MasterCard
His ZIP code is 77077. Now let's search a proxy that matches all these informations on 911.re software. We found a perfect one, it matches all the informations of the victim. Before connecting to the proxy go in the 'Settings' tab of the software. Configure your software as the following: Now, go to the 'Program' tab of the software. Proxychains ng (new generation), a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. Continuation of the unmaintained proxychains project. Proxychains is a hook preloader that allows to redirect TCP traffic of existing dynamically linked programs through one or more SOCKS or HTTP proxies. IPVanish looks affordable at $3.75 a month in year one, yet doubles on renewal to $7.50. NordVPN starts at $4.92, restores at $9.92. Norton Secure VPN's 10-device plan starts at $5 a month, after that renews at $10, as well as for a service with much, much, much less performance. 911 Dollar Vpn Download Setup. This will also allow you to open several Multilogin browser profiles with 911 S5 proxies simultaneously. Launch 911 S5 proxy application and go to the 'Settings' tab. In the 'General Settings' section enter the port range available for port forwarding. Right click on proxy you would like to use from the 'ProxyList' and select the 'Forward Port.
Hello everyone! Today we gonna show you how to perfectly setup a Linken Sphere session to match as much as possible the computer of your AZORult log. This is a really important part to take care of, trust me! Why wasting precious informations that can be useful to look like your victim?
What is Linken Sphere?
We will use Linken Sphere antidetection software in this guide. This software will allow you to be a new person and change all your fingerprints so the anti-fraud system won't recognize you. 5% discount to all subscribers of ArtOfFraud, referal link here.
What is AzorULT?
AZORult is an information stealer malware that is targeted at stealing credentials and accounts. Updated multiple times over the years, AZORult continues to be an active concern for the users, stealing information such as banking passwords, credit card details, cookies, browser autofill information, desktop files, chat history and even cryptocurrency. There are many different log sellers in Darknet right now and huge part of these logs have been obtained with AzorULT.
Let's start
911.re Software Download
Begin by creating a new Linken Sphere Session
Now, we will firstly need to choose our socks5 proxy! For this example we will be using 911.re software because proxies are cheap and the quality is kinda good.
Now we need to choose the nearest and best IP for our log.
For that, open ip.txt from your log folder.
Paste this IP on infosniper.net
Take note of these informations : ISP Provider, City/State and ZIP Code. In this case our victim is using AT&T as ISP Provider, and live in Houston in Texas (TX). His ZIP code is 77077. Now let's search a proxy that matches all these informations on 911.re software.
Ok, Great ! We found a perfect one, it matches all the informations of the victim. Before connecting to the proxy go in the 'Settings' tab of the software. Configure your software as the following:
Download 911.re Software For Mac
Now, go to the 'Program' tab of the software.
Https //911.re Software Download
Add all these 3 .exe files (you can find them all in the 'Linken Sphere app' folder)
(LinkenSphere.exe is in /Linken Sphere app/LinkenSphere.exe)
(Proxificator.exe is in /Linken Sphere app/Proxificator.exe)
(tor.exe is in /Linken Sphere app/tor/tor.exe) Kutools for excel mac.
Once it's done, close 911 software.
Now we need to install a precise version of Proxifier !
In the 911 client folder you will have a 'Proxifier Standard Edition' folder, open it:
Setup 'Proxifier Standard Edition 3.31'.
For Serial key you can use : 4YZ6Z-X2M8Z-57ZWM-9F69H-EL99K
For the name you can type whatever you want.
Don't configure anything in proxifier ! Keep it as default !
Open up 911 software.
Perfect, let's connect to the proxy by clicking on 'Connect'
911.re Software
If you are successfully connected then the proxy will disappear from the list and should appear here at the top:
Now, go back to the Linken Sphere Session Setup.
We gonna test if our local proxy works.
Select 'NoProxy'. Then click on check proxy.
(Don't pay attention to 'Socks5' in screenshots and stay as 'NoProxy' it works the same way)
As you can see our 911 socks5 proxy is working fine with Linken Sphere! Great.
