Hello dear visitors of the resource verified. Today I would like to talk to you about modern antifraud systems and give an example of one of the major shops. All information in this article is the author’s opinion and is his empirical knowledge experience, does not claim to be true and is not a call to action, it is posted for introductory purposes. The author shall not be liable for any wrongful acts performed by virtue of the information set forth below and shall not be liable for any damages of a material or non-material nature arising from the use of the information set forth below. The article is designed for advanced and experienced users who can learn something new. The author does not explain the basic things, because it assumes that the reader is familiar with the basic component of carding. In the end of the article I will also touch upon some information concerning system tuning and anti-detects in general.
Preface: If you are new or incompetent person in the world of carding or in the world of web stuff you know very little about antifrost, I guess most of you think a valid cps and correct sox is a key to sending ship to mobs but I do not think this is true. Naturally, I want to say that without a valid ss, all previous manipulations will be performed in vain, as well as if too dirty ssx have similar situation, also, from known articles, I think everyone is already clear and all know about a certain counter that counts points / penalties and at a certain amount leads to an unsatisfactory result for us. Next, I want to show you a picture that well reflects the essence of the article:
1. Good old GOOGLE At the moment, large shops can analyze large amounts of information received from the client, I’ll skip all that you might know and what is described in the articles posted on the forum and get to the point. So, this information ranging from scanning your google queries and morphological parsing of queries and ending with an analysis of behavior. Let’s turn to google queries, which actually receives a shop from you and arranges the estimated in his opinion possible requests and scans them to verify the results. This information is not so private, and in a trend of modern technology to share it, ie shop gets access to your browser history, though it works for a certain period of time, ie for the most part, the one that was recently or somehow related to the order, not all. Example: You are trying to buy a laptop, before you confirm your order, shop sends a query where google gives him the answer, before that you have entered an example of MSI G63 review Shop gets data in an array of MSI G63 REVIEW; MSI G63 BUY; MSI G63 CHEAP BUY, ie besides your query takes in the analysis else similar requests. And on the basis of this information from the analysis of visited pages already builds his theory about whether you are a real buyer or not. Also, I want to note that a store does not directly use such technology, but passes this information to its agents where all this magic happens on their large-scale servers and then we proceed smoothly to another section.
2. Pings and exchange of information with third-party resources I will be more understood by anti-detectionists, because we will talk mostly about browser settings and their impact on the response shop, pings are forced disabling tracking actions of a user on the site in most cases is punished with an unsatisfactory result for us. Exchange information with external resources is something like how you send a request and all the magic (a kind of Chain of Responsibility) from section 1 happens with the only difference that some scripts are already built into your shop and executed by the user, and if you don’t allow sharing information beyond the site you are on you will usually get a dissatisfied user. This and similar features may be post facto embedded by antidetect vendors.
3. Behavior Patterns Shop or any website can fully track your behavior on the site, on other resources. On this action when you hit on the link necessary for you right after an entrance on a site have bad estimation and your orders will be scanned or are put on additional check, further in article I still will return to the review and the description of additional checks.
The site can track: 1. time spent by the visitor; 2. search usage; 3. the number of pages visited by the visitor; 4. various page scrolling; 5. the number of hovering over the texts; 6. whether the product’s pictures were viewed or not; 7. the number of similarly viewed products; 8. whether the product is cheaper and available online; 9. browser tab activity; 10. active
Most of this data is collected for the purpose of exchanging information with third-party resources to compile these very templates that will match the attacker, but there are also those among them that completely block the further possibility of a positive outcome for the attacker.
Copying and pasting text is determined and I can tell you from personal experience that is used in antifraud systems, when you use ctr c, ctr v to enter fields name, address, map all this sees AF and already gives you points for such actions.
The amount of time spent on the site is also very important, and it is active use, when you search for a product and a similar product or product for a product (headphones for phones, silicone covers etc), emulate a real customer. Lack of time on the site is almost always punished by high points in AF systems.
Browser window and tab activity, the site can understand when you are on it and when you peek at another site/notebook/browser, especially when it happens when you enter the card, and can add points for this, but the level of penalty is not as high as when you copy and spend time on the site, but it also increases if you enter 2-4 digits of the card and navigate from tab, ie perform actions not characteristic of a real buyer.
The site easily determines if you’ve seen pictures of the product and can add points for that, but it’s also not decisive, but it’s better to do it.
Pauline opinion sites treat badly cheaper analogues, ie shop makes a request, see if there is in the first reference product is cheaper and gives you points for taking the product more than the inflated price than it is, yes, I know it sounds crazy, but another explanation for such queries to google I have not found. But the number of these points is minuscule and also does not influence the final decision of AF concerning the precedent.
Shops have a lot of different hidden elements which can detect hovering over them, thus analyzing your behavior, whether you read the texts, how much of the site attendance was active, how much time is inactive, if the cursor does not move the time is inactive. Except for touchscreen, but in this case browser passes value responsible for presence of touchscreen and possible simultaneous touches, not sure if such function is emulated in anti-detects, namely in configs of touch hardware, no methods like whoer which allow to check this.
4. Cookies, sessions, fingerprints Based on your data, the site server in its own algorithm can assign you a unique identifier, ranging from ordinary identifiers to more complex, removing such an identifier (clearing cookies) followed by obtaining from the same api address, do not add you a chance of a positive result. Your cookies are your fingerprint as they are used to track actions on the site.
5. Using multiple IP addresses on one config / session browsers The fact that most sites use google api to some extent, and going from one IP, say Germany, and then the US IP, you will see ads in German, ie the target audience in Germany, because initially you initialized yourself as a visitor of this category, not always solved by simply removing cookies, depending on what sites you visited. Can also play a role in shaping AF’s opinion.
Next, I want to take a look at a small part of the metrics and parameters that are read by the shop during sambit, some of the parameters are clear, some are just a guess.
The profileId parameter is passed to the order, which is the user’s previous generated footprint, and this data is checked against the existing data in the passed variable at the time the order is placed. Many other values are passed as well, let’s say if you place a pickup on a different name, the isGifPurchase variable becomes true. But in this case variable isHighRisk remains with negative value (false) . But further we can observe the variable isCsiEnabled true (which might mean Crime Scene Investigation). Based on this I can assume that my order was not marked as high risk, but the investigation was connected and somewhere I failed to pass the check to get a positive status for me.
Afterword: Undoubtedly, what we are so used to plays an important role, but the defense systems are not standing still and will only tighten the screws tighter when it comes to large shops. The aim of the carder is to find an approach to big shops because he can get more resources out of them than others. Why successfully pass the beatings (well, with large %) if executed from VNC, or from bots (thanks to Genesis service, the usual mortal without a botnet can test their strength / but there are also its own drawbacks, such as the lack of system anti-detect a diligent level to be able to use, ie.i.e. in essence the project is still raw and you only buy cookies and data, fingerprints are not included in most of the bots, suitable for combined work with the import of cookies into your anti-detect browser)
Because there is a history, confirmation that the user is real, anti-detects at the moment only emulate some things, but can not emulate the behavioral pattern, as this data should just be stuffed, you can generate certain visits through JS, cheating site by inflating visits, perhaps this will work for a while, but anti-detects creators will not bother with this, as will have to sew the tablet under each shop. And a proper recruitment would have to have actual links so they don’t have to fake visits to non-existent pages. Shops have in their arsenal quite a few different features, Super Cookie, where you can identify the user after a change of configs, change ipi. WebGL which generates 3D images based on your iron, because to specify a different iron and this parameter requires physically have the necessary video card and CPU, ie not enough just write random values, these values have to match reality and this is another stumbling block.
Audio Fingerprint by sending low-frequency sounds is very effective in identifying users, in principle you can emulate this method by hand, using the usual sound settings in Windows, but the number of combinations is limited, which does not allow to put on stream emulation that will work for the time being.
Fonts Fingerprint reads user’s available fonts, at the moment antidetector makers assure that they work on emulation, but I would not pay attention to it, because now most fonts are standard and few people do install other fonts, not including designers and those who work with printing. By this user identification and cancellation of orders in my opinion through Fonts Fingerprint looks unconvincing and unreasonable.
The explanation for the importance of the behavioral pattern, can be deduced from the following, we can divide Fraud into two camps:
All that stuff is more using behavioral pattern identification techniques, because of the fact that shopping should be available to everyone and by adopting the latter model, they’ll just die.
All about payment systems emphasize different kinds of verification because of the difficulty to put together a behavioral pattern, that’s why many payment systems have such complicated verification, multiple confirmations (documents, reporting, sms, video communication, authentications). Since they have no possible identification methods, historically there has been a high level of fraud and the only sensible solution was to make verification more difficult.
Epilogue: I hope you will find this article useful and get something new. Maybe you will have personal reflections on this subject after reading it. I have never been a supporter of OpenSource projects but lately I decided to share these thoughts with you for some reason and we will come up with some ready-to-use solutions for our business.
dark web cc sites