letters, or sometimes it's virtual e-gift card number and then we can put this code in online store while checkout and make a purchase on its balance amount

it solves some problems which we have when paying just with CCs
Because at first we don't care about AVS using egifts, because it has no billing address when we use it for buying something

Also antifraud is less patient when we pay using e-gift, because we use only this way or purchase and so it doesn't check more, but unfortunately it's more strong when we buy e-gift itself, because banks and shops understand that gift is good stuff for carders

So we can cashout e-gift card using any billing and shipping address (including international if shop has delivery to other countries)

E-gifts can be mentioned in different ways in shops, usually they are called E-Gift, E-Voucher or E-Code
Just for example let's go to talbots.com and scroll down, there will be Gift Cards button, then we should click on it and choose E-Gift Card

So here you can see fields for: gift amount, reciever’s email addres, gift message and his name and the same for holder
it's typical for egifts

Some online stores send e-gifts instantly but its not easy to find such stores, so talbots send e-gift instant but it's not so clear because we really get it instantly but when we use it our order may go to additional processing

There are some tricks when we card e-gifts
at first I recommend to use different email-domains for sender and receiver of gift
for example gmail.com for sender and yahoo.com for receiver
also u can use hotmail and yahoo, not only gmail

There are three types of shops with e-gifts
1. Which send gift instantly and we can use this Immediately
2. Which send gift instantly but then process it
3. Which send it after processing (2-3 working days)

to find out it we should pay in shop and check how fast it send us e-gift, so we can't check it before

It's better to card 2 and 3 type using debit cards
and first type using any cards
shop will process debit payment faster

When we buy gifts using CC I recommend to use IP as closer as possible to holder's ZIP and antidetect browser

So, also there are very hard shops such as Victoria Secret, they check real holder's number and call him, so it can be carded only with enroll with phone number changing

Also we can put the same last name for sender and receiver
for example sender John Smith and receiver Ann Smith or use for example Smiths Family as sender or James&Ann

What about e-gift message, you should think about it and try to write good message because its really important for shop's manager which will process the order
we can write it due the shop stuff, like if there is brand things like Gucci or LV we can do it like:
"Yo bro, there is a present for u so u can buy some good stuff here u see. Love u and see u in Atlanta next week in good stuff on u bro.
Best regards,
Kevin."

It can be holded while payment for egift is being processed and as for e-gift cashout, when we get it we may ship stuff from shop using receiver's email and address or try to sell it to somebody in forums
also dont cashout egift card instantly when it gets to email, wait for couple hours

There are:
1. Big shops
2. Shops which aggregate a lot of gifts
3. Monobrands

so the best way is third type

It's small shops
It's easy to card but not so easy to sell to anybody
So such gifts are usually used for buying something to yourself

14:05

And let's talk about enrollment, in carding 'enroll' is access to online banking = online access to credit card account, I think all of you have something like that, most banks offer this when you get your card in any country

Such account is really great thing in carding, especially when we card in usa, because usa banks have very useful features which we can have using enroll

But not all cards can be enrolled, it depends on bins and banks, in most cases we can't enroll debit cards, so usually we use credit cards, but also not all credit cards can be enrolled

Features which we can have using online access also depend on bank, there can be many different features and the main are:

1. At first we can know available credit limit, so using this info we can plan how much we can spend using this card
all of the banks show us available balance in account when we enroll the card, it's really useful

2. The main feature is that we can change credit card billing address, not all banks enable it in online account, so using some banks we can't change it or have to call to bank to do it

So changing billing is most useful thing in online banking so when you find bin where you can change or add additional billing address I strongly recommend to write it to your notes and use for big payments

3. Also many banks allow to check minideposits
Minideposits are one or two deposits less than 1$ that shop can take from card when we pay to verify that it's using by holder, the point is that we'll check the exact amount of deposits in transactions history and send this info to shop, after that they approve our order, also some services can use verification by minideposits when we add card to it

4. Some banks allow to change 3ds code in online account and it's very useful

5. Some banks also allow to switch off region lock. Region lock is when we can't use card for international payments, sometimes USA cards have this feature and in that case we can't use it in EU or Asia

6. Also there is award system in some banks, like travel points or something like that which we can spend on avia tickets, e-gifts etc

So, well, how to enroll cc, imagine that we have no bins that we know exactly can be enrolled, I'll give you some after lesson
We just need CC, in such cases you can use CC that you already pay by, just to check what info card needs to be enrolled and if it can be enrolled

We take such CC and go to bank's site and look for something like Sign Up\ Enroll and then check what info is reqiured
We need bank which requires only SSN and DOB for enroll
not mmn, primary bank account number or things like that - only credit card info and ssn+dob

I recommend to use credit cards with level higher than classic for this, because debits usually can't be enrolled so when we find such bank and bin we go to a bank’s homepage, click sign up and fill In all the fields with needed info (SSN, DOB and CC's info)

After we entered info we click continue and if there is a message that ur card already enrolled - click Forgot Login and Password and make a reroll with setting up a new login info, else everything will be okay and you just set up login for enroll and password

While doing all of this I recommend to flood holder's email in case when holder gave his email to bank, they can send him a message that "Congratulations with you enrollment and something like that
Also enroll may have alerts, like e-mail alert for transactions, address change or something else and we have to switch it off after signing up, not all alerts, but alerts which can really disturb us
for example if there is alert when u spend more than 100$ then I recommend to switch it off

#useful

Flooding services:

https://t.me/eValidator
https://flood-studio.com/login.php

Enroll bins for example:

470105 — https://onlinebanking.hiway.org/HiwayFederalCreditUnionOnline_E2E/enroll.html
411325 — https://onlinebanking.hiway.org/HiwayFederalCreditUnionOnline_E2E/enroll.html

Feel free to ask any questions if you have, that's all for today

14:05

#lesson (Shops)

Let's talk about one of the most important thing — how to find cardable shops and analyze it before hit

At first we should grab shops and then check if it can be pretty easy cardable and then we can think how we can card it, so, there are two main ways to grab shops

First one is the most common and effective way, it's how holders usually look for shops

Holders usually using google when looking for shops so we also can use it but in special way
at first, when holder usually looks for shops he use something like "buy iphone" and the problem is that google use keywords and so for this request it gives us too popular and huge shops such as amazon ebay etc, and so it's not the best search request for us and so we usually use google SEO-operators
So, you can get operators here for example https://moz.com/learn/seo/search-operators

Holders usually don't even think about how to make their search request better and more correct, but we need really correct request so unlike holders, we use these seo operators to make our search request more clear and useful

For example good search request may look like buy+iphone+256gb+gold intext: "cart"

here "+" means that all words should be included in results and "intext: cart" means that all sites in the result should contain the word cart (there is cart in almost all shops)

The second way of using searchers is to use SEO tools which parse results of Google
for example A-Parser or Selka or Butterfly or any other SEO-parser

They grab the results using keywords and give it to us, it's easier and faster but often they grab a lot of shit and sites which are not needed, so after that we need to sort this
also parsers need anti-captcha module for google, in other case it would not be able to collect pages

Also I recommend to use Ip of the same country which u want to find shop in for example US IP for finding US shops

The third way of working with searchers is to use another searchers without personalization such as duckduckgo.com
they have different results than google for example
Or AI searchers, they are developing fastly

Also there are two another ways to get shops:
1. Amazon and Ebay sellers
2. Reseller tops and forums

There are personal sellers on Amazon and Ebay beside of official companies which sell their stuff using amazon and ebay
I mean almost every product on Amazon or Ebay has "buy used & new" options, so some of these sellers may have shops so we just google their nickname and find it if they have shops and what about reseller tops, it's site like resellerratings.com which contains info about many different shops

We can check it there or use special forums such as hunting forums or something like that, social networks for example
users of these forums usually discuss any new shops so we can use it too

Also regarding shops with gifts we can use dorks, it's part of search request query
for example some ecommerce platforms with gifts which send it instantly have typical structure of links and page where we place order has URL www.site.com/giftcertificates.php (for example http://bqshopestore.com/giftcertificates.php), so we can search using inurl:giftcertificates.php

As u can see, it's not hard to find shops
BUT the main point is to find cardable shops

So when we find any shop we should check:
1. How popular is it?
2. Do many carders do use it?
3. It's merchant (optional)

To check how popular is it we should check alexa rank, it's closed, but so there is a better way — similarweb.com rank

- shops with rank higher than 1 million usually ship easier and don't ask us a lot of questions, don't care about documents and different billing and shipping addresses

- shops with rank lower than 150 000 are usually more difficult to be carded, we usually use brute or logs for it, we'll talk about it on last lesson

- shops with rank about 200 000 - 500 000 are usually not so difficult to be carded using pickup or rerouting

14:05

And also we should try to check if many carders use our shop, so we can go to google and enter something like "ourshop.com+carding" to check if any carding boards have mentions of this shop

And what about merchant
it's not such important as earlier but there are some REAL FUCKING SHITTY MERCHANTS which I don't recommend to work with
they are:
WolrdPay
Shopify (sometimes it's easy to pay with but in most cases it's piece of shit)
Paypal
Stripe
Skrill

Merchant sometimes can be checked here builtwith.com in e-commerce field
homework:
Find 5-7 shops and then we'll work on mistakes
that's all for today

14:06

#lesson (Eu and Asia)

Today let's talk about carding in eu and asian shops, in some ways it's differ from carding in usa so let's talk about difference, positive and negative

At first let's talk about Europe and UK
almost all shops in EU and their payment systems don't use AVS-system and it's very useful for us because we don't have to care about matching billing address when card such shops

So we can card bil=ship, but in UK 70-80% of shops have AVS so if we work with UK I recommend to use holder's billing and another shipping, after that shop's manager can ask us for additional verification such as id or card photo
In that case we can use special services which make such documents in Photoshop for us

And then we send it to shop via email, it's good way, because many shops process your order without any problems if they get these documents
btw many UK merchants such as SagePay don't bother shop's manager if payment was enough clear, so the point is to make manager think that our order is clear in cases when billing and shipping are not the same, and documents can help us with it
Also there is good feature while working in EU and UK shops — they almost never call us

So if they have any questions they usually text us via email and ask for documents and etc, it's useful because we don't have to buy google voice or something like this, and so we can just enter any phone number and they will not call it and check if it's real
But rarely shops may call, we can't find it out before work with it, so I recommend to note such shops

Also EU shops often ship outside of EU, USA don't like it but EU shops are more loyal to international shippings, but beside of positive sides there are some problems with carding in EU and let's talk about these problems and at first - 3Ds system

The main point of 3Ds is that the issuing bank prompts the buyer for a password that is known only to the bank and the buyer. Since the merchant (payment system) does not know this password and is not responsible for capturing it, it can be used by the issuing bank as evidence that the buyer is indeed this cardholder

It helps shops with chargebacks problems because if payment system which uses 3Ds get fraud payment, shop has not to make a chargeback because it's not fault of the shop, but if shop doesn't use 3Ds it must get back money if payment was not legal
So Visa has Verified by Visa (VBV)
MasterCard has MasterCard Secure Code (MCSC)
Amex has American SafeKey
these are different ways to implement 3ds

It depends on bank how will this system work:
It can be
1. Persistent code
2. OTP
3. Special code in mobile banking app

in the first case, it's just a word that holder set for his card, it is permanent, so in some shops we can buy a card with this code, sometimes people sell it, but I don't really recommend to buy such cards because it can be scam.
so if you really trust to seller who sell something like that you can buy it of course
we usually see permanent password on US card
And also there are special bins, and on card of such bins we sometimes can reset this code and set our own, but not often

And OTP is One-Time Password, holders usually get in via sms, EU, Asia and Russia usually use OTP
it's more difficult for us to work with such cards but there are services which can intercept sms on some areas using ss7 vulnerabilities, it's very expensive and in most cases it doesn't worth it, also there are services such as ispoof
and some banks send these password only in Apps, this is really hard to work with

And so, the easiest way is to work with the first type (permanent password), there are many card in cc-shops with bins which has code-resetting, but in European countries the OTP is usually used. so almost always we can work with permanent codes only with usa cards

But US holders can already set the code up if they used EU shops

In that case we can't work even with such type of cards
Also using OTP bots is an option, but there are a lot of scam, be careful

14:06

The second important thing is if payments system has not switch on 3ds system, we'll be able to use almost any BINs because it will not check it
I say bins instead of cards because If one card with the bin has no 3ds then any cards with that bin has no 3ds

So we can face 3 type of cases:
1. Shop has 3ds and BIN has not 3ds
2. Shop has not 3ds and BIN has or has not 3Ds
3. Shop has 3ds and BIN has 3ds too

If shop uses 3ds and bin uses it then when we pay in this shop merchant ask us the password
In this case we can use bins with 3ds-code reset or card with known password

if shop doesn't use 3Ds so we don't care about bins because merchant will not even ask us the code
if shop has 3Ds and bin has not 3ds-security then we can face some problems
For example some EU-shops will not process payments without 3ds and when we try to buy something with such bin we'll get decline and "sorry but your payment can't be processed and so on and so on..."

So before pay in EU-shop with 3ds with card without 3ds we need to check if it can process such payments. We can read it in it's payment policy or just test it with such cardSo before pay in EU-shop with 3ds with card without 3ds we need to check if it can process such payments. We can read it in it's payment policy or just test it with such card

And what about bins with 3ds reset, we can buy such bins from sellers but the best way is to check it on our own, we can take card which we already used, even if it's dead, and try to pay in shop with 3ds, for example we can test it in Hobbyking.com (just for example, shitty shop with WorldPay merchant)
If (even dead) card has 3ds, Worldpay ask us the password and so we'll be able to see if we can reset it on this bin, and if we'll get decline, in most cases it means that this bin has not 3ds

And there is VERY important thing that u should remember while carding something in EU shops
DON'T use CCs of country which you gonna ship to, for example let's imagine that you have drop in Germany
so when you'll ship something to his address DON'T use German cards, because cops will get him fast after they get info about this order

Also there is some bad thing - manual checking
some large international eu shops as Asos for example can check and verify address manually
In that case I recommend to use real billing and different shipping and then make documents when they ask for it
And regarding asian
Their shops have some features which also differ they from USA shops, at first they don't have AVS
so AVS is not a problem for us when we work with asian shops, also they have 3ds as Europe but not so many shops have it, about 50-60%, some shops use 3Ds logo but in fact don't use this system

Small asian shops has manual processing of payments and it works in this way:
we go to shop, enter to payment form info such as billing and card info and then shop's manager process it by himself with holder's bank

Such payment will be zero-fraudulent but it also has problems, because we'll not know if card was alive or dead and also manager can check real billing address in this way so it's not good way to card bil=ship

That's all for today

#lesson (Brute and logs)

It's very important lesson about stuff carding and from the next week u'll have lessons about Bank Accounts with different lecturer, after we finish classes about CC, text me about any questions at any time, i'll be in touch

Brute accounts are holder's accounts in shops or on other websites, which were hacked using bruteforce
We can buy it from vendors or use bruteforce-tools and get such accounts
when we buy it we usually get something like this:
mmm@mm.com : password

Usually hackers use checker-tools after bruteforcing so also we usually get some additional info after buying accounts
for example if it's account of some shop we may get info about balance or about any CCs were saved in acc

So we can classify accounts on:
1. Shop accounts
2. Bank Account
3. Accounts with some digital stuff or miles or any points

14:06

If there are CCs in shop account it can remember CVV code or not, if not then such account is almost useless
but if it remembers CVV code then we can ship something using just this account (so we don't need to buy CC in this case) with it's CC

Some shops reset CVV code after we change shipping address, if it doesn't reset the code then we may ship to any shipping address
if shop resets CVV code, we can ship to holder and then pickup it or reroute

Also if account has balance then we can use it but usually nobody sells such accounts so we can get it only if bruteforce shops by ourselves, so as u can see shop accounts can be used for carding some stuff

Bank accounts are usually used for linking to PayPal and for sending cash to special services, and accounts with digital stuff can be used for pay for something, for example miles can be used for paying for tickets or hotels, or points can be used for paying for food or some stuff

There are some problems with using brute-accounts, at first we don't have cookies and shop sees that we just sign in to accounts using clear browser

So we have some ways to deal with it
at first i recommend not to use brute-account just after first time signing in, use it for surfing shop and it's stuff during 5-7 days, and in this way you'll get cookies in this shop and maybe in that case shop will trust u

Also you can use Android App if shop has it, in this way you need to download edxposed Framework and tools such as Xprivacy, Root Cloak, Device Id Changer Pro and change fingerprints on Android
Or IPhone

Also besides brute accounts there are logs, logs also contain hacked accounts, but it's hacked using stealer instead of bruteforcing
And so it contains more information
First of all when we buy logs we have cookies of holder and info about his hardware and system, and his IP of course

So we can set up our antidetect browser with these features and mask as holder in best way
Also we can import holder's cookies to our antidetect, it helps us to mask as holder

Secondly, we usually have access to holder's email

Depends on log, but usually it has google token or other mail's cookies

When we buy log we usually get txt-file with info and with passwords and logins of holder

Sometimes people sell log itself, in this case it contains a lot of accounts, all data which were got from holder's browser, and sometimes they sell only one service accounts

The process of payment is the same, but we don't need CC. so we import cookies, set up our browser in the same way as holder, and then sign in to account and pay

In most cases shops don't allow to change shipping address
So we can use pickup, but don't forget to clean mails from shop on holder's mail, usually logs give access

Of course the main usage of logs is bank logs
So the next lessons will be about it

Also you can find fresh services on carder.market

Feel free to ask any questions

18 March 2025

B

16:15

Bob

in general not bad, it was interesting to read about the pp, but the funniest part, if one trusts the timestamps that it is 2025, is that it's rather unfortunate that it wasn't mentioned that using a regular VPS is unsafe, as it can be easily detected, and accordingly, the payment will be declined if the anti-fraud system checks for it. (anti-detect browsers do not spoof this check)

but on the other hand if this check can be bypassed, then a vps with geo corresponding to the working country can be used in conjunction with an anti-detect browser. this will help avoid the checks for latency tests that were also not mentioned here.

chushpan said:

01:00

Deleted Account

18 February 2025

Mars Walkman joined group by link from Group

MW

17:15

Mars Walkman

Hello Everyone First lecture strats tommorow 21:00 Msk

19 February 2025

SS

05:19

Sam Scrimar

Ok

MW

19:02

Mars Walkman

Alright, let's get started. The first lecture will be dedicated to registering PayPal accounts.

19:02

PayPal is ultimately a universal tool that combines all the functionality needed for a carder.

19:02

The basic principles of registering PayPal accounts aren't much different from registering with regular banks.

19:02

Its anti-fraud system is set up in a rather peculiar way.

19:02

Over time, as you work closely with PayPal, you'll start noticing patterns in how its security systems operate.

19:02

Here’s what we’ll need for registration:

19:03

1. Pre-made or purchased email account.
Each email has its own reputation, which can be checked using tools like https://t.me/reputmailbot I recommend buying high-reputation emails, as it will significantly improve performance, not just with PayPal.



SS

19:03

2. A configured anti-detect browser. (Portable versions of Firefox and similar browsers won't work well for large account volumes). OctoBrowser and Undetectable perform quite well.

19:03

3. Full info (fullz) with a current address. To verify the address, I recommend using services like BeenVerified or InstantCheckmate for background checks.



SS

19:03

4. A disposable phone number (In 90% of cases, if used correctly with PayPal in the US, you won't have to receive SMS constantly. For starters, you can try services like TextVerified or SMSPool).

19:03

5. Proxy/VPN/PPTP, not necessarily in the full info's state (Personally, I lean more towards VPN connections; PayPal tends to be more stable when it sees the same IP during logins)

19:03

PayPal generally doesn't respond well to duplicate accounts, so I strongly recommend using BeenVerified to obtain fullz yourself.

19:03

We turn on the connection, open the anti-detect browser, log into the email, and go to the PayPal.com website. In the top right corner, click 'Sign Up' https://prnt.sc/8PJPgcHxt8aQ

19:03

and choose a personal account (we won't be covering business accounts in these lessons). https://prnt.sc/WoBmISUSiuiV

19:04

Go through the registration process:

19:04

https://prnt.sc/zDjynUfeK-oV

19:04

Receive the code on the purchased disposable phone number

19:04

https://prnt.sc/-25fWAPbTOOk

19:04

https://prnt.sc/sKQBCMrUjeNY

19:04

https://prnt.sc/MBlhuAPNIBkh

19:04

https://prnt.sc/PdsAAlUiSuNy

19:04

enter your last name, first name, email, password (come up with one yourself), and a valid address.

19:04

https://prnt.sc/kP9xiCoRf1Oi

19:04

Make sure to save everything you've entered in a text file!

19:04

Next, it will prompt you to link a card, etc.

19:04

At this point, I usually just type PayPal.com in the address bar and get directly to the dashboard.

19:05

Next, I recommend logging out

19:05

And you should receive an email
https://prnt.sc/ehGbTt7qs07c
Please confirm your email adress

19:05

Click the link and confirm.

19:05

Go to the 'Finances' tab, select 'Savings,' and go through the process of getting a savings account.
https://prnt.sc/tf_FEAbvbwDN

19:05

There are three possible outcomes:

19:05

1. After filling in the information, everything will open successfully, and you will see your savings balance.

19:05

2. After clicking the confirmation button, you may receive an error stating that your SSN is incorrect (this error can usually be resolved by changin

19:05

3. You cannot access savings right now (this cannot be fixed)

19:05

Next

19:05

Let's try to get a VCC (Virtual Debit Card) on PayPal...

19:05

https://prnt.sc/n_nh6prrnyza

19:05

https://prnt.sc/YPHCzUYUiswA

19:05

After confirming the address, you might receive a security check for obtaining a card. Just click the 'reuse' button in the service where you purchased the number and get the code.

19:06

After that, we will be asked to create a PIN for the card

19:06

And in the end, we will receive our VCC from PayPal

19:06

Homework:
1. Consider and describe a method for gathering fullz with high credit scores using this background check service and others as well..

19:06

2.Register 10-20 PayPal accounts (you can modify the registration process as needed)
Try to obtain a virtual debit card.

19:06

Any questions?

20 February 2025

SS

06:10

Sam Scrimar

In reply to this message

So it is better to buy gmail account with warming up

MW

06:11

Mars Walkman

yes

SS

06:13

Sam Scrimar

So the lesson is how to create a PayPal account and get VCC

06:14

and this will make it easier for us in carding, for example, to accept from another card funds to the VCC card

06:14

I heard that working with PayPal is the most difficult thing in carding, because they have a good security system, and it is improving every day

P

14:21

Preacher

In reply to this message

all this requires no extra identity verification like ID card?

P

15:29

Preacher

In reply to this message

@maskwalkr223 this bot has nothing for sale again

MW

17:36

Mars Walkman

@Kiroshiproject use this

MW

17:36

Mars Walkman

P

Preacher 20.02.2025 15:29:41

@maskwalkr223 this bot has nothing for sale again

MW

17:48

Mars Walkman

Yes
In 99% of cases, PayPal doesn’t ask for ID verification. They only ask for documents if you trigger their fraud checks.

MW

17:48

Mars Walkman

P

Preacher 20.02.2025 14:21:00

all this requires no extra identity verification like ID card?

MW

17:50

Mars Walkman

Honestly, dealing with PayPal isn’t exactly easy—that’s true. But if you keep practicing and learn the key anti-fraud triggers, it can become an almost indispensable tool in some cases.

MW

17:50

Mars Walkman

SS

Sam Scrimar 20.02.2025 06:14:53

I heard that working with PayPal is the most difficult thing in carding, because they have a good security system, and it is improving every day

SS

19:16

Sam Scrimar

In reply to this message



MW

19:22

Mars Walkman

You linked your card, cool—but what does that have to do with the homework?

SS

19:32

Sam Scrimar

VCC

MW

19:35

Mars Walkman

bro, read please again

MW

19:35

Mars Walkman

MW

Mars Walkman 19.02.2025 19:05:44

Let's try to get a VCC (Virtual Debit Card) on PayPal...

SS

19:37

Sam Scrimar

Yes, understand, but we should work from mobile, bcs they asking for scan the QR code from application to get this log in from phone and get VCC

MW

19:38

Mars Walkman

no, you can use web-version

19:38

for start

19:40

Yeah, the mobile version has more features and is way more fun to use, but it’s better to start with the web version—it’s more straightforward.

P

20:15

Preacher

In reply to this message

is he a vendor ?

MW

21:43

Mars Walkman

yes

21 February 2025

MW

13:17

Mars Walkman

next lesson 02.24 21:00 msk

24 February 2025

Class has set messages not to auto-delete

MW

19:03

Mars Walkman

Hello everyone

19:04

Alright, let’s begin

19:04

Let's talk about linking banks to PayPal.

19:04

PayPal has its own API for bank verification—it's called Yodlee Money

19:04

You can link a bank to PayPal either by entering the bank login and password or by adding the account and routing numbers, followed by verifying it through micro-deposits.

19:04

In the first case, it’s straightforward: select the bank, enter the password, and the account is linked. From now on, we’ll refer to this method as the 'instant bank link

19:04

In the second case, we need to take the account and routing numbers from our brute or self-registered account and perform the following actions:

19:04

https://prnt.sc/LPwNFar6aIxH

19:04

Click on 'Link Bank'.

19:04

https://prnt.sc/vAXdi_J5YsAM

19:04

https://prnt.sc/PmeJM8JNsgA6

19:04

https://prnt.sc/pVvc29iu2MC2

19:04

Here, enter the account and routing numbers for the bank. Click 'Agree,' and PayPal will send us micro-deposits to the bank account.

19:05

Now we need to catch these micro-deposits, or rather, see the transactions on the bank account (micro-deposits usually arrive 2-3 business days after being sent)

19:05

There is a small pool of banks that will allow us to use a service like.. https://www.quicken.com/products/simplifi/

19:05

SimpleFi or Quicken (they're roughly the same, but Quicken works more reliably) to view transactions on the account.

19:05

The registration process is quite simple. For purchasing, you can use a credit card, a debit card, or PayPal itself with a linked payment method

19:05

https://prnt.sc/9QiCoTKIMKEa

19:05

Click 'Add.

19:05

https://prnt.sc/43Lyv1eyiBeP

19:06

Select your bank.

19:06

https://prnt.sc/DelfD7nzHHHV

19:06

Add all the accounts that interest us

19:06

Wait a couple of days from the moment you link the bank to PayPal, and you will see similar transactions

19:06

https://prnt.sc/auibNoQ7GGyV

19:06

Everything that’s green is the micro-deposits

19:06

Then we go to PayPal, click on the bank, and confirm it using the micro-deposits

19:06

Now, here’s what we can do with PayPal and the linked bank:

19:06

1. Simply go and make a purchase on the website that interests us

19:06

2. Make a deposit to the PayPal account (you can also make a deposit to the PayPal savings account)

19:06

3. Send a payment to your second self-registered account from the bank.

19:06

4. Buy cryptocurrency on PayPal using the bank.

19:06

5. Send money through Xoom.

19:07

Look for sellers, find out which banks are instant in PayPal and which are not. Take 5-6 different brute banks and try to link them to your PayPal. Also, try to make a deposit, a purchase, send a payment, buy cryptocurrency, and send money from different accounts.

19:07

Next lesson tommorow 21:00 msk

19:07

Any questions?

MP

19:12

Ma Pony

All lessons from 1 month ago have been deleted.

19:13

Please send it back to the teacher. Thank you.

MR

19:27

Mr Rain

In reply to this message

hi, i'll send it again soon

❤

MP

MP

20:01

Ma Pony

Thanks Teacher

25 February 2025

MW

19:01

Mars Walkman

Hello Everyone

19:01

Now let’s talk a bit about warming up a PayPal account

19:01

Essentially, warming up involves performing trust-building actions with your PayPal account. Primarily, this includes making trustworthy transactions such as:

19:01

1. Purchases

19:01

2. Sending/receiving payments

19:02

3. Receiving payroll deposits

19:02

4. Receiving direct deposits

19:02

5. Linking a card to Apple/Google Wallet (yes, PayPal can see these links and responds positively to them)

19:02

6. Making payments from Apple/Google Wallet.

19:02

7. Receiving/sending payments for goods and services (G&S)

19:02

8. Receiving a refund for a purchase/payment.

19:02

9. Depositing from a card/bank to the balance/savings.

19:02

But first, let's figure out how to fund our PayPal account for warming it up. The simplest and most convenient way is to take a ready-made PayPal account with completed KYC for cryptocurrency and send your own LTC/BTC/ETH to it

19:02

What to do next? It might seem simple—just send payments to your other newly registered accounts. This way, we will create a chain of accounts

19:02

What’s the benefit of this? If we don’t create suspicious activity in the accounts involved in this chain, then later,

19:02

the payments will go through between them without any issues.

19:02

What’s the downside? PayPal's anti-fraud system will see that these are newly registered accounts (unless, of course, you’re combining accounts with different registration frequencies and varying warming-up activities) and may limit all the accounts. Some might get unlocked, and some might not—either way, it's not a pleasant situation.

19:03

Additionally, if you commit a fraudulent action on an account, such as depositing from a bank account and you receive a chargeback, then the entire chain is again at risk of being limited.

19:03

What I do: I simply break the chain using Xoom, specifically by sending from one account to PayPal virtual cards and making direct deposits of $10-30.

19:03

There are more interesting options, such as: asking a real person to send you a payment in exchange for cryptocurrency, creating a seller account on the same eBay and linking PayPal as a payment method, and selling eGifts, and so on. It all depends on your imagination.

19:03

Basically, you can avoid funding your PayPal account and instead use a virtual card with a balance to start making payments/purchases and deposits to your balance. The same applies to self-registered bank accounts.

19:03

And now, those who completed the homework, please write down what you did and what difficulties you encountered.

28 February 2025

SS

12:41

Sam Scrimar

Where is lecture?

B

14:22

Bob

In reply to this message

hi, you talked about how pay pall works in America, is the approach the same in Europe or are there some nuances?

It turns out that our pay pall account is registered with the same data, and we will make a deposit from a third party card, right?

MW

15:13

Mars Walkman

next lecture today 21:00 msk

15:16

I can’t give any comments on working with PayPal in Europe. And yes, PayPal does allow deposits from a third-party bank.

MW

15:16

Mars Walkman

B

Bob 28.02.2025 14:22:43

hi, you talked about how pay pall works in America, is the approach the same in Europe or are there some nuances?

It turns out that our pay pall account is registered with the same data, and we will make a deposit from a third party card, right?

MW

18:59

Mars Walkman

Hello Everyone

19:00

What withdrawal methods are available from a PayPal balance? Let's go over them:

19:00

The simplest way is to withdraw to a card: just link a previously registered or purchased virtual/physical card to PayPal and withdraw.

19:00

https://prnt.sc/1qKwO4RBmjnI

19:00

https://prnt.sc/sce3IXfEzUJm

19:00

https://prnt.sc/fdSBpCysiIxO

19:00

Withdraw to a bank. To do this, either link it to PayPal via instant link or input the account and routing number, as we remember from previous lessons. It's not even necessary to confirm it with micro-deposits; PayPal will still allow the withdrawal, which typically arrives at the bank within 1-3 days, depending on the bank and the day of the week when you made the transfer.

19:00

https://prnt.sc/1qKwO4RBmjnI

19:00

https://prnt.sc/sce3IXfEzUJm

19:01

https://prnt.sc/SQunhzJsA8Av

19:01

If your PayPal account has completed the KYC process for crypto, it’s even simpler. Buy cryptocurrency, like Litecoin, click the exchange button, and transfer it to an external wallet. For this method, it’s recommended to have a rented phone number linked to your PayPal account, as PayPal often requires SMS confirmation for withdrawals. You can rent a number, for example, on a service like this

19:01

Send money to a friend on another self-registered account, or directly to cash-out services (they typically accept around 70%). I personally don’t use this method, as it results in a fairly low percentage compared to other options

19:01

Simply buy gift cards using your PayPal balance. It’s the easiest but also not the most efficient cash-out method

19:01

Send money via Xoom. This company is a subsidiary of PayPal and is used for international transfers. The minimum amount for sending is $10.25. To do this..

19:01

https://prnt.sc/1qKwO4RBmjnI

19:01

https://prnt.sc/Dkn2GsYN1lny

19:02

https://prnt.sc/Y2uuBxp8Plng

19:02

https://prnt.sc/lACVgd78BLEp

19:02

https://prnt.sc/md-k8tGkbKP3

19:02

https://prnt.sc/lFFaKD884OWT

19:02

Then, depending on where you intend to send the money, choose either a debit card deposit or bank deposit, enter all the recipient's details, and send.

19:02

This method allows us to send money to our recipient without attaching it to PayPal, and interestingly, we can send money from multiple PayPal accounts to the same recipient. Additionally, if PayPal's anti-fraud system often restricts our ability to withdraw funds using the previously described methods, it tends to be more lenient with Xoom and will always allow you to do so. However, keep in mind that Xoom has its own anti-fraud system

19:02

Order a check. Personally, I have never used this method, as it is too slow and cumbersome to work with.

19:02

And let's touch on credits in PayPal

19:02

PayPal has three types of credit:

19:02

1. Credit line https://www.paypal.com/credit-application/paypal-credit/da/us/landing?fromCape=true

19:03

2. Credit card https://www.paypal.com/us/digital-wallet/manage-money/paypal-cashback-mastercard

19:03

Business loan https://www.paypal.com/us/business/financial-services/business-loan

19:03

4. Installment plan https://www.paypal.com/us/digital-wallet/ways-to-pay/buy-now-pay-later

19:03

With the credit line, it's straightforward: we go to the PayPal website, preferably using an already registered and somewhat established account, and we try to obtain it. After a thorough review, we either get approved right away or are asked to upload documents. From my experience, in about 1 out of 3 cases, after uploading the documents, approval occurs, and the amount shows under our balance.

19:03

https://prnt.sc/W4mrg0GLd97_

19:03

How can we get this money? The main thing is not to make any sudden moves; let the account rest for a couple of days, and then the cashing out can only occur through purchasing something from your drops or through buyout services.

19:03

The credit card is more interesting. The application process is exactly the same as in the previous case, but in the end, we may receive an amount that can vary from $300 to $5000, depending on the credit rating of your full profile https://prnt.sc/es2qmbbgHcZC

19:03

But there is an important condition: we won't be able to withdraw the entire amount at once, but only a portion. For example, if we receive a credit card with a limit of $5000, we might only be able to withdraw $3500 until the physical card arrives at the address and is activated.

19:03

In contrast to the first case, here the process of cashing out is quite simple. The money is sent to another account using the send feature

19:03

Business Credit, commonly known as BML, is only available for PayPal business accounts. You can start by warming up a personal account and then convert it to a business account. After that, follow the link and try to obtain credit as in the first case. If everything goes well, you can cash out the funds through purchases.

19:04

https://prnt.sc/MFgvCaqubZDX

19:04

Lastly, the installment plan typically also requires a slightly warmed-up account. Its essence is simple: PayPal allows you to split a payment into 4 parts or pay monthly. It often requires linking a card, and less frequently a bank.

19:04

How to work with this: Suppose we were approved for an installment plan of 4 payments. We take a highly liquid digital or physical product, set up the installment plan, and link our self-registered virtual card, which should ideally have around 1/4 of the total amount we need to pay.

19:04

We buy the product, receive it, sell it, potentially taking a profit of around 50% from the product purchased this way. The same process works with monthly installment plans.

19:04

That's all for today

19:04

who completed the homework, please write down what you did and what difficulties you encountered.

3 March 2025

MW

16:22

Mars Walkman

next lesson tommorow 20:00 msk

P

19:03

Preacher

any Russian SMS verification website ?

MR

19:22

Mr Rain

Hi guys
Sorry had spamblock on my account, i'll try to send all lessons again today later

MW

20:53

Mars Walkman

textverifed,grrizzlysms

P

21:40

Preacher

In reply to this message

not Russian and expensive

4 March 2025

MW

12:31

Mars Walkman

In reply to this message

sms-activate

MW

18:19

Mars Walkman

Hello everyone.

18:19

Today, we'll touch on the topic of account warming again and working with limits

18:19

PayPal treats each store differently: fraud detection is heightened in some places, while in others it's minimized.

18:19

For example, sites like https://give.feedingamerica.org/ and similar donation platforms generally have a lower fraud score with PayPal. Transactions with banks or cards can often be made for relatively large amounts, even with minimal account activity.

18:19

This is useful because PayPal gets accustomed to your account. After a few successful transactions on sites like these, it’s quite possible that PayPal will then allow you to make purchases at stores of interest, make deposits from a card or bank, or even send funds.

18:19

There are two options for making a purchase with PayPal: a one-time purchase and a subscription

18:19

A subscription, as you understand, involves recurring payments. For this, PayPal generally requires a linked bank account or card. For a regular purchase, neither of these is needed if you have a balance.

18:19

Next, I'll share a bit about sending funds. Here's what I do: I go to https://randomwordgenerator.com/name.php
to generate a random American name and surname. I enter these in the PayPal search when sending, then select a random account that appears from the list

18:19

PayPal’s anti-fraud system tends to respond positively to actions like these

18:19

The next point: 99% of anti-detect browsers are garbage. And working from the main computer all the time doesn’t make sense—you’ll get detected, and all your accounts will be restricted.

18:19

I can recommend using smartphones instead.

18:20

The PayPal app has more extensive features such as mobile check deposits, payment acceptance via QR code, and several other functions

18:20

The conclusion is to keep some accounts in an anti-detect browser while maintaining others on mobile devices.

18:20

Now, let's go over the limits

18:20

You can get limited for anything, for example: repeating the same purchase day after day, or it may not limit you for that at all. How it imposes limits is almost always a big mystery...

18:20

Every time after the next mass limit occurs, I analyze which accounts were limited and based on what principle

18:21

Typically, to lift the block, they request documents, mainly a driver's license and a utility bill, but they may also ask for a bank or card statement. The set of documents can vary depending on what has happened with your account

18:21

It might seem simple: just prepare the documents, upload them to the resolution center, and wait...

18:21

But no, if you do nothing, your account will, in 99% of cases, drop into a 120-day hold the next day, meaning you won't see your money for more than 4 months, or maybe never at all

18:21

What should you do?

18:21

You need to call PayPal and try to act like a very clueless user!

18:21

In most cases, you should upload documents while on the call, asking questions like: "Where do I click?", "What should I upload?", "How do I upload it?", and "Oh, I'm getting an error...

18:21

You should annoy the support agent as much as possible so that they are eager to see your documents quickly, close the case, and never have to deal with you again.

18:21

You can also work with the support chat (think about how to force the bot to connect you with a support agent).

18:21

And a little more about the chat, specifically the support agents: whether in chat or on the phone, I highly recommend against working with Indians.

18:21

They are extremely lazy people, and it’s easier for them to lock your account in 120 than to try to understand the situation and help you.

18:22

If you see a name like Rajesh, immediately end the conversation/chat and start a new call or chat!

18:22

Questions?

5 March 2025

Class invited Nuck [offline]

6 March 2025

N

21:05

Nuck [offline]

In reply to this message

I was banned on telegram, Are you able to resend this to me?

L

21:19

LiteOFF

In reply to this message

y.

9 March 2025

MR

14:00

Mr Rain

#lesson (Introduction and security)

I'll mark every lesson with hashtag #lesson and so u always can find it here
also I'll add tag #useful to posts with useful links and contacts

So, our first lesson is about what is carding and about some important terms for our next work, then we'll talk about security
Also please ask any questions after lesson, so if anybody missed lesson he could read it and then read other questions and answers

There Is a delusion about carding that carding is very easy and very profitable, just like the money button
and it's not exactly, because carding is really profitable, but not so easy, it's real work, but just not legal

From the term "carding" I think you all understand that we'll work with cards, which doesn't belong to us
And maybe some of you worked with cards earlier, but if not, it's okay, we'll have training practice for beginners and also today we'll talk about some important terms

So let's Imagine that we bought a credit card and here is the example how it usually looks like:
4393598220284327|11\21|041|Somebodys Name|3109 Forest Drive|Washington|VA|20005|703-
871-1263

We've got there:
NAME: Somebodys Name
ADDRESS: 3109 Forest Drive
CITY: Washington
STATE: VA=Virginia
ZIP CODE: 20005
TEL. BILLING NUMBER: 703-871-1263
CARD NUMBER: 4393598220284327
CARD EXP DATE: 11\21
CVV CODE: 041

Also it can be in another format, but the point is the same
And sometimes there is Middle name in name, it's okay, we may not use it, because shops don't check it

Some cards beside this info can contain ssn and dob (social security number and date-of-birth) and rarely mmn (mother's maiden name), it can be useful in some cases such as enrolling cards or for additional verifications, we'll talk about that
And now let's take a look at the card number, there is a very important thing - BIN number
bin is the first 6 numbers in card for example 400395, it can give us a lot of information

At first, we can check emitent, it can be AmericanExpress, MasterCard, Visa, Discover and many other companies that we don't care cause they are unuseful for us (for example in Russia we have МИР and it's piece of shit, really, I don't recommend to use it for carding too)
We usually work with Visa and MasterCard because Discover processes payments slowly and Amex cards have fast chargebacks, it's not good for us

So, chargeback is when cardholder calls to his bank and says that his money was stolen from card and after that bank calls to shop and says the same shit and after this shop usually cancels our orders and we don't get our money
Amex and Discover have fast chargebacks so we usually don't work with them

We may use bindb.com or bins.su to check info about bin, and it's really easy to differ companies which made card by bin:
-CC's that start with number 3 such as 3xxx-xxxx-xxxx-xxxx are AMEX
-CC's that start with number 4 such as 4xxx-xxxx-xxxx-xxxx are VISA
-CC's that start with number 5 such as 5xxx-xxxx-xxxx-xxxx are Mastercard
-CC's that start with number 6 such as 6xxx-xxxx-xxxx-xxxx are Discover

To get payments shops usually have payment system. Also some payment systems can be e-commerce platform too, I mean beside getting payments they can process orders and hassle shop's manager if something is wrong with our card or ip address, or browser and so on

BUT
Sometimes there are exceptions, which we'll talk about
Especially in Asian shops

Also there is antifraud system beside payment system, it's not the same, but they are usually used together, we'll talk about antifraud, it's very important thing in carding

Using checkers such as bins.su we also can check what bank issued out the card (Bank-emitent), what is it's level and type
So, Card can be of two types - debit and credit, and also it has a lot of levels (and debit with overdraft sometimes)

14:00

debit card resembles the credit card by the method of using, but it realizes direct buyer account debiting at the moment of the payment. And credit card has credit limit so we can spend additional money, it depends on the size of the credit limit
this size depends on card level. There are a lot of levels - classic, standard, prepaid, platinum, gold, premium, premier and so on

You don't really need to know about each level for now but I recommend not to use debit classic, debit electron, debit standard and debit prepaid, because almost always they have about 100$-150$, it's not worth our time
Also there are such levels as business, world, reward etc
I recommend not to use it when it's possible
It can have additional restrictions

And some useful things for our next work
our team have main board — carder.market
here u can find useful contacts and vendors
but always check if it's trusted and if admin checked it and verify contact in personal message on forum

And now let's talk about security etc
So, we should differ privacy from security and also from pretending to be a holder, first of all privacy ≠ anonimity ≠ security, all of them have differences

Privacy is when anyone can find out who you are in internet but "they" don't know what are you doing here
Security is just when it doesn't matter if anybody knows who you are and what do you do, but it's secure, because can't be watched

When we do something not really legal like carding, we need privacy and anonimity and security as well and it's not so hard to set it up and keep
First of all when we surf some darknet sites and just not legal sites as carder.market, home provider can see our dns-requests and direct IP requests

DNS is system which connect domain and server
So any website is stored on server, but it has domain to connect to it
So when we put google.com for example to address bar dns system search dns-record for google.com, then give us the server's IP
So providers can see it and it's too suspicious when we surf any illegal sites
Also they can use DPI, but i'll show how to bypass it

Also sometimes you can read about changing Mac address
But it's senseless
Because mac address is local network identificator

We must keep our sites in secret from other people especially from home internet provider as well as our internet traffic, and so we may use vpn or tor
we can use TOR or I2P for surfing forums. It's a good way to keep privacy and anonimity, by the way you can use tor browser as well as tor proxy

If you want to use tor proxy, just start tor and put 127.0.0.1:9050 as socks-proxy in your any program or any browser, for example you can use it for your wallets

Also I recommend to use personal vpn and we'll make our own VPN on the first practice. I really not recommend to use any VPN services. They can log us. It's absolutely not safe, so it's better to make own VPN without logs

The next important point is payments
First of all, obviously, never pay for any dark services with your own card or PayPal, pay using crypto

Secondly, never use Binance or other services like that
It requires kyc and they control your money, also they send your info to police without any doubts
I recommend to use exodus or trustee or any other free wallets with no kyc
And changelly or changenow for money exchange

Also it's better not to use usdt, because it's observed by CIA
Monero is the very best crypto if we talk about anonymity

The next very important thing - security of our own data and how to keep it
So let's imagine that all of our data keep on our hard-disk unencrypted and some script kiddy schoolboy hacks us and get it
It's really bad cause after that he can blackmail us. also guys from police can do the same in fact

So, we need to protect our personal data, the best way is to encrypt it, I mean not all data but just tutorials, any files with bins, ccs and other work stuff

14:00

But before it let's talk some about OS
Windows is insecure, it's a fact
The best way is to use Linux systems, there are a lot of it:
Home systems such as Ubuntu, Debian, Fedora etc
Strongly secure systems: Qubes, Whonix
and many others

Sorry guys, lost my internet connection
let's continue

It's not necessary for now, but If you'll want to start learning Linux, I recommend to try Ubuntu on virtualbox at first, it looks like windows and it's pretty easy for new users, or debian, or fedora
And there is one big problem in linux systems — some tools don't work there correctly
For example some antidetects, in that case I recommend to use it on Windows VM or just on other PC with Windows

And for encryption i recommend to use VeraCrypt (https://www.veracrypt.fr/) for this purpose because it's strong and easy to use
It can create a small disk partition just in file and after that you can mount it and save your files to this partition and also it can make hidden partition, nobody can prove that it even exists because it's really hidden under the first encrypted partition

Another thing is fingerprinting. Today almost each modern site has fingerprinting system, it collects information about your browser type and version, as well as your operating system, active plugins, timezone, language, screen resolution and various other active settings

So we should use browsers which can prevent it, there are many antidetect-browsers, we'll talk about it on next lessons when we'll talk about how to be disguised as holder, but there is newest version of Mozilla, which also can prevent fingerpring leakage. I strongly recommend to use it as well as vpn to surf websites

Also there is free version on dolphin, it can be used for personal security , and we'll use it on training practice (BUT I don't recommend to use it for carding usually)

That's all for today, feel free to ask any questions
We'll have practice with setting up VPN tomorrow, I'll send homework soon

First homework for you is to buy server and download tools:
You need these tools to connect to server from windows

#useful_info
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

and Servers

https://www.vps.ag/
https://csrdp.host (best)
https://yourserver.se (the best)
https://itldc.com (the best)

I recommend to buy server with the last version of Ubuntu or Debian without RDP installed on it

N

14:01

Nuck [offline]

In reply to this message

Regarding the browser, is Firefox still what you recommend after the latest news about it.

Can we use Linken Sphere?

