Carding 101 - Behind the scenes

Fraudbox

Junior Contributor
VIP
Joined
Mar 18, 2022
Threads
33
Post Replies
60
Status
offline
Last seen
Hello everyone,

I want bring for you everyone my experience at Digital Carding and I hope its helps because I know how its hard or even impossible get some information's than copy/paste tutorials
so like first don't mind and take serious guides what you read and they written on 2017-2020

Why ?
Simple to say technology,anti fraud service,artificial intelligence evolve ( for example ChatGPT )
basically its means few years outdated information cannot work because its more sophisticated and hard for carder to challenge it

guides never mind about canvas/fingerprints or even how scan fraud-score and etc
so problem why your card not working properly have few common reasons


1 - problem with card
2- problem with socks5/proxy
3 - problem at your setting



So first one problem I don't be explain here because you must have knowledge how be sure your card is live/dead


Problem with Socks5/Proxy



second problem is more complicated to explain but let me try and for this reason I be try simple/easy
- many people use common burned providers or even buy from random socks what they find few minutes ago, let me explain why its problem


- Data center proxy/socks


When you think you can do carding over this type socks I can guarantee carding be just your dream because this socks5/proxy could be used just for affilate marketing or etc not even for carding


- Rotating proxy/socks


That s another perfect example which I can simple explain,now think my read what you think its happened when your IP change every few minutes or even change too provider ISP simple to say its be red flag so its waste of money this type its good for scrape web and etc not for carding


anyways Yes for example native ( not purchased ) mean on sim-card like LTE/4G/5G per hour change IP but still keep and have same provider and this proxy/socks be residental

- Use common provider of proxy/socks


That s again example which you can understand,imagine thousand carders use one specified provider ,so what happened ?
its must make sence when provider have stable user ( for example 100-200 ) but after someone share this provider on some kind forum,carders destroy quality of socks because at normal scenarios provider is not ready for this dose of new customers and basically over few weeks or month be quality for carder useless


So what carder need for carding which type of proxy/socks5 ? simple to say just residential proxy


Why ?

what is difference between data center vs residential

data center that is used by multiple users at the same time same IP address to multiple users
residential because Residential Proxy IPs are provided by a real ISP, it makes them look real and legitimate. Whereas Data center Proxies, as mentioned earlier, are created in bulk and come from data centers and cloud server providers


anyways rotating proxy its almost same like data center again use multiple users so for carder,waste of money
so lets again residential proxy be always solution ( anyways be careful on clear net provider whats guarantee you residential but after payment its be data center or etc )


Example of Residential proxy which could be use for carding and etc

- check anti-fraud score keep that from 0-20
- check open ports and be sure this following are closed because they are flagged



80/http-Closed
443/ssl/http-Closed
SSH 22/ssh-Closed
TCP9030/tcp/udp-Closed
8080/http-proxy-Closed

and few more anyways I recommend to make research about this to understand this problem


Why this ports and few more be red flagged ?

80/443 means you re hosting website
22/ssh residential proxy never have enabled this port ( maybe just its corporate to have access from home for example for IT specialist )
8080/http-proxy most common open port when you purchase cheap proxy

Be sure this following points be looks like this example,when you do carding
Proxies Anonymizing VPN-No
Tor Exit Node -No
Server - No
Public Proxy - No
Web Proxy -No

DNS LEAK MORE THAN OPSEC

check DNS leak from socks/proxy because its must match with your ISP provider
for example ---> Comcast Cable ( ISP ) must have DNS from Comcast Cable


anyways its common reason why payment be canceled but card over payment gateway was charged but you get email after few minutes they canceled your order





Problem at your setting


This is for me biggest challenge to describe and explain this problem because its include so many information's its for me not possible to write everything so I be try simple/easy

So you remember when i said anti-fraud system is better every year its means,detection is overall focused on your browser/OS because when you spoofing something its always make come errors/mistakes what not match and detection find it

Example of Spoof
when you spoof your webGL/Screen size and etc its make your canvas fingerprint different from original and basically over analyze they know you was manipulated with data/browser and etc




In short now I explain few biggest problems

don't use anti-detect browser they could work few weeks or months but after time its useless for carding so its not long-term solution


- don't use anti-fraud browser ( when its not your own code its public somewhere available and that's exploit in long -term )
- don't use extensions ( every extension is detectable over java script and etc.. its means when you try spoof user-agent they know its after you click on site what you want card )
- don't use virtual machine ( when you don't know how properly setup like physical computer,because VM its detect over one important think )


- when you do carding on your personal computer what could compromised security,please make new account ( and its still for me like nightmare )
- when you do carding on android/iphone its could compromised security ( for example i be talk now about android because with iPhone i don't have experience )


Burned phone
- so you can use burned phone from pawn shop or etc and always about few weeks-month ( sell phone or even throw away )

Rooted Phone
- you can have one phone what be have unlocked boot loader,flashed twrp,custom rom without gapps,rooted and etc ( personally i used and for me works perfectly )








So overall remember this following information what make sense

- every way/method have coins + -
- you use phone ? so you have overall better chance to success card but on less security and can be compromised very easily in novice hands
- you use computer ? so overall you more stuck why payment not works but you have OpPEC/security which is from my view key of success
 

JakF

Junior Contributor
Regular Member
Joined
Apr 22, 2023
Threads
1
Post Replies
3
Status
away
Last seen
thanks for the info man, the beginner community needs this 💎💎💎
 

nbagod

Established Contributor
Regular Member
Joined
Aug 26, 2022
Threads
7
Post Replies
15
Status
away
Last seen
Finally, a good fucking post. Great stuff for struggling beginners here!
 

anonhax0r

Established Contributor
Regular Member
Joined
Aug 28, 2022
Threads
8
Post Replies
39
Status
away
Last seen
Excellent info, now I have some questions.
What is the browser that you recommend if it is not an anti-detect?
How can I get residential proxies without having to pay a monthly fee, is it by infecting a PC and if so, are stealers used as trojans?
Is the Burner phone used for OPSEC reasons or for spoof?
 

Fraudbox

Junior Contributor
VIP
Joined
Mar 18, 2022
Threads
33
Post Replies
60
Status
offline
Last seen
Excellent info, now I have some questions.
What is the browser that you recommend if it is not an anti-detect?
How can I get residential proxies without having to pay a monthly fee, is it by infecting a PC and if so, are stealers used as trojans?
Is the Burner phone used for OPSEC reasons or for spoof?
Thanks for feedback,look its depends what Operating system you use but lets make it simple
on rooted android phone I used Google Chrome,Mozilla Firefox ( Google Chrome I used only on rooted phone,where I before spoof imei,serial number,fingerprints,and etc )

for Linux and Windows overall I used Ungoogled Chromium ( but you must know how manipulate correctly with browser )

or even more simple but less effective its brute force with tiny wordlist use open-source tool which scan it,sometimes residential proxy don't have login+password for example I found with this way few Comcast,( I get 2-3x socks over four hours so its about luck and etc ) just be sure you specific range IP,but i recommend you first one

Burned phone its had less security and OpSec than Rooted phone for this reason I be change once per month burned phone to be sure and safe
 

Users who are viewing this thread

Top