0. jabber - c0nSult4nT@jabber.org
icq - 647884361
1. c0nSult4nT
http://carder.market/member.php?u=60393
2. c0nSult4nT - he promised to build a Citibank Scam Page for 100 LR. I paid 50 LR and i was supposed to pay another 50 LR after the page was ready in 3-4 days from the date of payment.
I paid on 24 July, now it`s 31July and no sign of him, he never responded again, also i see today he logged to the forum and did NOT message me, so he is ignoring me, probably trying to rip others as well.
here is proof of payment by lr :
http://imageshack.us/f/69/92645811.jpg/
3. All logs are below, conversation was on Jabber.
*****
(12:12:44 PM) killerbee@jaim.at/10117127471343146315788249: hi
(12:12:54 PM) c0nsult4nt@jabber.org: hi
(12:12:59 PM) killerbee@jaim.at/10117127471343146315788249: this is amndel from the forum
(12:13:07 PM) c0nsult4nt@jabber.org: ok
(12:13:07 PM) killerbee@jaim.at/10117127471343146315788249: do u use otr on jabber?
(12:13:14 PM) c0nsult4nt@jabber.org: no i dont
(12:13:40 PM) c0nsult4nt@jabber.org: which scam page do u need?
(12:13:46 PM) killerbee@jaim.at/10117127471343146315788249: www.myciti.com
(12:13:56 PM) killerbee@jaim.at/10117127471343146315788249: custom page
(12:14:31 PM) killerbee@jaim.at/10117127471343146315788249: i need it to check login if valid or not
(12:14:44 PM) killerbee@jaim.at/10117127471343146315788249: page should be php
(12:15:06 PM) killerbee@jaim.at/10117127471343146315788249: i already have html + php page but is full of errors and it`s best to build new from scratch
(12:15:17 PM) c0nsult4nt@jabber.org: k
(12:15:23 PM) c0nsult4nt@jabber.org: u mean u need checker?
(12:15:54 PM) killerbee@jaim.at/10117127471343146315788249: once the person goes on my link and puts something like test, test, that login must be checked with citibank.com , if valid, then redirect to scam page to fill details
(12:16:00 PM) killerbee@jaim.at/10117127471343146315788249: like old paypal scam pages
(12:16:05 PM) killerbee@jaim.at/10117127471343146315788249: that were checking logins
(12:16:09 PM) c0nsult4nt@jabber.org: oh i see
(12:16:18 PM) c0nsult4nt@jabber.org: if someone use ur page
(12:16:34 PM) c0nsult4nt@jabber.org: it automatic check to real gateway
(12:16:35 PM) killerbee@jaim.at/10117127471343146315788249: because i get like fuck you, pass: fuck you and then fuck u all over the pages
(12:16:39 PM) killerbee@jaim.at/10117127471343146315788249: yeah
(12:16:49 PM) killerbee@jaim.at/10117127471343146315788249: or invalid data presented
(12:16:58 PM) c0nsult4nt@jabber.org: wait
(12:17:01 PM) c0nsult4nt@jabber.org: let me check
(12:17:31 PM) c0nsult4nt@jabber.org: Sign On
Information not recognized
Please check the information you entered and try again.
Help is available if you're having trouble accessing your account.
• A reminder if you forgot your Online User ID.
• Reset your password if you forgot it.
• If you made several wrong guesses, your account could be blocked. You can unblock it here.
If you need further assistance with your bank account, please call 1-800-374-9700. If you need further assistance with your Citi® Visa, Master Card or American Express account, please call 1-800-347-4934. For all others, including Sears, Macy's and Home Depot, get help here. Additional Customer Support is also available.
Access your Citi ThankYou© Rewards Member Account here.
(12:17:48 PM) c0nsult4nt@jabber.org: u need to change this number also?
(12:17:49 PM) c0nsult4nt@jabber.org: 1-800-347-4934
(12:18:17 PM) killerbee@jaim.at/10117127471343146315788249: if the person types something incorrect just say, Information not recognized Please check the information you entered and try again.
(12:18:18 PM) killerbee@jaim.at/10117127471343146315788249: if valid
(12:18:22 PM) killerbee@jaim.at/10117127471343146315788249: then redirect to fill infos
(12:18:52 PM) c0nsult4nt@jabber.org: of valid, redirect to real page? (citibank)
(12:19:44 PM) killerbee@jaim.at/10117127471343146315788249: if valid, redict to my scam fill info ; if invalid prompt message for invalid info, if he tries again and puts the real info, then redirect to my scam page.
(12:20:39 PM) c0nsult4nt@jabber.org: yes i got it
(12:21:09 PM) killerbee@jaim.at/10117127471343146315788249: after this login thing
(12:21:24 PM) killerbee@jaim.at/10117127471343146315788249: i will show u how to design the filling info data
(12:21:27 PM) killerbee@jaim.at/10117127471343146315788249: name , address cc etc
(12:21:46 PM) c0nsult4nt@jabber.org: ok
(12:21:53 PM) killerbee@jaim.at/10117127471343146315788249: if u wish
(12:21:56 PM) killerbee@jaim.at/10117127471343146315788249: i can give u a link
(12:21:58 PM) killerbee@jaim.at/10117127471343146315788249: to my current page
(12:22:04 PM) killerbee@jaim.at/10117127471343146315788249: to make an idea
(12:22:19 PM) c0nsult4nt@jabber.org: i can make clone this bank
(12:22:27 PM) c0nsult4nt@jabber.org: also can coded in jsp
(12:22:30 PM) c0nsult4nt@jabber.org:
(12:22:39 PM) killerbee@jaim.at/10117127471343146315788249: well i don't know what`s the problem
(12:22:40 PM) killerbee@jaim.at/10117127471343146315788249: but
(12:22:42 PM) killerbee@jaim.at/10117127471343146315788249: sometimes
(12:22:47 PM) killerbee@jaim.at/10117127471343146315788249: it doesn't pass to collecting info
(12:22:50 PM) killerbee@jaim.at/10117127471343146315788249: just keeps loading
(12:22:54 PM) killerbee@jaim.at/10117127471343146315788249: and shows an error message
(12:22:59 PM) killerbee@jaim.at/10117127471343146315788249: some error in the html code
(12:23:02 PM) killerbee@jaim.at/10117127471343146315788249: not working properly
(12:23:05 PM) killerbee@jaim.at/10117127471343146315788249: so i have to change socks
(12:23:07 PM) killerbee@jaim.at/10117127471343146315788249: and i can pass
(12:23:09 PM) killerbee@jaim.at/10117127471343146315788249: so i think
(12:23:12 PM) killerbee@jaim.at/10117127471343146315788249: i am not getting all of them
(12:23:18 PM) killerbee@jaim.at/10117127471343146315788249: because of that erros
(12:23:26 PM) killerbee@jaim.at/10117127471343146315788249: that`s why i think it`s best to make a new page
(12:23:54 PM) killerbee@jaim.at/10117127471343146315788249: my page is designed so that only US ips can be on the page
(12:24:16 PM) killerbee@jaim.at/10117127471343146315788249: also once u submit the info once, and return, if will automatically redirect
(12:24:19 PM) killerbee@jaim.at/10117127471343146315788249: and not let u fill again
(12:24:59 PM) c0nsult4nt@jabber.org: hmm
(12:25:05 PM) killerbee@jaim.at/10117127471343146315788249: but i don't think that`s the problem
(12:25:10 PM) killerbee@jaim.at/10117127471343146315788249: it says something about
(12:25:12 PM) killerbee@jaim.at/10117127471343146315788249: .jav file
(12:25:26 PM) c0nsult4nt@jabber.org: i have solution for u
(12:25:35 PM) c0nsult4nt@jabber.org: u just need all data right?
(12:25:39 PM) killerbee@jaim.at/10117127471343146315788249: yes
(12:25:42 PM) killerbee@jaim.at/10117127471343146315788249: + login
(12:26:01 PM) c0nsult4nt@jabber.org: also dob, ssn, balance, etc
(12:26:26 PM) c0nsult4nt@jabber.org: i can make clone this bank
(12:26:33 PM) c0nsult4nt@jabber.org: and added exploit
(12:26:36 PM) killerbee@jaim.at/10117127471343146315788249: no need for balance , i can check after i get the info but balance is also nice to know before 
(12:26:40 PM) c0nsult4nt@jabber.org: but u must have botnet
(12:26:52 PM) killerbee@jaim.at/10117127471343146315788249: yeah i understand
(12:26:54 PM) killerbee@jaim.at/10117127471343146315788249: infect them
(12:27:04 PM) killerbee@jaim.at/10117127471343146315788249: but it doesn't always work...
(12:27:09 PM) c0nsult4nt@jabber.org: yes infect while login success
(12:27:15 PM) c0nsult4nt@jabber.org: its works
(12:27:16 PM) c0nsult4nt@jabber.org:
(12:27:23 PM) killerbee@jaim.at/10117127471343146315788249: well i did so with zeus
(12:27:27 PM) killerbee@jaim.at/10117127471343146315788249: and i sent millions of emails
(12:27:28 PM) c0nsult4nt@jabber.org: using private 0 day
(12:27:34 PM) killerbee@jaim.at/10117127471343146315788249: and got only like 100 victims
(12:27:38 PM) c0nsult4nt@jabber.org: zeus is shit
(12:27:52 PM) c0nsult4nt@jabber.org: zeus, spyeye = failed
(12:27:53 PM) c0nsult4nt@jabber.org:
(12:27:58 PM) c0nsult4nt@jabber.org: its public
(12:28:06 PM) killerbee@jaim.at/10117127471343146315788249: so what are you using?
(12:28:26 PM) killerbee@jaim.at/10117127471343146315788249: this thing is complicated.... u need to update stubs and so....
(12:28:32 PM) killerbee@jaim.at/10117127471343146315788249: to me, getting info was easier
(12:28:44 PM) killerbee@jaim.at/10117127471343146315788249: but having a botnet u can make the victim not see the changes...that`s a good thing....
(12:29:39 PM) c0nsult4nt@jabber.org: no changes
(12:29:53 PM) killerbee@jaim.at/10117127471343146315788249: but tell me more.... what i think u want to purpose is make something to infect them and when they login locally they will be asked by www.citibank.com to update and email me the info right?
(12:30:30 PM) c0nsult4nt@jabber.org: yes, after infect them, bot will automatic collect valid data and send to ur server or email
(12:30:52 PM) c0nsult4nt@jabber.org: e.g u want get report each 1Mb
(12:31:05 PM) c0nsult4nt@jabber.org: bot automatic send it
(12:31:26 PM) killerbee@jaim.at/10117127471343146315788249: yeah but i think u need botnet hosting
(12:31:34 PM) killerbee@jaim.at/10117127471343146315788249: hosts also die
(12:32:25 PM) c0nsult4nt@jabber.org: yes but if u dont want hosting, i can code custom bot
(12:32:36 PM) c0nsult4nt@jabber.org: no need web panel
(12:32:45 PM) c0nsult4nt@jabber.org: it just auto send to email
(12:33:09 PM) c0nsult4nt@jabber.org: and alert if detect by some AV
(12:33:26 PM) killerbee@jaim.at/10117127471343146315788249: do u have any demo videos on this thing?
(12:33:27 PM) c0nsult4nt@jabber.org: so u can udate (FUD) by remote
(12:33:35 PM) c0nsult4nt@jabber.org: nothing
(12:33:52 PM) killerbee@jaim.at/10117127471343146315788249: how much will this cost? i really need to think it thru though
(12:34:43 PM) c0nsult4nt@jabber.org: scam page with custom bot + 1 month FUD support $500
(12:35:37 PM) killerbee@jaim.at/10117127471343146315788249: do u have a name for this bot thing?
(12:36:38 PM) c0nsult4nt@jabber.org: notyet for this bot
(12:37:56 PM) killerbee@jaim.at/10117127471343146315788249: so....it`s a bot, that automatically infects them , what`s the infection rate? after infection the victim is redirected to www.citibank.com and once he logins my scam page will appear and it will email me the info........... how can i control this bot if it`s not hosted on anything? cybergate ?
(12:39:05 PM) c0nsult4nt@jabber.org: its like RAT
(12:39:13 PM) c0nsult4nt@jabber.org: u can control via ur pc
(12:40:05 PM) killerbee@jaim.at/10117127471343146315788249: i see
(12:40:25 PM) killerbee@jaim.at/10117127471343146315788249: how much for fud support after 1 month?
(12:40:35 PM) c0nsult4nt@jabber.org: $25/ exe
(12:40:58 PM) killerbee@jaim.at/10117127471343146315788249: Ok.
(12:41:20 PM) killerbee@jaim.at/10117127471343146315788249: and u can also make me a script than when the victim logins he sees his original balance?
(12:41:27 PM) killerbee@jaim.at/10117127471343146315788249: *that
(12:42:46 PM) c0nsult4nt@jabber.org: yes
(12:42:53 PM) killerbee@jaim.at/10117127471343146315788249: also how is he infected? hidden mode? no need to accept anything?
(12:43:04 PM) c0nsult4nt@jabber.org: if he login, all data will be collected
(12:43:20 PM) c0nsult4nt@jabber.org: infected via browser
(12:44:07 PM) c0nsult4nt@jabber.org: i can make exploit embeded in jsp script
(12:44:23 PM) c0nsult4nt@jabber.org: this script work like java drive by
(12:44:32 PM) c0nsult4nt@jabber.org: but i am not use java for it
(12:44:36 PM) killerbee@jaim.at/10117127471343146315788249: so...what should i email him? like please relogin to activate ur account? and he will be infected?
(12:44:53 PM) c0nsult4nt@jabber.org: u dont need to send email
(12:45:21 PM) c0nsult4nt@jabber.org: if login valid, exploit automatic run and intect victim
(12:45:36 PM) c0nsult4nt@jabber.org: wait
(12:45:43 PM) c0nsult4nt@jabber.org: i give u algorithm
(12:46:05 PM) killerbee@jaim.at/10117127471343146315788249: i did not made myself clear, i need to first tell him to visit my infected link in order for him to be infected...otherwise how is he supposed to be my victim?
(12:46:53 PM) c0nsult4nt@jabber.org: no
(12:46:54 PM) c0nsult4nt@jabber.org: wait
(12:47:00 PM) killerbee@jaim.at/10117127471343146315788249: ok
(12:51:02 PM) c0nsult4nt@jabber.org: like this
(12:51:03 PM) c0nsult4nt@jabber.org: $fuction Check login valid or not
if no => appear login error => redirect to scam page.
if
login success => infect via browser (exploit) => save data => redirect to real page (citibank)
collect all data from client area (citibank) => send report
control via PC (Remote, Update, Delete)
(12:52:12 PM) killerbee@jaim.at/10117127471343146315788249: ok. so 1. i email vitim, 2. victim visits my page. and then the magic happens.
(12:52:21 PM) killerbee@jaim.at/10117127471343146315788249: all above
(12:52:27 PM) c0nsult4nt@jabber.org: yes
(12:52:48 PM) c0nsult4nt@jabber.org: ip outside U.S will be blocked
(12:52:58 PM) c0nsult4nt@jabber.org: and redirect to google
(12:53:33 PM) killerbee@jaim.at/10117127471343146315788249: ok
(12:54:01 PM) killerbee@jaim.at/10117127471343146315788249: how much time do u need to make this thing? i am very interested but i cannot start this until september, so 1 month from now.
(12:54:37 PM) c0nsult4nt@jabber.org: 3-4 days
(12:54:56 PM) killerbee@jaim.at/10117127471343146315788249: ah ok so not long
(12:55:00 PM) killerbee@jaim.at/10117127471343146315788249: well ..i'll save this up
(12:55:15 PM) killerbee@jaim.at/10117127471343146315788249: and contact u asap i am ready for this, i got some payments to make first then i can invest in this
(12:55:39 PM) killerbee@jaim.at/10117127471343146315788249: i wpould buy the scam page now
(12:55:40 PM) killerbee@jaim.at/10117127471343146315788249: but
(12:55:45 PM) killerbee@jaim.at/10117127471343146315788249: i think it`s better this new thing
(12:56:29 PM) c0nsult4nt@jabber.org: scam page only $100
(12:56:40 PM) c0nsult4nt@jabber.org: full clone design and scripts
(12:57:50 PM) killerbee@jaim.at/10117127471343146315788249: do i have to pay again for scam page in 1 month if we agree on the bot thing?
(12:58:00 PM) killerbee@jaim.at/10117127471343146315788249: if i buy scam page now
(12:58:28 PM) c0nsult4nt@jabber.org: no
(12:58:45 PM) c0nsult4nt@jabber.org: i will use the same script, just added exploit inside
(12:59:12 PM) killerbee@jaim.at/10117127471343146315788249: ok
(12:59:42 PM) killerbee@jaim.at/10117127471343146315788249: well i want the scam page now then. i need logn page, cc info page, email + password page, so 3 pages in total.