MR

14:02

Mr Rain

#lesson (Antifraud)

So, antifraud is the system which checks different parameters in our browser and connection and then add fraud scores if it find something strange and often it causes to decline our payment

Beside that, of course, every time when we card, we need to be like a holder
because otherwise bank-emitent, merchant and af-system just decline our payment

So we can't use only VPN or Tor when card some stuff
VPN and tor are just for privacy and personal security, but when we card, we need to use something that can make our connection and it's location closer to holder billing address and also it must be clear

So we can use:
- SOCKS
- SSH-tunnels
- Home dedicated servers (RDP or VNC)
- OpenVPN home configs

Socks is stable and fast way to connect to other server and use it's ip for hide us and mask us as holder, but It can die very fast

Ssh tunnel is connection when we connect to server and then proxify our system
So when we buy ssh-tunnels we connect to home servers, after that we can proxify our traffic and use ssh as the way to mask our connection

Dedicated servers are real home PCs which we can use for carding but often it has dirty IP, it's not good because we'll get additional fraud scores
It can be used via RDP protocol or VNC

And home OpenVPN config is when somebody set up vpn on home router in USA or in other country, then we can use such VPNs for carding because it has pretty clean ip
it's nice way but sometimes it's difficult to buy such configs
IT'S NOT THE SAME AS VPN ON VPS

Always check contacts of sellers on forums, it's better to always use only trusted services, and there a lot of it on carder.market

And now let's talk about one of the most important thing in carding
After we buy any of these things (SSH or Socks or Dedic) we need to check some very important things and check it's clearance

So at first - black lists
Let's check our current connection, it's safe, just for example, just imagine that we connect to ssh or socks
so, go to https://dnschecker.org/ip-blacklist-checker.php and let's check if our IP is in black list just for example (we don't need to check it later, just for example now, the same thing we always do with socks or ssh or rdp before carding some stuff)

If ip for carding (not vpn) has more than 2 blacklists then it's not good
so it should have 2-3 black lists max and If more then we usually have to buy another ssh or socks

After that we always need to check score here http://getipintel.net/free-proxy-vpn-tor-ip-lookup/

If it's more than 0.6-0.7 then we should change ssh or socks to another and check it
so if our ip (of our SSH or Socks) is in more than 2-3 black lists or it's score more than 0.6-0.7, then we have to buy another one

After that we should sign up here https://www.ipqualityscore.com
Then we should go there https://www.ipqualityscore.com/user/proxy-detection-api/lookup and check our ip using 2nd method

So here we need to check:
Proxy/VPN Detection: ___
VPN: ___
TOR: ___
Fraud Score ___

The first three should be False, it's important
Fraud Score should be less than 65-70, 70+ is really bad because antifraud mark it as fraud IP

Also there are two bots @ipscorebot @zpcny_bot
They also can check it
Also they can check ASN, it's pretty important thing for large shops

So, ASN is an ID of group of IP addreses
Some companies thought that it's too difficult to check IPs and they decided to group it and give a number to each of groups, so if this group in black list, then all IPs in black list
They also can check ipqualityscore but not good, so we need it firstly for checking asn, don't use it instead of other checkers

So we always should check our IP using these checkers
That's all for today, feel free to ask any questions

For proxy I recommend:
https://piaproxy.com
https://www.mangoproxy.com/
tisocks.net

That's all for today

14:03

In reply to this message

Firefox is okay for personal usage
But for personal usage you also can use brave for example
For carding antidetect browser is always better



N

14:03

#lesson (Carding basics)

So, when we gonna card something we buy ssh or socks first, before buying card and we buy card just before the payment, so in that case we'll be able to refund it if it's dead, the best way is to get ssh just near the holder, but if we have not such ssh we can use with the same city or the same state

So let's imagine how holder usually buy something online

1. He just open any shop
2. Chose some stuff
3. Then he use his billing address and shipping address
4. Then he enters card's details and makes a payment

So he can easily do it and he doesn't care about his IP address or other things, but we must think about many things before making payment, because holder has real setup, but we just try to mask as holder

At first before we buy CCs we need to find SOCKS or SSH with ip near the billing address
Then we should check if it's pretty clean using checkers and then we should get some cookies
because holder has cookies in his browser so any shop will see that he is an active user а

And so when we gonna card we have to collect some cookies too, so we can just surf some news or shops and then open the shop which we wanna use

After we get cookies and go to shop we just choose some stuff and then when we gonna use shipping we must consider very important thing which is in most shops in USA - AVS. Its Address Verification System

AVS can check only numbers but if shop has this system (most of USA shops has it) then we must enter real billing address of card holder or we'll get decline, for example if address is 1212 Street Road, it'll check only 1212 and so, there are some another things that u should know

At first we can card some "not liquid" stuff such as blenders, hunting stuff etc, not large shops may ship it even if shipping address isn't the same as billing
or we can try to find shops without AVS and use it, but it's really difficult in USA (we'll talk about EU and Asian shops later, on next lessons)

So
Also we can use CCs of countries which don't have AVS, but many shops can see it when process order and it would raise questions, so it's good way but just for not large shops with "non-liquid" stuff
"Liquid" it's stuff which is easy to sell, iphones, mac and other electronics
"Non liquid" are blenders, hunting stuff etc

Regarding liquid stuff, we can use Enroll, or such ways of carding as pickup and redirect, we'll talk about it later on lessons
And now let's talk about where to buy CCs and how to choose the right CC

There are many cc shops and I recommend to use only trusted vendors, because besides good shops there are resellers and other scam, especially sometimes a lot of resellers appear on forums

At all times carders sometimes have troubles with quality of ccs and if anybody says that his shop has 100% validity, just know that it's bullshit

Some shops have not much filters, just base, bin, type

These filters are really not enough because we can't choose types of levels for example, but it helps to save some good ccs for those who search by bins

So I recommend to collect your personal notes and write any bins that you'll buy and use
but let's imagine that we don't know any bins but we really need to buy good ccs
In that case we should go to bins.su and find there some bins and then search by them in shop for example

Other shops have more filters, you can choose level and type there
But if you'll choose cards only by level and type, it's not the right way, because there are banks which I strongly recommend not to use

I recommend not to use these banks:
1. JP Morgan Chase
2. Bank of America
3. Citi Bank
4. Wells Fargo
5. US Bancorp
6. HSBC North America Holdings
8. PNC
9. Capital One
10. TD Bank US
11. BBDT
12. Barclays
13. Suntrust

They have strong antifraud system

14:04

#useful

Antidetects are browsers which allow to spoof fingerprints and hardware

Two main antidetects are linken sphere and multilogin

multilogin.com и ls.app (coupon for linken LS_YL59CEPDL2PF)

All info about setting up is in documentation on ls.app

So I just give some recommendations

1. Configshop

It's linken's feature, there are many opinions about if it's useful. Some people think that it decides any problems, some people think that it's useless. So use it if you don't want to set up antidetect features and want to use ready option.

Configshop is available only for pro subscription.

Also pro subscribers may use useragent-shops, but it's bullshit, because all useragents are in public access:https://www.myip.ms/browse/comp_browseragents/ http://www.useragentstring.com/pages/useragentstring.php

Then take a look at the main session window

It's about sessions
One carding session - one settings set

1. Connection

It supports all common ways: socks, ssh, tor+socks
U don't need additional tools, just put socks or ssh data in field and then it will be checked and connected

Take care about webrtc, it can compromised u, antidetect can spoof it automatically

Also antidetects can change timezone regarding local IP.

2. WebGL
You may change it or not, it's not necessary, but if you change it, take care that it's realistic combos (don't use for example Nvidia vendor and AMD model)
.

3. Fingerprints, the most important thing

I recommend to:
- Block pop-up
- Change canvas or use original (don't block it) *
- Spoof audiofingerprint
- Spoof plugins (for example u may use common holder's plugins as adblock)

I marked point with canvas because there is an important thing. IT MUSTN'T BE TOTALLY UNIQUE.

If after changing you check there https://browserleaks.com/canvas and see that it's 100% unique then switch off spoofing and use original canvas

Multilogin and Che has the same features, but it spoofs canvas better. Also u may take it for team.

After creating session check it here:
https://browserleaks.com/canvas (CANVAS MUST NOT BE UNIQUE)
https://pixelscan.net/
https://amiunique.org/fp (IT'S BETTER TO BE UNIQUE)

And there is some useful feature paste like a human

Never copypaste any data when u fill in address or cc in order page, but u may copypaste it when using paste-like-a-human module.

And I recommend to use webemulator of browser to get cookies from any site u put there

Also besides sphere I recommend multilogin, che, octo

Che especially good for start

14:04

Mr Rain:
#lesson (Drops and pickup)

These are two advanced methods in carding as well as enroll, which we'll talk about and it allows us to ship liquid stuff and deal with antifraud

The first one is pickup — pickup is when we make an order on cardholders address, then we hold it on local carrier station and then drop with fake ID go there and pick up our package and after that we get money from pickup-service for stuff

So if order will have cardholder's addresses, name and phone number in all fields, shops should ship your stuff more easy because it looks less fraudulent

Also it solves the problem with AVS system, because our billing address matches with the ones in bank file because we put cardholder's real address as billing

When we want to use pickup, we:
1. Ship package
2. Hold package on local carrier
3. Text pickup service
4. Get money
So at first we should find Pickup-service, there are many such services on carding forums.

So
All pickup services including this one has list of stuff that they want to get and also pickup-zone map

Pickup-zone is very important because pickup-service can get the package only in that zone, so when we want to work with them we'll check zone and look for CCs with ZIPs in this zone

Also there are blacklisted zips, you can see it on map, we mustn't ship anything to these zips because pickup-service will not be able to get it

So when we look for CCs we should take only CCs with zip in pickup zone, then after package are shipped we text any call-service (u can find them on forums) and ask them to call to the post-office and hold the package until holder gets it and then drop takes it and we get our money

Usually there are 3 methods of work with drop and pickup services

1 - 50/50 (not really often)
2 - stuff for % (in most cases)
3 - reshipping (sometimes)

So, 50\50 is when we ship two items, for example
pickup-service gets one on them and the second reships to us

When we get cc, we may check (it's optional) all the information about cardholder using BG services like instantcheckmate.com - just take any cc and pay for subscribtion there (30$) and u can have background reports with actual addresses, phone numbers, emails etc, it may help if we buy CC with wrong billing

So, if we use big popular shop for pickup-carding I recommend to put cardholders phone number (the oldest one from background report just not to let shop gave a call to him, but this phone will be on file and it's okay for shop) and e-mail address which cc shop gave u with cc (when we get to checkout just spam it via flooding services)
and also for smaller shops you may use google voice number instead of cardholder's one

And when we card little shops we can put google voice number for example instead of real one

After checkout and successful order sometimes we may call to shop and get order info, because some shops usually calls us so we may call them first, usually some shops call to verify the order, but sometimes they may ask additional info about cardholder which we can get from BG, but it's not often, if everything is allright - you will have tracking number on the next day or later

VERY IMPORTANT THING:
We can use only UPS and FEDEX for pickup, packages of other delivery services can't be holded

When we get tracking number we should check it and wait untill it will be at last post office, after that we text to call-service and ask it to call and to hold our package
After that we send data about order to pickup-service and wait when they get it

When we work with regular drop-service, not with pickup-service, we can work in three ways:
ship non-liquid stuff to drop,
change billing address to drop's one and send bill=ship (using enroll)
and use rerouting

Drop-service also has list of stuff which they can get and which they can buy and pay us, so we check this list and then send stuff to the drop

14:04

The process is the same
we need browser, CC and SSH or socks and also we should use UPS, FEDEX and sometimes we may reroute DHL

So we also ship to holder's address and then when we get tracking number we should wait and after one or two days (DON'T USE FAST DELIVERY) we should give the info to call service and try to redirect package to drop's address (we should get it before, in drop-service)

#useful_info

You can use for rerouting these call-services for example:
@fbi_call
@Nika_Nikola

Also you can find another callers on forums

That's all for today
Feel free to ask any questions

14:05

#lesson (Gifts and Enrollment)

Let's start about gifts
There are two types of gifts — plastic cards and electronic gifts
First of all gifts are not good way to start in carding, because it has very strong antifraud in most of the shops

So, plastic gift card is not so useful for us because it's not easy to use it after we card it, because it's delivered too long and we need drop which can get it and use in store

So carders usually buy e-gifts, it looks like mix of numbers and letters, or sometimes it's virtual e-gift card number and then we can put this code in online store while checkout and make a purchase on its balance amount

it solves some problems which we have when paying just with CCs
Because at first we don't care about AVS using egifts, because it has no billing address when we use it for buying something

Also antifraud is less patient when we pay using e-gift, because we use only this way or purchase and so it doesn't check more, but unfortunately it's more strong when we buy e-gift itself, because banks and shops understand that gift is good stuff for carders

So we can cashout e-gift card using any billing and shipping address (including international if shop has delivery to other countries)

E-gifts can be mentioned in different ways in shops, usually they are called E-Gift, E-Voucher or E-Code
Just for example let's go to talbots.com and scroll down, there will be Gift Cards button, then we should click on it and choose E-Gift Card

So here you can see fields for: gift amount, reciever’s email addres, gift message and his name and the same for holder
it's typical for egifts

Some online stores send e-gifts instantly but its not easy to find such stores, so talbots send e-gift instant but it's not so clear because we really get it instantly but when we use it our order may go to additional processing

There are some tricks when we card e-gifts
at first I recommend to use different email-domains for sender and receiver of gift
for example gmail.com for sender and yahoo.com for receiver
also u can use hotmail and yahoo, not only gmail

There are three types of shops with e-gifts
1. Which send gift instantly and we can use this Immediately
2. Which send gift instantly but then process it
3. Which send it after processing (2-3 working days)

to find out it we should pay in shop and check how fast it send us e-gift, so we can't check it before

It's better to card 2 and 3 type using debit cards
and first type using any cards
shop will process debit payment faster

When we buy gifts using CC I recommend to use IP as closer as possible to holder's ZIP and antidetect browser

So, also there are very hard shops such as Victoria Secret, they check real holder's number and call him, so it can be carded only with enroll with phone number changing

Also we can put the same last name for sender and receiver
for example sender John Smith and receiver Ann Smith or use for example Smiths Family as sender or James&Ann

What about e-gift message, you should think about it and try to write good message because its really important for shop's manager which will process the order
we can write it due the shop stuff, like if there is brand things like Gucci or LV we can do it like:
"Yo bro, there is a present for u so u can buy some good stuff here u see. Love u and see u in Atlanta next week in good stuff on u bro.
Best regards,
Kevin."

It can be holded while payment for egift is being processed and as for e-gift cashout, when we get it we may ship stuff from shop using receiver's email and address or try to sell it to somebody in forums
also dont cashout egift card instantly when it gets to email, wait for couple hours

There are:
1. Big shops
2. Shops which aggregate a lot of gifts
3. Monobrands

so the best way is third type

It's small shops
It's easy to card but not so easy to sell to anybody
So such gifts are usually used for buying something to yourself

14:05

And let's talk about enrollment, in carding 'enroll' is access to online banking = online access to credit card account, I think all of you have something like that, most banks offer this when you get your card in any country

Such account is really great thing in carding, especially when we card in usa, because usa banks have very useful features which we can have using enroll

But not all cards can be enrolled, it depends on bins and banks, in most cases we can't enroll debit cards, so usually we use credit cards, but also not all credit cards can be enrolled

Features which we can have using online access also depend on bank, there can be many different features and the main are:

1. At first we can know available credit limit, so using this info we can plan how much we can spend using this card
all of the banks show us available balance in account when we enroll the card, it's really useful

2. The main feature is that we can change credit card billing address, not all banks enable it in online account, so using some banks we can't change it or have to call to bank to do it

So changing billing is most useful thing in online banking so when you find bin where you can change or add additional billing address I strongly recommend to write it to your notes and use for big payments

3. Also many banks allow to check minideposits
Minideposits are one or two deposits less than 1$ that shop can take from card when we pay to verify that it's using by holder, the point is that we'll check the exact amount of deposits in transactions history and send this info to shop, after that they approve our order, also some services can use verification by minideposits when we add card to it

4. Some banks allow to change 3ds code in online account and it's very useful

5. Some banks also allow to switch off region lock. Region lock is when we can't use card for international payments, sometimes USA cards have this feature and in that case we can't use it in EU or Asia

6. Also there is award system in some banks, like travel points or something like that which we can spend on avia tickets, e-gifts etc

So, well, how to enroll cc, imagine that we have no bins that we know exactly can be enrolled, I'll give you some after lesson
We just need CC, in such cases you can use CC that you already pay by, just to check what info card needs to be enrolled and if it can be enrolled

We take such CC and go to bank's site and look for something like Sign Up\ Enroll and then check what info is reqiured
We need bank which requires only SSN and DOB for enroll
not mmn, primary bank account number or things like that - only credit card info and ssn+dob

I recommend to use credit cards with level higher than classic for this, because debits usually can't be enrolled so when we find such bank and bin we go to a bank’s homepage, click sign up and fill In all the fields with needed info (SSN, DOB and CC's info)

After we entered info we click continue and if there is a message that ur card already enrolled - click Forgot Login and Password and make a reroll with setting up a new login info, else everything will be okay and you just set up login for enroll and password

While doing all of this I recommend to flood holder's email in case when holder gave his email to bank, they can send him a message that "Congratulations with you enrollment and something like that
Also enroll may have alerts, like e-mail alert for transactions, address change or something else and we have to switch it off after signing up, not all alerts, but alerts which can really disturb us
for example if there is alert when u spend more than 100$ then I recommend to switch it off

#useful

Flooding services:

https://t.me/eValidator
https://flood-studio.com/login.php

Enroll bins for example:

470105 — https://onlinebanking.hiway.org/HiwayFederalCreditUnionOnline_E2E/enroll.html
411325 — https://onlinebanking.hiway.org/HiwayFederalCreditUnionOnline_E2E/enroll.html

Feel free to ask any questions if you have, that's all for today

14:05

#lesson (Shops)

Let's talk about one of the most important thing — how to find cardable shops and analyze it before hit

At first we should grab shops and then check if it can be pretty easy cardable and then we can think how we can card it, so, there are two main ways to grab shops

First one is the most common and effective way, it's how holders usually look for shops

Holders usually using google when looking for shops so we also can use it but in special way
at first, when holder usually looks for shops he use something like "buy iphone" and the problem is that google use keywords and so for this request it gives us too popular and huge shops such as amazon ebay etc, and so it's not the best search request for us and so we usually use google SEO-operators
So, you can get operators here for example https://moz.com/learn/seo/search-operators

Holders usually don't even think about how to make their search request better and more correct, but we need really correct request so unlike holders, we use these seo operators to make our search request more clear and useful

For example good search request may look like buy+iphone+256gb+gold intext: "cart"

here "+" means that all words should be included in results and "intext: cart" means that all sites in the result should contain the word cart (there is cart in almost all shops)

The second way of using searchers is to use SEO tools which parse results of Google
for example A-Parser or Selka or Butterfly or any other SEO-parser

They grab the results using keywords and give it to us, it's easier and faster but often they grab a lot of shit and sites which are not needed, so after that we need to sort this
also parsers need anti-captcha module for google, in other case it would not be able to collect pages

Also I recommend to use Ip of the same country which u want to find shop in for example US IP for finding US shops

The third way of working with searchers is to use another searchers without personalization such as duckduckgo.com
they have different results than google for example
Or AI searchers, they are developing fastly

Also there are two another ways to get shops:
1. Amazon and Ebay sellers
2. Reseller tops and forums

There are personal sellers on Amazon and Ebay beside of official companies which sell their stuff using amazon and ebay
I mean almost every product on Amazon or Ebay has "buy used & new" options, so some of these sellers may have shops so we just google their nickname and find it if they have shops and what about reseller tops, it's site like resellerratings.com which contains info about many different shops

We can check it there or use special forums such as hunting forums or something like that, social networks for example
users of these forums usually discuss any new shops so we can use it too

Also regarding shops with gifts we can use dorks, it's part of search request query
for example some ecommerce platforms with gifts which send it instantly have typical structure of links and page where we place order has URL www.site.com/giftcertificates.php (for example http://bqshopestore.com/giftcertificates.php), so we can search using inurl:giftcertificates.php

As u can see, it's not hard to find shops
BUT the main point is to find cardable shops

So when we find any shop we should check:
1. How popular is it?
2. Do many carders do use it?
3. It's merchant (optional)

To check how popular is it we should check alexa rank, it's closed, but so there is a better way — similarweb.com rank

- shops with rank higher than 1 million usually ship easier and don't ask us a lot of questions, don't care about documents and different billing and shipping addresses

- shops with rank lower than 150 000 are usually more difficult to be carded, we usually use brute or logs for it, we'll talk about it on last lesson

- shops with rank about 200 000 - 500 000 are usually not so difficult to be carded using pickup or rerouting

14:05

And also we should try to check if many carders use our shop, so we can go to google and enter something like "ourshop.com+carding" to check if any carding boards have mentions of this shop

And what about merchant
it's not such important as earlier but there are some REAL FUCKING SHITTY MERCHANTS which I don't recommend to work with
they are:
WolrdPay
Shopify (sometimes it's easy to pay with but in most cases it's piece of shit)
Paypal
Stripe
Skrill

Merchant sometimes can be checked here builtwith.com in e-commerce field
homework:
Find 5-7 shops and then we'll work on mistakes
that's all for today

14:06

#lesson (Eu and Asia)

Today let's talk about carding in eu and asian shops, in some ways it's differ from carding in usa so let's talk about difference, positive and negative

At first let's talk about Europe and UK
almost all shops in EU and their payment systems don't use AVS-system and it's very useful for us because we don't have to care about matching billing address when card such shops

So we can card bil=ship, but in UK 70-80% of shops have AVS so if we work with UK I recommend to use holder's billing and another shipping, after that shop's manager can ask us for additional verification such as id or card photo
In that case we can use special services which make such documents in Photoshop for us

And then we send it to shop via email, it's good way, because many shops process your order without any problems if they get these documents
btw many UK merchants such as SagePay don't bother shop's manager if payment was enough clear, so the point is to make manager think that our order is clear in cases when billing and shipping are not the same, and documents can help us with it
Also there is good feature while working in EU and UK shops — they almost never call us

So if they have any questions they usually text us via email and ask for documents and etc, it's useful because we don't have to buy google voice or something like this, and so we can just enter any phone number and they will not call it and check if it's real
But rarely shops may call, we can't find it out before work with it, so I recommend to note such shops

Also EU shops often ship outside of EU, USA don't like it but EU shops are more loyal to international shippings, but beside of positive sides there are some problems with carding in EU and let's talk about these problems and at first - 3Ds system

The main point of 3Ds is that the issuing bank prompts the buyer for a password that is known only to the bank and the buyer. Since the merchant (payment system) does not know this password and is not responsible for capturing it, it can be used by the issuing bank as evidence that the buyer is indeed this cardholder

It helps shops with chargebacks problems because if payment system which uses 3Ds get fraud payment, shop has not to make a chargeback because it's not fault of the shop, but if shop doesn't use 3Ds it must get back money if payment was not legal
So Visa has Verified by Visa (VBV)
MasterCard has MasterCard Secure Code (MCSC)
Amex has American SafeKey
these are different ways to implement 3ds

It depends on bank how will this system work:
It can be
1. Persistent code
2. OTP
3. Special code in mobile banking app

in the first case, it's just a word that holder set for his card, it is permanent, so in some shops we can buy a card with this code, sometimes people sell it, but I don't really recommend to buy such cards because it can be scam.
so if you really trust to seller who sell something like that you can buy it of course
we usually see permanent password on US card
And also there are special bins, and on card of such bins we sometimes can reset this code and set our own, but not often

And OTP is One-Time Password, holders usually get in via sms, EU, Asia and Russia usually use OTP
it's more difficult for us to work with such cards but there are services which can intercept sms on some areas using ss7 vulnerabilities, it's very expensive and in most cases it doesn't worth it, also there are services such as ispoof
and some banks send these password only in Apps, this is really hard to work with

And so, the easiest way is to work with the first type (permanent password), there are many card in cc-shops with bins which has code-resetting, but in European countries the OTP is usually used. so almost always we can work with permanent codes only with usa cards

But US holders can already set the code up if they used EU shops

In that case we can't work even with such type of cards
Also using OTP bots is an option, but there are a lot of scam, be careful

14:06

The second important thing is if payments system has not switch on 3ds system, we'll be able to use almost any BINs because it will not check it
I say bins instead of cards because If one card with the bin has no 3ds then any cards with that bin has no 3ds

So we can face 3 type of cases:
1. Shop has 3ds and BIN has not 3ds
2. Shop has not 3ds and BIN has or has not 3Ds
3. Shop has 3ds and BIN has 3ds too

If shop uses 3ds and bin uses it then when we pay in this shop merchant ask us the password
In this case we can use bins with 3ds-code reset or card with known password

if shop doesn't use 3Ds so we don't care about bins because merchant will not even ask us the code
if shop has 3Ds and bin has not 3ds-security then we can face some problems
For example some EU-shops will not process payments without 3ds and when we try to buy something with such bin we'll get decline and "sorry but your payment can't be processed and so on and so on..."

So before pay in EU-shop with 3ds with card without 3ds we need to check if it can process such payments. We can read it in it's payment policy or just test it with such cardSo before pay in EU-shop with 3ds with card without 3ds we need to check if it can process such payments. We can read it in it's payment policy or just test it with such card

And what about bins with 3ds reset, we can buy such bins from sellers but the best way is to check it on our own, we can take card which we already used, even if it's dead, and try to pay in shop with 3ds, for example we can test it in Hobbyking.com (just for example, shitty shop with WorldPay merchant)
If (even dead) card has 3ds, Worldpay ask us the password and so we'll be able to see if we can reset it on this bin, and if we'll get decline, in most cases it means that this bin has not 3ds

And there is VERY important thing that u should remember while carding something in EU shops
DON'T use CCs of country which you gonna ship to, for example let's imagine that you have drop in Germany
so when you'll ship something to his address DON'T use German cards, because cops will get him fast after they get info about this order

Also there is some bad thing - manual checking
some large international eu shops as Asos for example can check and verify address manually
In that case I recommend to use real billing and different shipping and then make documents when they ask for it
And regarding asian
Their shops have some features which also differ they from USA shops, at first they don't have AVS
so AVS is not a problem for us when we work with asian shops, also they have 3ds as Europe but not so many shops have it, about 50-60%, some shops use 3Ds logo but in fact don't use this system

Small asian shops has manual processing of payments and it works in this way:
we go to shop, enter to payment form info such as billing and card info and then shop's manager process it by himself with holder's bank

Such payment will be zero-fraudulent but it also has problems, because we'll not know if card was alive or dead and also manager can check real billing address in this way so it's not good way to card bil=ship

That's all for today

#lesson (Brute and logs)

It's very important lesson about stuff carding and from the next week u'll have lessons about Bank Accounts with different lecturer, after we finish classes about CC, text me about any questions at any time, i'll be in touch

Brute accounts are holder's accounts in shops or on other websites, which were hacked using bruteforce
We can buy it from vendors or use bruteforce-tools and get such accounts
when we buy it we usually get something like this:
mmm@mm.com : password

Usually hackers use checker-tools after bruteforcing so also we usually get some additional info after buying accounts
for example if it's account of some shop we may get info about balance or about any CCs were saved in acc

So we can classify accounts on:
1. Shop accounts
2. Bank Account
3. Accounts with some digital stuff or miles or any points

14:06

If there are CCs in shop account it can remember CVV code or not, if not then such account is almost useless
but if it remembers CVV code then we can ship something using just this account (so we don't need to buy CC in this case) with it's CC

Some shops reset CVV code after we change shipping address, if it doesn't reset the code then we may ship to any shipping address
if shop resets CVV code, we can ship to holder and then pickup it or reroute

Also if account has balance then we can use it but usually nobody sells such accounts so we can get it only if bruteforce shops by ourselves, so as u can see shop accounts can be used for carding some stuff

Bank accounts are usually used for linking to PayPal and for sending cash to special services, and accounts with digital stuff can be used for pay for something, for example miles can be used for paying for tickets or hotels, or points can be used for paying for food or some stuff

There are some problems with using brute-accounts, at first we don't have cookies and shop sees that we just sign in to accounts using clear browser

So we have some ways to deal with it
at first i recommend not to use brute-account just after first time signing in, use it for surfing shop and it's stuff during 5-7 days, and in this way you'll get cookies in this shop and maybe in that case shop will trust u

Also you can use Android App if shop has it, in this way you need to download edxposed Framework and tools such as Xprivacy, Root Cloak, Device Id Changer Pro and change fingerprints on Android
Or IPhone

Also besides brute accounts there are logs, logs also contain hacked accounts, but it's hacked using stealer instead of bruteforcing
And so it contains more information
First of all when we buy logs we have cookies of holder and info about his hardware and system, and his IP of course

So we can set up our antidetect browser with these features and mask as holder in best way
Also we can import holder's cookies to our antidetect, it helps us to mask as holder

Secondly, we usually have access to holder's email

Depends on log, but usually it has google token or other mail's cookies

When we buy log we usually get txt-file with info and with passwords and logins of holder

Sometimes people sell log itself, in this case it contains a lot of accounts, all data which were got from holder's browser, and sometimes they sell only one service accounts

The process of payment is the same, but we don't need CC. so we import cookies, set up our browser in the same way as holder, and then sign in to account and pay

In most cases shops don't allow to change shipping address
So we can use pickup, but don't forget to clean mails from shop on holder's mail, usually logs give access

Of course the main usage of logs is bank logs
So the next lessons will be about it

Also you can find fresh services on carder.market

Feel free to ask any questions

18 March 2025

B

16:15

Bob

Click to expand...

you should add from which forum is this training from