My DokuWiki

User Tools

Site Tools

Trace:
credit_card_search

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
credit_card_search [2023/07/06 18:50]
kaduuwikiadmin 		credit_card_search [2023/07/25 18:12] (current)
kaduuwikiadmin
Line 37: Line 37:
  
 It is important to note that these prices are just an estimate and the cost may vary depending on the source and the quantity of data available. It's also worth noting that the prices are subject to change over time, and the prices may be different based on the location and the vendor. It is important to note that these prices are just an estimate and the cost may vary depending on the source and the quantity of data available. It's also worth noting that the prices are subject to change over time, and the prices may be different based on the location and the vendor.
 +
 +
 +===== How do we find credit card market places? =====
 +
 +Cybercrime is a persistent and rapidly evolving issue in our digitally-dependent society. A significant part of this criminal landscape is credit card theft, where stolen information is bought and sold in the shadowy corners of the internet. As technologies evolve, so do the methods used by these criminals to advertise their illicit goods. We'll explore some of the known avenues they use to market their stolen credit card shops, including some that may not be commonly known.
 +
 +**Social Media Platforms**: Instagram, TikTok, and even LinkedIn have inadvertently become platforms for cybercriminal activity. Hackers use coded language and disguised URLs to evade algorithms designed to detect and remove illegal content. In recent years, Instagram and TikTok profiles advertising "CC" (Credit Card) "dumps" (batches of stolen credit card information) have been discovered, reflecting the audacity and adaptability of cybercriminals.
 +
 +{{::tiktok.png?900|}}
 +
 +**Instant Messaging Apps**: WhatsApp and Telegram are often used as direct communication channels between cybercriminals and potential buyers. Telegram, in particular, with its encryption and anonymity features, has been increasingly exploited by hackers. They create channels or groups where they post ads and updates about their available credit card data.
 +
 +{{::telegram.png?900|}}
 +
 +**Paste Sites:** Cybercriminals utilize "paste" websites such as Pastebin or Ghostbin to host information temporarily. These sites allow users to share plain text through unique URLs, which can be easily shared and deleted after a certain period, making it harder for law enforcement to track their activities.
 +
 +{{::pastebin.png?900|}}
 +
 +**Hacker Forums:** These are digital havens for cybercriminals to trade tactics, sell stolen data, and advertise their services. Forums such as RaidForums, Nulled, or XSS are just a few examples where stolen credit card information can be found.
 +
 +{{::forum.png?900|}}
 +
 +**Search Engine Manipulation:** By compromising legitimate websites, hackers can insert hidden pages that advertise their wares. These pages can be SEO-optimized for terms like "CVV dumps", causing them to appear in the search results of major engines like Google.
 +
 +{{::google_man.png?900|}}
 +
 +**Banners and Google Ads:** While it might sound surprising, some criminals use actual banner advertisements and Google ads to advertise their stolen credit card shops. They use deceptive language and imagery to mislead unsuspecting users, and even attempt to appear as legitimate businesses.
 +
 +{{::google_ads.png?900|}}
 +
 +**Darknet Marketplaces:** Darknet markets such as AlphaBay, Dream Market, and others operating on the Tor network, are infamous hubs for illegal transactions, including stolen credit card data. These markets often provide escrow services to ensure "fair" trades between sellers and buyers.
 +
 +**Gaming Platforms:** In recent years, platforms like Discord and even in-game chats have been exploited by hackers. They use these platforms to communicate, advertise, and sell their illicit wares.
 +
 +{{:discord.png?900|}}
 +
 +**Peer-to-Peer Networks:** P2P networks and torrent sites are often leveraged by cybercriminals to share stolen information. Such sites usually have lax regulation, making it easier for criminals to advertise and distribute their wares.
 +
 +===== How do we scrape paid credit cards? =====
 +
 +We search popular websites (hacker forums) or marketplaces for credit card offers. These websites can be found on the Deepweb or Darknet. We have an array of paid accounts to keep track of the most recent leaks. We are constantly working on extending our list of websites to scrape data from. We either scrape Onion or deep web sites. Basically, the biggest challenge in scraping is to emulate human behavior, bypass Captcha, Cloudflare/Datadome/Ddosguard and similar protection mechanisms. We work to balance the load on the websites that our robots produce, and to scrape the entire new datasets in a reasonable amount of time. In some cases, we may use multiple website accounts to ensure that we scrape everything and never get blocked
 +
 +On some sites, metadata about the credit cards is published - on other sites, a package is offered without you knowing what is inside before you buy it. Below an example how credit cards can be offered without any metadata:
 +
 +{{::bild1.png?700|}}
 +
 +The goal is to scrape the entire website and filter new records. We ususally find two types of websites:
 +
 +  * Case 1: If we see a clear news feed that can be processed by a script to filter new records, we check that feed daily and run the script only when updates are added.
 +  * Case 2: If a news feed is actually unclear (as in the following figure), we scrap the entire site and filter new records at the database level
 +
 +{{::bild4.png?700|}}
 +
 +Note: sometimes a record may appear in multiple databases within the context of a website, so we store both records
 +
 +===== Is there some way to verify the quality of the paid credit cards? =====
 +
 +Unfortunately, very often artificially generated credit card data is offered, which is not associated with any real account. However, there are websites where the sellers are rated. Here is an example:
 +
 +{{::bild2.png?700|}}
 +
 +For this reason, you can also filter for sellers in Kaduu.
 +
 +===== What meta-data related to paid credit cards can be gathered by our scrapers? =====
 +
 +A typical website has the following fields for each credit card record: 
 +  * BIN (4, 5 or max 6 Digits)
 +  * Expiration Date,
 +  * Price
 +
 +However, some websites offer more fields:
 +  * Country/State/PLC
 +  * address/full name/part of name
 +  * A base name to which this record belongs, and a valid rate.
 +
 +
 +{{::bild3.png?700|}}
 + 
 +The basename probably contains the publication date, so we can understand when a CC record was published. Our tools filter invalid records that have been published on websites, and we try to capture as many fields as possible related to the credit card in question.
 +
  