(12:59:55 PM) killerbee@jaim.at/10117127471343146315788249: i can give u link to my current page to make an idea
(1:00:01 PM) killerbee@jaim.at/10117127471343146315788249: and maybe use some of the coding to speed things
(1:00:52 PM) c0nsult4nt@jabber.org: ok
(1:01:52 PM) killerbee@jaim.at/10117127471343146315788249: >>masked link>>
(1:02:04 PM) killerbee@jaim.at/10117127471343146315788249: if u use us ip will direct u to scam page
(1:02:08 PM) killerbee@jaim.at/10117127471343146315788249: if u use outside ip will redirect
(1:02:35 PM) killerbee@jaim.at/10117127471343146315788249: also u need to clear cookies to re visit
(1:15:59 PM) killerbee@jaim.at/10117127471343146315788249: i need this build to a new page
(1:16:08 PM) killerbee@jaim.at/10117127471343146315788249: osometimes
(1:16:11 PM) killerbee@jaim.at/10117127471343146315788249: when u try to login
(1:16:13 PM) killerbee@jaim.at/10117127471343146315788249: it will keep saying
(1:16:16 PM) killerbee@jaim.at/10117127471343146315788249: "processing"
(1:16:17 PM) killerbee@jaim.at/10117127471343146315788249: for ever
(1:16:25 PM) killerbee@jaim.at/10117127471343146315788249: and not directing to ask for full info
(1:16:28 PM) killerbee@jaim.at/10117127471343146315788249: if i change ip
(1:16:32 PM) killerbee@jaim.at/10117127471343146315788249: it will pass
(1:16:41 PM) killerbee@jaim.at/10117127471343146315788249: so i think this happens to other victims too
(1:16:45 PM) killerbee@jaim.at/10117127471343146315788249: because i get a ton of logins
(1:16:48 PM) killerbee@jaim.at/10117127471343146315788249: but not the full info
(1:17:14 PM) c0nsult4nt@jabber.org: i understand
(1:18:20 PM) killerbee@jaim.at/10117127471343146315788249: there are 3 pages, check.php index.htm, but it collects 1. login + pass, 2. full info, 3. email address+pass then redirects to citibank.com
(1:18:36 PM) killerbee@jaim.at/10117127471343146315788249: if he tried again to put the info in
(1:18:44 PM) killerbee@jaim.at/10117127471343146315788249: he will be redirected to citibank.com
(1:18:47 PM) killerbee@jaim.at/10117127471343146315788249: if he clears cookies
(1:18:50 PM) killerbee@jaim.at/10117127471343146315788249: he can revisit
(1:18:53 PM) killerbee@jaim.at/10117127471343146315788249: but once he logins
(1:18:55 PM) killerbee@jaim.at/10117127471343146315788249: he will be banned
(1:18:59 PM) killerbee@jaim.at/10117127471343146315788249: there is a ban.txt list
(1:19:08 PM) killerbee@jaim.at/10117127471343146315788249: and he cannot refill for any other reason
(1:19:25 PM) killerbee@jaim.at/10117127471343146315788249: also the page uses an external send mailer to send all data
(1:19:38 PM) killerbee@jaim.at/10117127471343146315788249: because sometimes the main host where the page is hosted cannot send mail locally
(1:19:43 PM) killerbee@jaim.at/10117127471343146315788249: so i opted for an external mailer
(1:19:58 PM) killerbee@jaim.at/10117127471343146315788249: so somewhere there is an error......
(1:22:17 PM) killerbee@jaim.at/10117127471343146315788249: so let me know what you think....
(1:22:36 PM) killerbee@jaim.at/10117127471343146315788249: strictly speaking only on the scam page for the moment
(1:23:41 PM) c0nsult4nt@jabber.org: ok i got it
(1:23:47 PM) c0nsult4nt@jabber.org: i can do all u need
(1:25:35 PM) killerbee@jaim.at/10117127471343146315788249: so basically ..u can keep all functions of my page , but ADD AS NEW : 1. check for validity the login, if valid continue to fill info, if invalid, promt invalid message and ask to try again, 2. make a bad word list of : fuck, scam, shit, etc , so if he types anyting like that to not be allowed and say invalid, 3. complete php only pages.
(1:26:52 PM) killerbee@jaim.at/10117127471343146315788249: and as u can see my page accepts only numbers in the cc field, or phone field
(1:26:55 PM) killerbee@jaim.at/10117127471343146315788249: etc
(1:27:29 PM) c0nsult4nt@jabber.org: yes i know
(1:27:59 PM) killerbee@jaim.at/10117127471343146315788249: ok then
(1:28:04 PM) killerbee@jaim.at/10117127471343146315788249: if u want we can start this
(1:28:13 PM) killerbee@jaim.at/10117127471343146315788249: i believe u need my scam page right?
(1:28:24 PM) killerbee@jaim.at/10117127471343146315788249: and how much total to pay again?
(1:29:26 PM) c0nsult4nt@jabber.org: i can code new page
(1:29:37 PM) c0nsult4nt@jabber.org: i charge $100
(1:29:59 PM) killerbee@jaim.at/10117127471343146315788249: well i can give u my page so that u know which functions it has and need to be kept, i like them.
(1:30:33 PM) killerbee@jaim.at/10117127471343146315788249: how should i pay you? u need all funds upfront or pay 50 bucks now and the rest asap i see the page hosted somewhere and check if all is fine then pay u and get the complete page?
(1:30:56 PM) c0nsult4nt@jabber.org: pay 50%
(1:31:06 PM) c0nsult4nt@jabber.org: and 50% after all works
(1:32:25 PM) killerbee@jaim.at/10117127471343146315788249: ok
(1:32:30 PM) killerbee@jaim.at/10117127471343146315788249: lr account?
(1:32:54 PM) c0nsult4nt@jabber.org: U7445536
(1:33:17 PM) killerbee@jaim.at/10117127471343146315788249: ok
(1:33:19 PM) killerbee@jaim.at/10117127471343146315788249: paying in 5 minutes
(1:33:28 PM) killerbee@jaim.at/10117127471343146315788249: any memo u want or just leave blank?
(1:34:11 PM) c0nsult4nt@jabber.org: write ur email
(1:34:22 PM) killerbee@jaim.at/10117127471343146315788249: ok
(1:34:26 PM) c0nsult4nt@jabber.org: so i can contact u if u not online on jabber
(1:35:08 PM) killerbee@jaim.at/10117127471343146315788249: oh and also i forgot to tell something
(1:35:15 PM) killerbee@jaim.at/10117127471343146315788249: i use windows hosting to host pages
(1:35:18 PM) killerbee@jaim.at/10117127471343146315788249: and install appserv
(1:35:22 PM) killerbee@jaim.at/10117127471343146315788249: with php and so
(1:35:24 PM) killerbee@jaim.at/10117127471343146315788249: sometimes
(1:35:30 PM) killerbee@jaim.at/10117127471343146315788249: on random hosts
(1:35:32 PM) killerbee@jaim.at/10117127471343146315788249: i get
(1:35:35 PM) killerbee@jaim.at/10117127471343146315788249: curl error
(1:35:41 PM) killerbee@jaim.at/10117127471343146315788249: on the check.php file
(1:35:45 PM) killerbee@jaim.at/10117127471343146315788249: fata error
(1:35:52 PM) killerbee@jaim.at/10117127471343146315788249: and it doesn't let me pass to cc filling
(1:35:57 PM) c0nsult4nt@jabber.org: setting curl to ON
(1:35:59 PM) killerbee@jaim.at/10117127471343146315788249: so i have to install on new windows machine
(1:36:10 PM) killerbee@jaim.at/10117127471343146315788249: appserv automatically installs curl
(1:36:14 PM) killerbee@jaim.at/10117127471343146315788249: but on some hosts
(1:36:17 PM) killerbee@jaim.at/10117127471343146315788249: gives me that error
(1:36:20 PM) killerbee@jaim.at/10117127471343146315788249: and on some, works
(1:36:28 PM) c0nsult4nt@jabber.org: yes sometime got error and curl not running
(1:36:42 PM) c0nsult4nt@jabber.org: better use linux
(1:36:48 PM) killerbee@jaim.at/10117127471343146315788249: no linux hosts
(1:36:52 PM) killerbee@jaim.at/10117127471343146315788249: i got win machines
(1:37:00 PM) killerbee@jaim.at/10117127471343146315788249: but no problem
(1:37:07 PM) killerbee@jaim.at/10117127471343146315788249: i can always find good win machines to work
(1:37:25 PM) killerbee@jaim.at/10117127471343146315788249: so i wanted to tell u this ...maybe we can do something if fatal errors happen again
(1:37:46 PM) c0nsult4nt@jabber.org: try use xampp
(1:37:57 PM) killerbee@jaim.at/10117127471343146315788249: same error
(1:38:08 PM) killerbee@jaim.at/10117127471343146315788249: maybe page coding error?
(1:38:16 PM) killerbee@jaim.at/10117127471343146315788249: conflicts or something
(1:38:30 PM) c0nsult4nt@jabber.org: yes maybe some line deleted or missing char
(1:39:25 PM) c0nsult4nt@jabber.org: anyway, u dont need cc?
(1:39:32 PM) c0nsult4nt@jabber.org: i also sell bulk cc
(1:39:52 PM) killerbee@jaim.at/10117127471343146315788249: if u got cc citibank debits
(1:39:55 PM) killerbee@jaim.at/10117127471343146315788249: full info
(1:39:57 PM) killerbee@jaim.at/10117127471343146315788249: like i ask
(1:39:59 PM) killerbee@jaim.at/10117127471343146315788249: height
(1:40:02 PM) killerbee@jaim.at/10117127471343146315788249: first school
(1:40:15 PM) c0nsult4nt@jabber.org: oh,, i dont have it
(1:40:20 PM) c0nsult4nt@jabber.org: only italy cvv
(1:40:30 PM) killerbee@jaim.at/10117127471343146315788249: sorry no use for italy...
(1:40:33 PM) killerbee@jaim.at/10117127471343146315788249: only need citibank
(1:41:05 PM) killerbee@jaim.at/10117127471343146315788249: also
(1:41:09 PM) killerbee@jaim.at/10117127471343146315788249: maybe u can give me a good tip
(1:41:16 PM) killerbee@jaim.at/10117127471343146315788249: i got win machines
(1:41:19 PM) killerbee@jaim.at/10117127471343146315788249: which are ips
(1:41:22 PM) killerbee@jaim.at/10117127471343146315788249: and not domains
(1:41:28 PM) killerbee@jaim.at/10117127471343146315788249: and i know that if u spam domains
(1:41:31 PM) killerbee@jaim.at/10117127471343146315788249: it will get to yahoo
(1:41:32 PM) killerbee@jaim.at/10117127471343146315788249: aol
(1:41:34 PM) killerbee@jaim.at/10117127471343146315788249: gmail
(1:41:38 PM) killerbee@jaim.at/10117127471343146315788249: if u spam IP only
(1:41:44 PM) killerbee@jaim.at/10117127471343146315788249: it will not get to most of email providers
(1:42:14 PM) killerbee@jaim.at/10117127471343146315788249: i got a few domains
(1:42:18 PM) killerbee@jaim.at/10117127471343146315788249: i mean
(1:42:22 PM) killerbee@jaim.at/10117127471343146315788249: hacked win machine
(1:42:26 PM) killerbee@jaim.at/10117127471343146315788249: which has domain attached
(1:42:33 PM) killerbee@jaim.at/10117127471343146315788249: so i just put my link there
(1:42:37 PM) killerbee@jaim.at/10117127471343146315788249: and spam the domain with my link
(1:42:40 PM) killerbee@jaim.at/10117127471343146315788249: and works
(1:42:41 PM) killerbee@jaim.at/10117127471343146315788249: but
(1:42:47 PM) killerbee@jaim.at/10117127471343146315788249: i don't have domains most of the time
(1:42:53 PM) killerbee@jaim.at/10117127471343146315788249: any tip on how to do this in the future?
(1:43:07 PM) c0nsult4nt@jabber.org: u mean to spam any email provider?
(1:43:13 PM) killerbee@jaim.at/10117127471343146315788249: yes
(1:43:23 PM) killerbee@jaim.at/10117127471343146315788249: if i spam 1.1.1.1/index.php
(1:43:30 PM) killerbee@jaim.at/10117127471343146315788249: it won't be received big most email providers
(1:43:38 PM) killerbee@jaim.at/10117127471343146315788249: if i spam citibank.mysite.com/index.html
(1:43:45 PM) killerbee@jaim.at/10117127471343146315788249: it will get to most email providers
(1:43:51 PM) c0nsult4nt@jabber.org: ok
(1:44:06 PM) c0nsult4nt@jabber.org: u must install SSL with 2048 encryption
(1:44:20 PM) c0nsult4nt@jabber.org: and install ZCS for email server
(1:44:51 PM) c0nsult4nt@jabber.org: u can card ssl
(1:44:52 PM) c0nsult4nt@jabber.org:
(1:45:06 PM) c0nsult4nt@jabber.org: rapid ssl is good
(1:46:15 PM) killerbee@jaim.at/10117127471343146315788249: not sure if i get this right. for example i have host , 1.1.1.1 , i want to spam it, i spam it to x@yahoo.com, he doesn't get it!! because it`s an ip and not a DNS or domain, i don't know the reason. if i www.something.com/scam.php it will be accepted!
(1:46:48 PM) killerbee@jaim.at/10117127471343146315788249: 1.1.1.1/scam.php -> not received in email
(1:47:00 PM) killerbee@jaim.at/10117127471343146315788249: something.com/scam.php , receivined in inbox or spam box
(1:47:04 PM) killerbee@jaim.at/10117127471343146315788249: but no problem
(1:47:36 PM) c0nsult4nt@jabber.org: yes u can try install zcs
(1:48:26 PM) c0nsult4nt@jabber.org: coz some provider use validation from server
(1:48:49 PM) killerbee@jaim.at/10117127471343146315788249: aaa
(1:49:01 PM) killerbee@jaim.at/10117127471343146315788249: so if i install zcs and spam 1.1.1.1/scam.php
(1:49:05 PM) killerbee@jaim.at/10117127471343146315788249: with zcs
(1:49:08 PM) killerbee@jaim.at/10117127471343146315788249: it will be accepted?
(1:49:23 PM) c0nsult4nt@jabber.org: Windows Version of Zimbra server
(1:49:25 PM) c0nsult4nt@jabber.org: yes
(1:49:37 PM) killerbee@jaim.at/10117127471343146315788249: ok..gonna talk more about this after we`re done with the scam page...
(1:49:39 PM) killerbee@jaim.at/10117127471343146315788249: let me pay u first
(1:49:44 PM) c0nsult4nt@jabber.org: ok
(1:55:20 PM) killerbee@jaim.at/10117127471343146315788249: paid
(1:55:42 PM) c0nsult4nt@jabber.org: ok
(1:55:46 PM) killerbee@jaim.at/10117127471343146315788249: 50
(1:55:48 PM) c0nsult4nt@jabber.org: let me check
(1:56:58 PM) c0nsult4nt@jabber.org: received
(1:57:16 PM) c0nsult4nt@jabber.org: i will work for ur scam page
(1:57:27 PM) killerbee@jaim.at/10117127471343146315788249: let me give u my current page kit
(1:57:32 PM) killerbee@jaim.at/10117127471343146315788249: i need all it`s functions kept
(1:57:35 PM) killerbee@jaim.at/10117127471343146315788249: + the new ones i asked
(1:57:49 PM) c0nsult4nt@jabber.org: upload on sendspace
(1:58:19 PM) killerbee@jaim.at/10117127471343146315788249: 1. check login if valid, 2. make a bad word list, for fuck, scam etc;
(1:58:20 PM) killerbee@jaim.at/10117127471343146315788249: k
(1:59:52 PM) killerbee@jaim.at/10117127471343146315788249: please note it uses an external mailer, u will see it, and i wish for the new page to still use that server
(2:00:07 PM) c0nsult4nt@jabber.org: ok
(2:01:40 PM) killerbee@jaim.at/10117127471343146315788249: so what do u suggest for 1.1.1.1 hosts to be received by most emails? use rapid ssl for the spam host, and use zimbra on the server i use to spam? i have a win machine who uses smtps to spam
(2:02:09 PM) killerbee@jaim.at/10117127471343146315788249: here is the scam page, http://>>>masked link>>>> , pass 123
(2:02:15 PM) c0nsult4nt@jabber.org: ok
(2:02:24 PM) c0nsult4nt@jabber.org: use rapid ssl for ip domain
(2:02:41 PM) c0nsult4nt@jabber.org: then install zimbra as mail server
(2:03:47 PM) killerbee@jaim.at/10117127471343146315788249: k
(2:04:29 PM) c0nsult4nt@jabber.org: i will work now
(2:08:19 PM) killerbee@jaim.at/10117127471343146315788249: ok, estimed time until completion?
icq - 647884361
1. c0nSult4nT
http://carder.market/member.php?u=60393
2. c0nSult4nT - he promised to build a Citibank Scam Page for 100 LR. I paid 50 LR and i was supposed to pay another 50 LR after the page was ready in 3-4 days from the date of payment.
I paid on 24 July, now it`s 31July and no sign of him, he never responded again, also i see today he logged to the forum and did NOT message me, so he is ignoring me, probably trying to rip others as well.
here is proof of payment by lr :
http://imageshack.us/f/69/92645811.jpg/
3. All logs are below, conversation was on Jabber.
*****
(12:12:44 PM) killerbee@jaim.at/10117127471343146315788249: hi
(12:12:54 PM) c0nsult4nt@jabber.org: hi
(12:12:59 PM) killerbee@jaim.at/10117127471343146315788249: this is amndel from the forum
(12:13:07 PM) c0nsult4nt@jabber.org: ok
(12:13:07 PM) killerbee@jaim.at/10117127471343146315788249: do u use otr on jabber?
(12:13:14 PM) c0nsult4nt@jabber.org: no i dont
(12:13:40 PM) c0nsult4nt@jabber.org: which scam page do u need?
(12:13:46 PM) killerbee@jaim.at/10117127471343146315788249: www.myciti.com
(12:13:56 PM) killerbee@jaim.at/10117127471343146315788249: custom page
(12:14:31 PM) killerbee@jaim.at/10117127471343146315788249: i need it to check login if valid or not
(12:14:44 PM) killerbee@jaim.at/10117127471343146315788249: page should be php
(12:15:06 PM) killerbee@jaim.at/10117127471343146315788249: i already have html + php page but is full of errors and it`s best to build new from scratch
(12:15:17 PM) c0nsult4nt@jabber.org: k
(12:15:23 PM) c0nsult4nt@jabber.org: u mean u need checker?
(12:15:54 PM) killerbee@jaim.at/10117127471343146315788249: once the person goes on my link and puts something like test, test, that login must be checked with citibank.com , if valid, then redirect to scam page to fill details
(12:16:00 PM) killerbee@jaim.at/10117127471343146315788249: like old paypal scam pages
(12:16:05 PM) killerbee@jaim.at/10117127471343146315788249: that were checking logins
(12:16:09 PM) c0nsult4nt@jabber.org: oh i see
(12:16:18 PM) c0nsult4nt@jabber.org: if someone use ur page
(12:16:34 PM) c0nsult4nt@jabber.org: it automatic check to real gateway
(12:16:35 PM) killerbee@jaim.at/10117127471343146315788249: because i get like fuck you, pass: fuck you and then fuck u all over the pages
(12:16:39 PM) killerbee@jaim.at/10117127471343146315788249: yeah
(12:16:49 PM) killerbee@jaim.at/10117127471343146315788249: or invalid data presented
(12:16:58 PM) c0nsult4nt@jabber.org: wait
(12:17:01 PM) c0nsult4nt@jabber.org: let me check
(12:17:31 PM) c0nsult4nt@jabber.org: Sign On
Information not recognized
Please check the information you entered and try again.
Help is available if you're having trouble accessing your account.
• A reminder if you forgot your Online User ID.
• Reset your password if you forgot it.
• If you made several wrong guesses, your account could be blocked. You can unblock it here.
If you need further assistance with your bank account, please call 1-800-374-9700. If you need further assistance with your Citi® Visa, Master Card or American Express account, please call 1-800-347-4934. For all others, including Sears, Macy's and Home Depot, get help here. Additional Customer Support is also available.
Access your Citi ThankYou© Rewards Member Account here.
(12:17:48 PM) c0nsult4nt@jabber.org: u need to change this number also?
(12:17:49 PM) c0nsult4nt@jabber.org: 1-800-347-4934
(12:18:17 PM) killerbee@jaim.at/10117127471343146315788249: if the person types something incorrect just say, Information not recognized Please check the information you entered and try again.
(12:18:18 PM) killerbee@jaim.at/10117127471343146315788249: if valid
(12:18:22 PM) killerbee@jaim.at/10117127471343146315788249: then redirect to fill infos
(12:18:52 PM) c0nsult4nt@jabber.org: of valid, redirect to real page? (citibank)
(12:19:44 PM) killerbee@jaim.at/10117127471343146315788249: if valid, redict to my scam fill info ; if invalid prompt message for invalid info, if he tries again and puts the real info, then redirect to my scam page.
(12:20:39 PM) c0nsult4nt@jabber.org: yes i got it
(12:21:09 PM) killerbee@jaim.at/10117127471343146315788249: after this login thing
(12:21:24 PM) killerbee@jaim.at/10117127471343146315788249: i will show u how to design the filling info data
(12:21:27 PM) killerbee@jaim.at/10117127471343146315788249: name , address cc etc
(12:21:46 PM) c0nsult4nt@jabber.org: ok
(12:21:53 PM) killerbee@jaim.at/10117127471343146315788249: if u wish
(12:21:56 PM) killerbee@jaim.at/10117127471343146315788249: i can give u a link
(12:21:58 PM) killerbee@jaim.at/10117127471343146315788249: to my current page
(12:22:04 PM) killerbee@jaim.at/10117127471343146315788249: to make an idea
(12:22:19 PM) c0nsult4nt@jabber.org: i can make clone this bank
(12:22:27 PM) c0nsult4nt@jabber.org: also can coded in jsp
(12:22:30 PM) c0nsult4nt@jabber.org:
(12:22:39 PM) killerbee@jaim.at/10117127471343146315788249: well i don't know what`s the problem
(12:22:40 PM) killerbee@jaim.at/10117127471343146315788249: but
(12:22:42 PM) killerbee@jaim.at/10117127471343146315788249: sometimes
(12:22:47 PM) killerbee@jaim.at/10117127471343146315788249: it doesn't pass to collecting info
(12:22:50 PM) killerbee@jaim.at/10117127471343146315788249: just keeps loading
(12:22:54 PM) killerbee@jaim.at/10117127471343146315788249: and shows an error message
(12:22:59 PM) killerbee@jaim.at/10117127471343146315788249: some error in the html code
(12:23:02 PM) killerbee@jaim.at/10117127471343146315788249: not working properly
(12:23:05 PM) killerbee@jaim.at/10117127471343146315788249: so i have to change socks
(12:23:07 PM) killerbee@jaim.at/10117127471343146315788249: and i can pass
(12:23:09 PM) killerbee@jaim.at/10117127471343146315788249: so i think
(12:23:12 PM) killerbee@jaim.at/10117127471343146315788249: i am not getting all of them
(12:23:18 PM) killerbee@jaim.at/10117127471343146315788249: because of that erros
(12:23:26 PM) killerbee@jaim.at/10117127471343146315788249: that`s why i think it`s best to make a new page
(12:23:54 PM) killerbee@jaim.at/10117127471343146315788249: my page is designed so that only US ips can be on the page
(12:24:16 PM) killerbee@jaim.at/10117127471343146315788249: also once u submit the info once, and return, if will automatically redirect
(12:24:19 PM) killerbee@jaim.at/10117127471343146315788249: and not let u fill again
(12:24:59 PM) c0nsult4nt@jabber.org: hmm
(12:25:05 PM) killerbee@jaim.at/10117127471343146315788249: but i don't think that`s the problem
(12:25:10 PM) killerbee@jaim.at/10117127471343146315788249: it says something about
(12:25:12 PM) killerbee@jaim.at/10117127471343146315788249: .jav file
(12:25:26 PM) c0nsult4nt@jabber.org: i have solution for u
(12:25:35 PM) c0nsult4nt@jabber.org: u just need all data right?
(12:25:39 PM) killerbee@jaim.at/10117127471343146315788249: yes
(12:25:42 PM) killerbee@jaim.at/10117127471343146315788249: + login
(12:26:01 PM) c0nsult4nt@jabber.org: also dob, ssn, balance, etc
(12:26:26 PM) c0nsult4nt@jabber.org: i can make clone this bank
(12:26:33 PM) c0nsult4nt@jabber.org: and added exploit
(12:26:36 PM) killerbee@jaim.at/10117127471343146315788249: no need for balance , i can check after i get the info
but balance is also nice to know before (12:26:40 PM) c0nsult4nt@jabber.org: but u must have botnet
(12:26:52 PM) killerbee@jaim.at/10117127471343146315788249: yeah i understand
(12:26:54 PM) killerbee@jaim.at/10117127471343146315788249: infect them
(12:27:04 PM) killerbee@jaim.at/10117127471343146315788249: but it doesn't always work...
(12:27:09 PM) c0nsult4nt@jabber.org: yes infect while login success
(12:27:15 PM) c0nsult4nt@jabber.org: its works
(12:27:16 PM) c0nsult4nt@jabber.org:
(12:27:23 PM) killerbee@jaim.at/10117127471343146315788249: well i did so with zeus
(12:27:27 PM) killerbee@jaim.at/10117127471343146315788249: and i sent millions of emails
(12:27:28 PM) c0nsult4nt@jabber.org: using private 0 day
(12:27:34 PM) killerbee@jaim.at/10117127471343146315788249: and got only like 100 victims
(12:27:38 PM) c0nsult4nt@jabber.org: zeus is shit
(12:27:52 PM) c0nsult4nt@jabber.org: zeus, spyeye = failed
(12:27:53 PM) c0nsult4nt@jabber.org:
(12:27:58 PM) c0nsult4nt@jabber.org: its public
(12:28:06 PM) killerbee@jaim.at/10117127471343146315788249: so what are you using?
(12:28:26 PM) killerbee@jaim.at/10117127471343146315788249: this thing is complicated.... u need to update stubs and so....
(12:28:32 PM) killerbee@jaim.at/10117127471343146315788249: to me, getting info was easier
(12:28:44 PM) killerbee@jaim.at/10117127471343146315788249: but having a botnet u can make the victim not see the changes...that`s a good thing....
(12:29:39 PM) c0nsult4nt@jabber.org: no changes
(12:29:53 PM) killerbee@jaim.at/10117127471343146315788249: but tell me more.... what i think u want to purpose is make something to infect them and when they login locally they will be asked by www.citibank.com to update and email me the info right?
(12:30:30 PM) c0nsult4nt@jabber.org: yes, after infect them, bot will automatic collect valid data and send to ur server or email
(12:30:52 PM) c0nsult4nt@jabber.org: e.g u want get report each 1Mb
(12:31:05 PM) c0nsult4nt@jabber.org: bot automatic send it
(12:31:26 PM) killerbee@jaim.at/10117127471343146315788249: yeah but i think u need botnet hosting
(12:31:34 PM) killerbee@jaim.at/10117127471343146315788249: hosts also die
(12:32:25 PM) c0nsult4nt@jabber.org: yes but if u dont want hosting, i can code custom bot
(12:32:36 PM) c0nsult4nt@jabber.org: no need web panel
(12:32:45 PM) c0nsult4nt@jabber.org: it just auto send to email
(12:33:09 PM) c0nsult4nt@jabber.org: and alert if detect by some AV
(12:33:26 PM) killerbee@jaim.at/10117127471343146315788249: do u have any demo videos on this thing?
(12:33:27 PM) c0nsult4nt@jabber.org: so u can udate (FUD) by remote
(12:33:35 PM) c0nsult4nt@jabber.org: nothing
(12:33:52 PM) killerbee@jaim.at/10117127471343146315788249: how much will this cost? i really need to think it thru though
(12:34:43 PM) c0nsult4nt@jabber.org: scam page with custom bot + 1 month FUD support $500
(12:35:37 PM) killerbee@jaim.at/10117127471343146315788249: do u have a name for this bot thing?
(12:36:38 PM) c0nsult4nt@jabber.org: notyet for this bot
(12:37:56 PM) killerbee@jaim.at/10117127471343146315788249: so....it`s a bot, that automatically infects them , what`s the infection rate? after infection the victim is redirected to www.citibank.com and once he logins my scam page will appear and it will email me the info........... how can i control this bot if it`s not hosted on anything? cybergate ?
(12:39:05 PM) c0nsult4nt@jabber.org: its like RAT
(12:39:13 PM) c0nsult4nt@jabber.org: u can control via ur pc
(12:40:05 PM) killerbee@jaim.at/10117127471343146315788249: i see
(12:40:25 PM) killerbee@jaim.at/10117127471343146315788249: how much for fud support after 1 month?
(12:40:35 PM) c0nsult4nt@jabber.org: $25/ exe
(12:40:58 PM) killerbee@jaim.at/10117127471343146315788249: Ok.
(12:41:20 PM) killerbee@jaim.at/10117127471343146315788249: and u can also make me a script than when the victim logins he sees his original balance?
(12:41:27 PM) killerbee@jaim.at/10117127471343146315788249: *that
(12:42:46 PM) c0nsult4nt@jabber.org: yes
(12:42:53 PM) killerbee@jaim.at/10117127471343146315788249: also how is he infected? hidden mode? no need to accept anything?
(12:43:04 PM) c0nsult4nt@jabber.org: if he login, all data will be collected
(12:43:20 PM) c0nsult4nt@jabber.org: infected via browser
(12:44:07 PM) c0nsult4nt@jabber.org: i can make exploit embeded in jsp script
(12:44:23 PM) c0nsult4nt@jabber.org: this script work like java drive by
(12:44:32 PM) c0nsult4nt@jabber.org: but i am not use java for it
(12:44:36 PM) killerbee@jaim.at/10117127471343146315788249: so...what should i email him? like please relogin to activate ur account? and he will be infected?
(12:44:53 PM) c0nsult4nt@jabber.org: u dont need to send email
(12:45:21 PM) c0nsult4nt@jabber.org: if login valid, exploit automatic run and intect victim
(12:45:36 PM) c0nsult4nt@jabber.org: wait
(12:45:43 PM) c0nsult4nt@jabber.org: i give u algorithm
(12:46:05 PM) killerbee@jaim.at/10117127471343146315788249: i did not made myself clear, i need to first tell him to visit my infected link in order for him to be infected...otherwise how is he supposed to be my victim?
(12:46:53 PM) c0nsult4nt@jabber.org: no
(12:46:54 PM) c0nsult4nt@jabber.org: wait
(12:47:00 PM) killerbee@jaim.at/10117127471343146315788249: ok
(12:51:02 PM) c0nsult4nt@jabber.org: like this
(12:51:03 PM) c0nsult4nt@jabber.org: $fuction Check login valid or not
if no => appear login error => redirect to scam page.
if
login success => infect via browser (exploit) => save data => redirect to real page (citibank)
collect all data from client area (citibank) => send report
control via PC (Remote, Update, Delete)
(12:52:12 PM) killerbee@jaim.at/10117127471343146315788249: ok. so 1. i email vitim, 2. victim visits my page. and then the magic happens.
(12:52:21 PM) killerbee@jaim.at/10117127471343146315788249: all above
(12:52:27 PM) c0nsult4nt@jabber.org: yes
(12:52:48 PM) c0nsult4nt@jabber.org: ip outside U.S will be blocked
(12:52:58 PM) c0nsult4nt@jabber.org: and redirect to google
(12:53:33 PM) killerbee@jaim.at/10117127471343146315788249: ok
(12:54:01 PM) killerbee@jaim.at/10117127471343146315788249: how much time do u need to make this thing? i am very interested but i cannot start this until september, so 1 month from now.
(12:54:37 PM) c0nsult4nt@jabber.org: 3-4 days
(12:54:56 PM) killerbee@jaim.at/10117127471343146315788249: ah ok so not long
(12:55:00 PM) killerbee@jaim.at/10117127471343146315788249: well ..i'll save this up
(12:55:15 PM) killerbee@jaim.at/10117127471343146315788249: and contact u asap i am ready for this, i got some payments to make first then i can invest in this
(12:55:39 PM) killerbee@jaim.at/10117127471343146315788249: i wpould buy the scam page now
(12:55:40 PM) killerbee@jaim.at/10117127471343146315788249: but
(12:55:45 PM) killerbee@jaim.at/10117127471343146315788249: i think it`s better this new thing
(12:56:29 PM) c0nsult4nt@jabber.org: scam page only $100
(12:56:40 PM) c0nsult4nt@jabber.org: full clone design and scripts
(12:57:50 PM) killerbee@jaim.at/10117127471343146315788249: do i have to pay again for scam page in 1 month if we agree on the bot thing?
(12:58:00 PM) killerbee@jaim.at/10117127471343146315788249: if i buy scam page now
(12:58:28 PM) c0nsult4nt@jabber.org: no
(12:58:45 PM) c0nsult4nt@jabber.org: i will use the same script, just added exploit inside
(12:59:12 PM) killerbee@jaim.at/10117127471343146315788249: ok
(12:59:42 PM) killerbee@jaim.at/10117127471343146315788249: well i want the scam page now then. i need logn page, cc info page, email + password page, so 3 pages in total.
(12:59:55 PM) killerbee@jaim.at/10117127471343146315788249: i can give u link to my current page to make an idea
(1:00:01 PM) killerbee@jaim.at/10117127471343146315788249: and maybe use some of the coding to speed things
(1:00:52 PM) c0nsult4nt@jabber.org: ok
(1:01:52 PM) killerbee@jaim.at/10117127471343146315788249: >>masked link>>
(1:02:04 PM) killerbee@jaim.at/10117127471343146315788249: if u use us ip will direct u to scam page
(1:02:08 PM) killerbee@jaim.at/10117127471343146315788249: if u use outside ip will redirect
(1:02:35 PM) killerbee@jaim.at/10117127471343146315788249: also u need to clear cookies to re visit
(1:15:59 PM) killerbee@jaim.at/10117127471343146315788249: i need this build to a new page
(1:16:08 PM) killerbee@jaim.at/10117127471343146315788249: osometimes
(1:16:11 PM) killerbee@jaim.at/10117127471343146315788249: when u try to login
(1:16:13 PM) killerbee@jaim.at/10117127471343146315788249: it will keep saying
(1:16:16 PM) killerbee@jaim.at/10117127471343146315788249: "processing"
(1:16:17 PM) killerbee@jaim.at/10117127471343146315788249: for ever
(1:16:25 PM) killerbee@jaim.at/10117127471343146315788249: and not directing to ask for full info
(1:16:28 PM) killerbee@jaim.at/10117127471343146315788249: if i change ip
(1:16:32 PM) killerbee@jaim.at/10117127471343146315788249: it will pass
(1:16:41 PM) killerbee@jaim.at/10117127471343146315788249: so i think this happens to other victims too
(1:16:45 PM) killerbee@jaim.at/10117127471343146315788249: because i get a ton of logins
(1:16:48 PM) killerbee@jaim.at/10117127471343146315788249: but not the full info
(1:17:14 PM) c0nsult4nt@jabber.org: i understand
(1:18:20 PM) killerbee@jaim.at/10117127471343146315788249: there are 3 pages, check.php index.htm, but it collects 1. login + pass, 2. full info, 3. email address+pass then redirects to citibank.com
(1:18:36 PM) killerbee@jaim.at/10117127471343146315788249: if he tried again to put the info in
(1:18:44 PM) killerbee@jaim.at/10117127471343146315788249: he will be redirected to citibank.com
(1:18:47 PM) killerbee@jaim.at/10117127471343146315788249: if he clears cookies
(1:18:50 PM) killerbee@jaim.at/10117127471343146315788249: he can revisit
(1:18:53 PM) killerbee@jaim.at/10117127471343146315788249: but once he logins
(1:18:55 PM) killerbee@jaim.at/10117127471343146315788249: he will be banned
(1:18:59 PM) killerbee@jaim.at/10117127471343146315788249: there is a ban.txt list
(1:19:08 PM) killerbee@jaim.at/10117127471343146315788249: and he cannot refill for any other reason
(1:19:25 PM) killerbee@jaim.at/10117127471343146315788249: also the page uses an external send mailer to send all data
(1:19:38 PM) killerbee@jaim.at/10117127471343146315788249: because sometimes the main host where the page is hosted cannot send mail locally
(1:19:43 PM) killerbee@jaim.at/10117127471343146315788249: so i opted for an external mailer
(1:19:58 PM) killerbee@jaim.at/10117127471343146315788249: so somewhere there is an error......
(1:22:17 PM) killerbee@jaim.at/10117127471343146315788249: so let me know what you think....
(1:22:36 PM) killerbee@jaim.at/10117127471343146315788249: strictly speaking only on the scam page for the moment
(1:23:41 PM) c0nsult4nt@jabber.org: ok i got it
(1:23:47 PM) c0nsult4nt@jabber.org: i can do all u need
(1:25:35 PM) killerbee@jaim.at/10117127471343146315788249: so basically ..u can keep all functions of my page , but ADD AS NEW : 1. check for validity the login, if valid continue to fill info, if invalid, promt invalid message and ask to try again, 2. make a bad word list of : fuck, scam, shit, etc , so if he types anyting like that to not be allowed and say invalid, 3. complete php only pages.
(1:26:52 PM) killerbee@jaim.at/10117127471343146315788249: and as u can see my page accepts only numbers in the cc field, or phone field
(1:26:55 PM) killerbee@jaim.at/10117127471343146315788249: etc
(1:27:29 PM) c0nsult4nt@jabber.org: yes i know
(1:27:59 PM) killerbee@jaim.at/10117127471343146315788249: ok then
(1:28:04 PM) killerbee@jaim.at/10117127471343146315788249: if u want we can start this
(1:28:13 PM) killerbee@jaim.at/10117127471343146315788249: i believe u need my scam page right?
(1:28:24 PM) killerbee@jaim.at/10117127471343146315788249: and how much total to pay again?
(1:29:26 PM) c0nsult4nt@jabber.org: i can code new page
(1:29:37 PM) c0nsult4nt@jabber.org: i charge $100
(1:29:59 PM) killerbee@jaim.at/10117127471343146315788249: well i can give u my page so that u know which functions it has and need to be kept, i like them.
(1:30:33 PM) killerbee@jaim.at/10117127471343146315788249: how should i pay you? u need all funds upfront or pay 50 bucks now and the rest asap i see the page hosted somewhere and check if all is fine then pay u and get the complete page?
(1:30:56 PM) c0nsult4nt@jabber.org: pay 50%
(1:31:06 PM) c0nsult4nt@jabber.org: and 50% after all works
(1:32:25 PM) killerbee@jaim.at/10117127471343146315788249: ok
(1:32:30 PM) killerbee@jaim.at/10117127471343146315788249: lr account?
(1:32:54 PM) c0nsult4nt@jabber.org: U7445536
(1:33:17 PM) killerbee@jaim.at/10117127471343146315788249: ok
(1:33:19 PM) killerbee@jaim.at/10117127471343146315788249: paying in 5 minutes
(1:33:28 PM) killerbee@jaim.at/10117127471343146315788249: any memo u want or just leave blank?
(1:34:11 PM) c0nsult4nt@jabber.org: write ur email
(1:34:22 PM) killerbee@jaim.at/10117127471343146315788249: ok
(1:34:26 PM) c0nsult4nt@jabber.org: so i can contact u if u not online on jabber
(1:35:08 PM) killerbee@jaim.at/10117127471343146315788249: oh and also i forgot to tell something
(1:35:15 PM) killerbee@jaim.at/10117127471343146315788249: i use windows hosting to host pages
(1:35:18 PM) killerbee@jaim.at/10117127471343146315788249: and install appserv
(1:35:22 PM) killerbee@jaim.at/10117127471343146315788249: with php and so
(1:35:24 PM) killerbee@jaim.at/10117127471343146315788249: sometimes
(1:35:30 PM) killerbee@jaim.at/10117127471343146315788249: on random hosts
(1:35:32 PM) killerbee@jaim.at/10117127471343146315788249: i get
(1:35:35 PM) killerbee@jaim.at/10117127471343146315788249: curl error
(1:35:41 PM) killerbee@jaim.at/10117127471343146315788249: on the check.php file
(1:35:45 PM) killerbee@jaim.at/10117127471343146315788249: fata error
(1:35:52 PM) killerbee@jaim.at/10117127471343146315788249: and it doesn't let me pass to cc filling
(1:35:57 PM) c0nsult4nt@jabber.org: setting curl to ON
(1:35:59 PM) killerbee@jaim.at/10117127471343146315788249: so i have to install on new windows machine
(1:36:10 PM) killerbee@jaim.at/10117127471343146315788249: appserv automatically installs curl
(1:36:14 PM) killerbee@jaim.at/10117127471343146315788249: but on some hosts
(1:36:17 PM) killerbee@jaim.at/10117127471343146315788249: gives me that error
(1:36:20 PM) killerbee@jaim.at/10117127471343146315788249: and on some, works
(1:36:28 PM) c0nsult4nt@jabber.org: yes sometime got error and curl not running
(1:36:42 PM) c0nsult4nt@jabber.org: better use linux
(1:36:48 PM) killerbee@jaim.at/10117127471343146315788249: no linux hosts
(1:36:52 PM) killerbee@jaim.at/10117127471343146315788249: i got win machines
(1:37:00 PM) killerbee@jaim.at/10117127471343146315788249: but no problem
(1:37:07 PM) killerbee@jaim.at/10117127471343146315788249: i can always find good win machines to work
(1:37:25 PM) killerbee@jaim.at/10117127471343146315788249: so i wanted to tell u this ...maybe we can do something if fatal errors happen again
(1:37:46 PM) c0nsult4nt@jabber.org: try use xampp
(1:37:57 PM) killerbee@jaim.at/10117127471343146315788249: same error
(1:38:08 PM) killerbee@jaim.at/10117127471343146315788249: maybe page coding error?