Now that we have a perfect IP that looks as much as possible like your victim's IP we will need to setup the Linken Sphere session to match his computer.
Let's begin with the UserAgent
First of all we need to determine which browser he is using, for that you can check in the 'PasswordsList.txt' file.
As we can see he is mainly using GoogleChrome browser, to confirm that we will verify in the 'Browsers' folder then in the 'Cookies' folder.
To determine which browser he is using the most you need to take a look at the size of the cookies files.
Here we can see that GoogleChrome is the heaviest file so we can confirm that GoogleChrome is the main browser of our victim.
Now, open up 'System.txt' in your AzoRult log:
We will firstly check which GoogleChrome version he has. For that scroll down at the bottom of the file and search 'Google Chrome' in 'Soft' section.
As we can see he has the '72.0.3626.121' version installed.
Now we gonna take a look at his computer OS/Version.
As you can see our victim is on a Windows 10 x64 bits computer and is using Google Chrome 72.0.3626.121 The right UserAgent for this configuration will be:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
(For other systems/browsers you can search for some UserAgents on internet)
So, we will add our UserAgent in Linken Sphere:
Click on 'Manage':
Then click on 'Add new':
Type your UserAgent in the box and then click on' Save' :
Okay, now we need to set the same screen resolution as our victim.
Still in 'System.txt' you can find it here:
Put the same screen resolution in Linken Sphere and check the 'Emulate screen resolution' box:
Now, we gonna set the same GPS position as the victim's IP. Go back on infosniper.net and paste your victim's IP again. Take note of these informations and paste them in Linken Sphere:
In the fingerprints section at the bottom of Linken Sphere setup, you will need to uncheck these 2 boxes as the following to avoid arounding suspicions with new unique rects fingerprints or with new custom plugins in the browser :
For the TimeZone, if you clicked on 'check proxy/geo' then your TimeZone should automatically match your IP's timezone. But you can still check it to verify :
Now, WebGL fingerprint. Not every services or anti-fraud systems check that but we at least need to emulate our victim's Graphic Card so it will be perfect.
To do that, check your victim's Graphic Card in 'System.txt' file again:
Here there is an integrated Graphic Card which is 'Intel(R) HD Graphics 630', if there is only that then this is the real Graphic Card. But in our case the real Graphic Card is 'NVIDIA GeForce GTX 1050'.
Copy the name of the Graphic Card and open up the 'WebGL' menu on Linken Sphere:
First, click on the 'Generate from UserAgent' button:
Now, in 'Unmasked Renderer' we gonna edit that part only:
And we replace it with the name of our victim's graphic card, then click save:
Great! Now WebGL is good too.
Our setup is perfect so there is no need to check it, we gonna uncheck the 'Load anonymity check after setup' box because we don't want any suspicious websites in our cookies:
Then you can click 'Save' at the bottom right of the 'Session setup':
The last thing to do is to import cookies from our victim's browser (which is Google Chrome in our case). Open up the 'Browsers' folder and then the 'Cookies' folder in your AzoRult log. Then copy the heaviest (main browser) cookies file on your Desktop. Now, click on the 3 little bars at the top right of the software, and click on 'Cookies import':
A menu will appear, select the session we juste created (in our case it's 'AzoRult Setup')
Click on the 'browse' icon:
Select the cookies file we just copied on our Desktop and click 'open':
And click on 'import':
If the import was successful then you will have a message saying that cookies have successfully been imported into your session:
You can click OK! It's perfect!
Now we gonna test if cookies are working fine.
In 'CookiesList.txt' I can see that there are amazon.com cookies:
So, let's go we gonna try Amazon.co cookies, if everything is working I should be already logged into our victim's amazon account:
As you can see i'm already logged into his account because Amazon says 'Hello, NAME' (in our case the name is Faraz). Perfect!
Now we can see for example his payment methods:
You can do your stuff, enjoy!
Linken Sphere and AZURult log manual, specially for the Art of Fraud.
Official channel of MasterCard fraudshop. Join us right now!