 ===== How can you find paid credit cards in Kaduu? ===== ===== How can you find paid credit cards in Kaduu? =====
  
-The paid credit card search can be found under the nafigation CC search on the deep-web-app:+The paid credit card search can be found under the navigation CC search (1) on the deep-web-app:
  
 {{::cc_deepweb.png?900|}} {{::cc_deepweb.png?900|}}
 +
 +The user can either look for a single BIN number or upload a file of BIN numbers (2). Please upload a text file with 1 BIN number per line. Note: A Bank Identification Number (BIN), also known as the Issuer Identification Number (IIN), is the initial four to six numbers that appear on a credit card. The BIN or IIN uniquely identifies the institution issuing the card. The search criterias can be combined. You could for example search for all credit cards of the type "mastercard" belonging to a user "john". Or you could search for all credit cards published on a specific date. The search can then either be setup a a one-time query, or a monitoring job (3). In case it is setup as a monitoring job, you will see the data on the dashbord at the bottom and will get a notification via email with the according data. The system uses the email from the logged in user (top right). If you run a one time search you will be able to download the data from the dashboard using the download button (4) with 3 options:
 +
 +  * CSV (text) Download
 +  * Excel (xls) Download
 +  * Json Download
 +
 +===== What are the challenges and limitations of paid scraping of credit card data? =====
 +
 +**Data disappears after purchase:** Currently, we automatically check the newly published records/basics on a daily basis.  However, our research team has found that once a database is published, the numerous records can sell out on the first day.  We currently check sites daily, but plan to set up our scrapers to check new datasets multiple times a day.
 +
 +**Data duplication:** We also know that some websites might steal data from each other.  A typical example: a database with X records that has a price of $8 per record. Another website might offer the same records for 15$ per record.
 +
 +**Problems with junk data/fake records:** Anyone can easily create fake credit card records (example https://www.vccgenerator.org/). These fake cards are mixed in with the valid cards. Sometimes the entire credit card marketplace is fake and a scam (they are after the participation fee).
 +
 +**Coverage (Telegram, etc.)**: Kaduu has just recently started scraping credit card sites. New card sites are popping up, old ones are disappearing. We currently only cover darknet and deep-web, but there are also Dicsord, Whatsapp and Telegram Channels that sell cards. We can't cover all sites, but we try to add new ones and new technologies all the time.
 +
 +**You don't know what you're buying**: With many offers, you don't see what you're buying. This makes it virtually impossible to understand which cards, banks or users might be affected before you buy them. Please note that we can buy sample card packages for you.
 +
 +===== What improvements can you expect in our CC search over the coming months? =====
 +
 +Our team is constantly working on scrapping new websites . Some of them require a high credit balance to gain access to the cc market. However, if we consider this website valuable, we will definitely add it to our scraping schedule. For the coming month, we have a preliminary list of almost 100 websites to add. We also plan to add more techologies including Telegram and Discord CC Channels. We share our list with forums with our clients and welcome any suggestion in case we are missing a crutial forum.
  
 ===== How can you find free credit cards in Kaduu? ===== ===== How can you find free credit cards in Kaduu? =====
Line 70: Line 172:
 {{::cc-s4.png?900|}} {{::cc-s4.png?900|}}
  
-===== Detailed Search Syntax =====+===== Detailed Syntax for free card search =====
  
 Detailed Search Syntax: Detailed Search Syntax:
credit_card_search.1688662212.txt.gz ยท Last modified: 2023/07/06 18:50 by kaduuwikiadmin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki