HOW TO POST + BASICS. (IP SPOOFING, WEBRTC, SOCKS5, AND MORE) (FREE)
- CA$HOUT EMPIRE
- Nov 15, 2021
- 6 min read
Webrtc: About webRTC: ( Web Real-Time Communication) is an API definition drafted by the World Wide Web Consortion (W3C) that supports browser-to-browser applications for voice calling, video calling and P2P file sharing without the need of either internal or external plugins.
We might be vulnerable to Webrtc IP leaks, WebRTC leaks your actual IP address from behind your VPN, by default. Luckily Fraudfox can spoof Webrtc, the latest Antidetect has a Webrtc changer too.
You can do a WebRTC leak test here: https://browserleaks.com/webrtc
Please don’t disable Webrtc from about:config, it really doesn’t look legit.
Plugins: Plugin Detection: all the plugins that you have installed can leave a footpring, both AD and Fraudfox can help to avoid this.
Time zone and Clock: when you perform operations of carding or impersonating identities of people residing in different places with different time zone you are in the position of having to change your time zone to have to align with the one of the victim.
You should match the time zone of the socks you are currently using, fortunately, with Windows this operation is very simple, just go to the clock in the bottom right of windows and click: ̈Edit Time and Date Settings.
Font Detection: Font fingerprinting – is what fonts you have, and how they are drawn. Based on measuring dimensions of the filled with the text HTML elements,it is possible to build and identifier that can be used to track the same browser over time. Long story short, if we install new fonts, that would leave a fingerprint. This is really a minor facto from my experience but we can still randomize and spoof that, so, no problem.
IP Spoofing: We will need to spoof the Cardholder location, we do that via SSH, RDP, Socks5, etc.
- 1) The IP should Country/State/City match the cardholder. The closer the better. 
- 2) The chosen IP should have immaculate blacklisting (you can check blacklists on: http://www.ip- score.com and click MORE BLS) but truth be told, somethis its hard to tell whether a sites has really blacklisted a given IP or not, as most have an internal blacklisting,for instance, Paypal might have its own internal blacklisting. Checking blacklists is still a good indicator though. Also you might notice that your personal IP might be blacklisted, even if you never did spam/fraud with it, so take that in consideration, even my real IP is blacklisted for I don’t know what reason. 
- 3) The chosen IP should have a low RiskScore, try to keep this riskscore at less than 5 it’s a metric from Minfraud, you can read more here: https://www.maxmind.com/en/explanation-of-minfraud-riskscore. I use: http://mcs.sx for checking RiskScore. You can also check it on xdedic.biz 
- 4) Low Proxyscore: Go at getipintel.net and test the IP, the proxy score should be 0. 
- 5) The IP has to be residential: you want to avoid datacenter IPs as they don’t really look legitimate in the eyes of anti-fraud systems, also business IPs look good. If you are wondering whether the IP is residential or not, simply go to whoer.net, and on the top you will read ISP. Generally if the IP has an American ISP, the you are on a good track, simple google: ̈list of American Internet service Provider ̈to get a good list of American ISP. Datacenter IPs have ̈data ̈ , ̈hosting ̈ ̈Cloud and related words as ISP. 
- 6) The IP should be as close as possible to FULLZ location, at least within 80 miles, I use distancebetweencities.com. 
Ok, I also like to discuss about socks5 RDP and SSH.
Socks5 is a protocol that works with the proxy server, a popular choice amongst carders, I believe it’s the most effective way of spoofing you IP. However, most of fraudster are carding through SSH nowadays, so I suggest SSH as you main way of IP Spoofing. I use like to use; proxifier or Foxyproxy to link socks to my machine.
Some proxy providers: http://www.seproxysoft.com/en
luxsocks.ru(provider has closed registration but still worth mentioning )
Premsocks.com, truesocks.net, ironsocket.com, sockslist.net, isocks.biz
Vip72.com (overly blacklisted but they have plenty of locations worth mentioning)
For linking socks to machine I recommend you proxifier and Foxyproxy. RDPs stands for Remote Desktop Protocol, you are basically connecting to a remote computer. In fraud they are generally used to maintain Bank Drops and PayPal Middleman Accounts. But they are also used for carding. You can get RDPs from the clearnet, just googling rdp will do. The problem with non-hacked RDPs is that their IPs come from a range of database IPs that have some history with fraud.
That’s where HACKED RDP comes in handy, hacked RDP generally have a clean residential IP, there are plenty of illegal autoshops selling them: You can buy them from: xdedic.biz, http://uas- store.ru, pp24.ws, tunastock.ru, rdpterminals.tw.
Once you login to the RDP, remember to change the password and create an hidden username aka ghost user, so that the real owner will not notice, there is a tutorial on both xdedic and uas-store.ru for it. Also, you can card from there, you don’t have to think much about spoofing as they are an identity themselves and a real device.
Socks5 vs RDO vs SSH.
RDPs are more expensives but they are identify themselves, you can card from there, absolutely no spoofing needed whereas socks are more cost effective but they require a spoof setup. There’s a rumor that in 2019 carding with socks is dead, I say its bullshit its probably because these peope have bd socks and/or crappy spoof setup. I sugest to start from RDP carding then move onto Socks one you are more confident. SSH is a middle way and should be the most used way of spoofing IP for intermediate carders, they cost slightly more than socks.
SSH Tunnel: Port forward via SSH (SSH Tunneling) creates a secure connection between a local computer and a remote machine through which services can be relayed. Because the connection is encrypted, SSH tunneling is useful for transmitting information that uses an encrypted protocol, such as IMAP, VNC or IRC.
~~~~~
Long story short thanks to SSH you can connect to a remote machine and get its IP. Now the thing about SSH Tunnels, is that we get the IP of another machine and we can use it in our machine, I generally make a new virtual machine, use SSH Tunnel, and there we go. I buy SSH from: pp24.ws and tunastock.ru. in order to use SSH you need to:
- 1) Download and install bitvise client from bitvise.com 
- 2) Launch the software and go to SSH tab, click on all the blue links such as Key Exchange Algorithms and tick all the Checkboxes for all links. 
- 3) Go to services tab and tick the ̈enabled ̈ box in the SOCKS/HTTP proxy forward part 
- 4) Now, on that part, the listen interface should be 127.0.0.1, Listen Port on 5555 
- 5) You are done with bitvise, you will need to click on ̈login ̈ tab and put the login data for SSH. 
Another step is to install proxifier if you have not done it already, proxifier allows to tunnel SSH IP to ALL you VM softwares.
- open Proxifier and go to profile -> Proxy Servers ->Add 
- on ̈Server ̈ put 127.0.0.1 and on Port put 555 3) On Protocol check SocksV5 Server 
- Go to Profile -> Name Resolution -> Uncheck “Detect DNS automatically” -> Check “Resolves Hostnames Through Proxy” 
- We are done with Proxifier, now all we have to do is to go on tunastocks.ru or pp24.ws and get an SSH. 
Accept Language: is together with the User-Agent HTTP header another HTTP header, which identifies the network, the language used by the system that is making the navigation.
Use an Accept Language header that matches language of the victim.
Flash version spoofing: Always spoof the latest flash version.
Email Spoofing: We will need to use an e-mail that looks legit. This is not really that discussed on forums, according to emailage, Square and Western Union are their clients
So emailage checks on plenty of things:
- it checks if the email has the name and surname of the customer. 
- It calculates the score of the email domain. 
- It calculates the age of a specific email, fraudster are well known for creating quickly e-mails, and that how they can spot us. 
So depending on the score you get from them, they will either approve you attempt, put your order on review or simply decline it. To make thins worse, they have an internal blacklist of e-mails, so reusing emails with them isn’t wise. They also have all the other IP validation stuff that any other anti-fraud protection provider has. Also, will you attach the domain to an anonymous hosting provider. You can make as many emails as you wish with same domain from cpanel. Emailage doesn’t reveal all the info about their measures, but I think somehow they can also check the age of free emails, private emails are very easy as you can check the domain age of a website. Now let's go to the actual spoofing softwares, I believe there are 3 mainly choices here: A Configured Portable Browser, Antidetect and Firefox.



![⚡️[PAID LEAK]⭐ STEAL BINANCE FUNDS AND CASHOUT DAILY ❄️ STEP BY STEP GUIDE](https://static.wixstatic.com/media/08d379_b69ac612d308469aa15f776bf81412ec~mv2.jpeg/v1/fill/w_980,h_587,al_c,q_85,usm_0.66_1.00_0.01,enc_avif,quality_auto/08d379_b69ac612d308469aa15f776bf81412ec~mv2.jpeg)


Comments