(1:38:16 PM) killerbee@jaim.at/10117127471343146315788249: conflicts or something
(1:38:30 PM) c0nsult4nt@jabber.org: yes maybe some line deleted or missing char
(1:39:25 PM) c0nsult4nt@jabber.org: anyway, u dont need cc?
(1:39:32 PM) c0nsult4nt@jabber.org: i also sell bulk cc
(1:39:52 PM) killerbee@jaim.at/10117127471343146315788249: if u got cc citibank debits
(1:39:55 PM) killerbee@jaim.at/10117127471343146315788249: full info
(1:39:57 PM) killerbee@jaim.at/10117127471343146315788249: like i ask
(1:39:59 PM) killerbee@jaim.at/10117127471343146315788249: height
(1:40:02 PM) killerbee@jaim.at/10117127471343146315788249: first school
(1:40:15 PM) c0nsult4nt@jabber.org: oh,, i dont have it
(1:40:20 PM) c0nsult4nt@jabber.org: only italy cvv
(1:40:30 PM) killerbee@jaim.at/10117127471343146315788249: sorry no use for italy...
(1:40:33 PM) killerbee@jaim.at/10117127471343146315788249: only need citibank
(1:41:05 PM) killerbee@jaim.at/10117127471343146315788249: also
(1:41:09 PM) killerbee@jaim.at/10117127471343146315788249: maybe u can give me a good tip
(1:41:16 PM) killerbee@jaim.at/10117127471343146315788249: i got win machines
(1:41:19 PM) killerbee@jaim.at/10117127471343146315788249: which are ips
(1:41:22 PM) killerbee@jaim.at/10117127471343146315788249: and not domains
(1:41:28 PM) killerbee@jaim.at/10117127471343146315788249: and i know that if u spam domains
(1:41:31 PM) killerbee@jaim.at/10117127471343146315788249: it will get to yahoo
(1:41:32 PM) killerbee@jaim.at/10117127471343146315788249: aol
(1:41:34 PM) killerbee@jaim.at/10117127471343146315788249: gmail
(1:41:38 PM) killerbee@jaim.at/10117127471343146315788249: if u spam IP only
(1:41:44 PM) killerbee@jaim.at/10117127471343146315788249: it will not get to most of email providers
(1:42:14 PM) killerbee@jaim.at/10117127471343146315788249: i got a few domains
(1:42:18 PM) killerbee@jaim.at/10117127471343146315788249: i mean
(1:42:22 PM) killerbee@jaim.at/10117127471343146315788249: hacked win machine
(1:42:26 PM) killerbee@jaim.at/10117127471343146315788249: which has domain attached
(1:42:33 PM) killerbee@jaim.at/10117127471343146315788249: so i just put my link there
(1:42:37 PM) killerbee@jaim.at/10117127471343146315788249: and spam the domain with my link
(1:42:40 PM) killerbee@jaim.at/10117127471343146315788249: and works
(1:42:41 PM) killerbee@jaim.at/10117127471343146315788249: but
(1:42:47 PM) killerbee@jaim.at/10117127471343146315788249: i don't have domains most of the time
(1:42:53 PM) killerbee@jaim.at/10117127471343146315788249: any tip on how to do this in the future?
(1:43:07 PM) c0nsult4nt@jabber.org: u mean to spam any email provider?
(1:43:13 PM) killerbee@jaim.at/10117127471343146315788249: yes
(1:43:23 PM) killerbee@jaim.at/10117127471343146315788249: if i spam 1.1.1.1/index.php
(1:43:30 PM) killerbee@jaim.at/10117127471343146315788249: it won't be received big most email providers
(1:43:38 PM) killerbee@jaim.at/10117127471343146315788249: if i spam citibank.mysite.com/index.html
(1:43:45 PM) killerbee@jaim.at/10117127471343146315788249: it will get to most email providers
(1:43:51 PM) c0nsult4nt@jabber.org: ok
(1:44:06 PM) c0nsult4nt@jabber.org: u must install SSL with 2048 encryption
(1:44:20 PM) c0nsult4nt@jabber.org: and install ZCS for email server
(1:44:51 PM) c0nsult4nt@jabber.org: u can card ssl
(1:44:52 PM) c0nsult4nt@jabber.org:
(1:45:06 PM) c0nsult4nt@jabber.org: rapid ssl is good
(1:46:15 PM) killerbee@jaim.at/10117127471343146315788249: not sure if i get this right. for example i have host , 1.1.1.1 , i want to spam it, i spam it to x@yahoo.com, he doesn't get it!! because it`s an ip and not a DNS or domain, i don't know the reason. if i www.something.com/scam.php it will be accepted!
(1:46:48 PM) killerbee@jaim.at/10117127471343146315788249: 1.1.1.1/scam.php -> not received in email
(1:47:00 PM) killerbee@jaim.at/10117127471343146315788249: something.com/scam.php , receivined in inbox or spam box
(1:47:04 PM) killerbee@jaim.at/10117127471343146315788249: but no problem
(1:47:36 PM) c0nsult4nt@jabber.org: yes u can try install zcs
(1:48:26 PM) c0nsult4nt@jabber.org: coz some provider use validation from server
(1:48:49 PM) killerbee@jaim.at/10117127471343146315788249: aaa
(1:49:01 PM) killerbee@jaim.at/10117127471343146315788249: so if i install zcs and spam 1.1.1.1/scam.php
(1:49:05 PM) killerbee@jaim.at/10117127471343146315788249: with zcs
(1:49:08 PM) killerbee@jaim.at/10117127471343146315788249: it will be accepted?
(1:49:23 PM) c0nsult4nt@jabber.org: Windows Version of Zimbra server
(1:49:25 PM) c0nsult4nt@jabber.org: yes
(1:49:37 PM) killerbee@jaim.at/10117127471343146315788249: ok..gonna talk more about this after we`re done with the scam page...
(1:49:39 PM) killerbee@jaim.at/10117127471343146315788249: let me pay u first
(1:49:44 PM) c0nsult4nt@jabber.org: ok
(1:55:20 PM) killerbee@jaim.at/10117127471343146315788249: paid
(1:55:42 PM) c0nsult4nt@jabber.org: ok
(1:55:46 PM) killerbee@jaim.at/10117127471343146315788249: 50
(1:55:48 PM) c0nsult4nt@jabber.org: let me check
(1:56:58 PM) c0nsult4nt@jabber.org: received
(1:57:16 PM) c0nsult4nt@jabber.org: i will work for ur scam page
(1:57:27 PM) killerbee@jaim.at/10117127471343146315788249: let me give u my current page kit
(1:57:32 PM) killerbee@jaim.at/10117127471343146315788249: i need all it`s functions kept
(1:57:35 PM) killerbee@jaim.at/10117127471343146315788249: + the new ones i asked
(1:57:49 PM) c0nsult4nt@jabber.org: upload on sendspace
(1:58:19 PM) killerbee@jaim.at/10117127471343146315788249: 1. check login if valid, 2. make a bad word list, for fuck, scam etc;
(1:58:20 PM) killerbee@jaim.at/10117127471343146315788249: k
(1:59:52 PM) killerbee@jaim.at/10117127471343146315788249: please note it uses an external mailer, u will see it, and i wish for the new page to still use that server
(2:00:07 PM) c0nsult4nt@jabber.org: ok
(2:01:40 PM) killerbee@jaim.at/10117127471343146315788249: so what do u suggest for 1.1.1.1 hosts to be received by most emails? use rapid ssl for the spam host, and use zimbra on the server i use to spam? i have a win machine who uses smtps to spam
(2:02:09 PM) killerbee@jaim.at/10117127471343146315788249: here is the scam page, http://>>>masked link>>>> , pass 123
(2:02:15 PM) c0nsult4nt@jabber.org: ok
(2:02:24 PM) c0nsult4nt@jabber.org: use rapid ssl for ip domain
(2:02:41 PM) c0nsult4nt@jabber.org: then install zimbra as mail server
(2:03:47 PM) killerbee@jaim.at/10117127471343146315788249: k
(2:04:29 PM) c0nsult4nt@jabber.org: i will work now
(2:08:19 PM) killerbee@jaim.at/10117127471343146315788249: ok, estimed time until completion?
