CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 673
- Points
- 83
Hi hackers and carders, I hope everyone did their homework. Today I will tell you a few features of the anti-fraud system. You can read what antifraud is above, I already wrote about it. You need to bypass antifraud for driving. I think that many are familiar at least a little with carding, because 80% of you are subscribed to my second channel dedicated to carding.
Introduction:
Imagine some Michael from the USA who wants to pay for an iPhone. He enters a shop, sees payment through a PP, registers an account and pays. Michael does not track his self-registration, does not swing with purchases of tea and other offal, he comes in and pays. Michael does not need to gain the trust of the PP, read entire threads on the forums before buying something for himself. So how do we seem to be Michael and not Boris in the eyes of an antifraud.
1) Ports
Imagine that you are an anti-fraud. Sit and look at the orders and here someone wants to buy from you who have 80,443,3389,22 ports open. Just looking at these ports it is already clear what this person is up to. After all, Michael would not pay from Dedicated Servers, tunnels, socks, proxies.
Solution: we use the Dedicated Server, on which we configure the firewall or on the tunnel we raise the firewall
2) Two-way ping and belonging to a hosting provider
Two-way ping detects tunnels, vpn, sox by ping and time difference received in the loop
Solution: add TOR in front of the tunnel, vpn, soks.
Belonging to a hosting provider - well, I think it's clear here, we don't use tunnels, socks, VPN hosting providers, consider that if the ip belongs to the hoster, then it is in black.
3) Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now, just remember that they need to be checked and fixed
From myself: do not use dns from Google, as your actions are logged
4) Flash
Of course, we turn it on, because we have nothing to fear and we went to pay for goods from our account. In general, turn on the flash - do not arouse suspicion.
With flash, you need to be extremely careful, downloading flashplayer to your computer (using antidetect or Dedicated Server) is the same as deliberately launching a Trojan into the system. Do not forget about the language of your OS and the time zone.
I recommend checking flash leaks at browserleaks.com
5) Tab history and refer
Used by antifraud to detect recently visited sites.
Everything is simple here - no whoers and other sites that call fawn.
Walking on google and facebook, imitating Michael's behavior.
Refer - determines which site we came from, so we go, like all people, from Google.
6) Tab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7) Audio imprint
- test
I checked it on the main OS and on a virtual machine with antidetect - the prints are the same. I have not tested it on the Dedicated Server yet, check it on your Dedicated Dedicated and unsubscribe.
An audio fingerprint can really hurt you in 2 cases:
1. Deanonymization.
Imagine that you go to the PP website and your audio fingerprint is taken. Further, after a successful case, you turn off the virtual machine and go to youtube or google, even worse if on the social network and all these sites you also have an audio imprint. Deanonymization will look something like this "20:00 fingerprint 2a3b4c5e entered the PP under ip 192.168.0.1, 20:30 fingerprint 2a3b4c5e went to youtube under ip 192.168.1.100 (The same ip from which you went to youtube)"
2. The affiliate or other sites on this fingerprint can see that you have already been with them.
Solution: watch the latest Vector webinar on changing this parameter.
8) Uptime and Os fingerprint
Uptime is the time your vpn, soks, tunnel is online.
Agree, it's strange that Michael's computer has been working without rebooting for half a year
Solution: go to the tunnel console and write reboot
OS fingerprint - in simple terms, each OS has different packages. That is, when you use a tunnel over Windows, it turns out that you have packages from Linux and the user is a Windows agent
Solution: use the Dedicated Server (RDP) or open the openvpn server on the tunnel and write the line mssfix 0 in the server and client configuration.
Introduction:
Imagine some Michael from the USA who wants to pay for an iPhone. He enters a shop, sees payment through a PP, registers an account and pays. Michael does not track his self-registration, does not swing with purchases of tea and other offal, he comes in and pays. Michael does not need to gain the trust of the PP, read entire threads on the forums before buying something for himself. So how do we seem to be Michael and not Boris in the eyes of an antifraud.
1) Ports
Imagine that you are an anti-fraud. Sit and look at the orders and here someone wants to buy from you who have 80,443,3389,22 ports open. Just looking at these ports it is already clear what this person is up to. After all, Michael would not pay from Dedicated Servers, tunnels, socks, proxies.
Solution: we use the Dedicated Server, on which we configure the firewall or on the tunnel we raise the firewall
2) Two-way ping and belonging to a hosting provider
Two-way ping detects tunnels, vpn, sox by ping and time difference received in the loop
Solution: add TOR in front of the tunnel, vpn, soks.
Belonging to a hosting provider - well, I think it's clear here, we don't use tunnels, socks, VPN hosting providers, consider that if the ip belongs to the hoster, then it is in black.
3) Webrtc and DNS
There is a lot of information on preventing these leaks, I will not duplicate them 1000 times now, just remember that they need to be checked and fixed
From myself: do not use dns from Google, as your actions are logged
4) Flash
Of course, we turn it on, because we have nothing to fear and we went to pay for goods from our account. In general, turn on the flash - do not arouse suspicion.
With flash, you need to be extremely careful, downloading flashplayer to your computer (using antidetect or Dedicated Server) is the same as deliberately launching a Trojan into the system. Do not forget about the language of your OS and the time zone.
I recommend checking flash leaks at browserleaks.com
5) Tab history and refer
Used by antifraud to detect recently visited sites.
Everything is simple here - no whoers and other sites that call fawn.
Walking on google and facebook, imitating Michael's behavior.
Refer - determines which site we came from, so we go, like all people, from Google.
6) Tab name
In short, using this parameter, antifraud sees all open tabs in your browser in real time.
7) Audio imprint
- test
I checked it on the main OS and on a virtual machine with antidetect - the prints are the same. I have not tested it on the Dedicated Server yet, check it on your Dedicated Dedicated and unsubscribe.
An audio fingerprint can really hurt you in 2 cases:
1. Deanonymization.
Imagine that you go to the PP website and your audio fingerprint is taken. Further, after a successful case, you turn off the virtual machine and go to youtube or google, even worse if on the social network and all these sites you also have an audio imprint. Deanonymization will look something like this "20:00 fingerprint 2a3b4c5e entered the PP under ip 192.168.0.1, 20:30 fingerprint 2a3b4c5e went to youtube under ip 192.168.1.100 (The same ip from which you went to youtube)"
2. The affiliate or other sites on this fingerprint can see that you have already been with them.
Solution: watch the latest Vector webinar on changing this parameter.
8) Uptime and Os fingerprint
Uptime is the time your vpn, soks, tunnel is online.
Agree, it's strange that Michael's computer has been working without rebooting for half a year
Solution: go to the tunnel console and write reboot
OS fingerprint - in simple terms, each OS has different packages. That is, when you use a tunnel over Windows, it turns out that you have packages from Linux and the user is a Windows agent
Solution: use the Dedicated Server (RDP) or open the openvpn server on the tunnel and write the line mssfix 0 in the server and client configuration.
Last edited by a moderator:
