Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Working with a stealer from A to Z
Message
<blockquote data-quote="Ghosthunter" data-source="post: 537" data-attributes="member: 6"><p><h4>The list of links may be useful to someone:</h4><p>chase.com|bankofamerica.com|citi.com|chase.com|wellsfargo.com|wachovia.com|wamu.com|suntrust.com|citizensbank.com|hsbc.com|bbandt.com|53.com|regionsbank.com|lasallebank.com|keybank.com|pncbank.com|uboc.com|comerica.com|mandtbank.com|sovereignbank.com|amsouth.com|bankofthewest.com|ingdirect.com|mbna.com|commerceonline.com|harrisbank.com|capitalone.com|mellon.com|zionsbank.com|bancopopular.com|banknorth.com|navyfederal.org|compassweb.com|hiberniabank.com|usaa.com|colonialbank.com|etrade.com|astoriafederal.com|assocbank.com|cnb.com|hudsoncitysavingsbank.com|firstcitizens.com|ncsecu.org|schwab.com|rbccentura.com|websterbank.com|mercantile.net|commercebank.com|skyfi.com|fbopcorporation.com|downeysavings.com|bokf.com|chevychasebank.com|bank.guarantygroup.com|bancorpsouthonline.com|goldmansachs.com|thebancorp.com|td.com|morganstanley.com|www.goldmansachs.com|suntrust.com|ncsecu.org|americanexpress.com|mtb.com|bbvausa.com|statefarm.com|bbt.com|macys.com|huntington.com|tiaa.org|fidelity.com|amegybank.com|associatedbank.com|ally.com|bank7.com|barringtonbank.com|becu.org|beverlybank.com|bmoharris.com|bridgeviewbank.com|cffc.com|classicbank.com|corebank.com|crystallakebank.com|dime.com|dollarbank.com|easternbank.com|finemarkbank.com|firstcommercebank.net|gorhamsavings.bank|happybank.com|hinsdalebank.com|lakeforestbank.com|libertyvillebank.com|emarquettebank.com|merchantsbankal.com|midwestone.com|macu.com|nbarizona.com|nsbank.com|northbrookbank.com|norrybank.com|oldplanktrailbank.com|pnc.com|onlinebanking.regions.com|renasantbank.com|rhinebeckbank.com|bankschaumburg.com|bankstcharles.com|sbotl.com|tbkbank.com|tdbank.com|tiaabank.com|townbank.us|umpquabank.com|vectrabank.com|villagebankonline.bank|wheatonbank.com|wintrustbank.com|www.chime.com|www.nordea.com|www.nordea.fi|stripe.com|xoom.com|asb.co.nz|anz.co.nz|moneylion.com|bluebird.com|robinhood.com</p><p></p><p>faceless.cc|luxsocks|911.re|fe-acc18.ru|sphere.tenebris.cc|ls.tenebris.cc</p><p></p><p>BC=blockchain|binance|coinbase|yobit|stormgain|bitfinex.com|argenbtc.com|kraken.com|bittrex.com|kucoin.com|hitbtc.com|remitano.com|huobi.com|bitmex.com|bithumb.com|mercadobitcoin.com.br|btcturk.com|bitbay.net|poloniex.com|bitstamp.net|bitpanda.com|mercatox.com|https://exmo.com|altcointrader.co.za|coinoneco.kr|braziliex.com|bitcoin.de|bibox.com|liquid.com|whitebit.com|bitflyer.com|coinbene.com|bitbank.cc|oceanex.pro|coinex.com|crex24.com|bitexbook.com|cdlconline24.com|bexplus.com|ataix.com|primexbt.com|btc-alpha.com|overbit.com|zbg.com|simex.global|stockpoint.io|coinut.com|exrates.me|idax.pro|gopax.com|kryptono.exchange|localtrade.cc|tokok.com|acx.io|idcm.io|bitso.com|tradeogre.com|digifinex.com|oex.com|bl3p.eu|agoradesk.com|localcryptos.com|hodlhodl.com|changelly.com|chainex.io|deribit.com|big.one|nexo.io|exchange.gemini.com|paxos.com|genesistrading.com|korbit.co.kr|bitquick.co|wazirx.com|bitex.la|ripio.com|satoshitango.com|foxbit.com.br|flowbtc.com.br|bitcointoyou.com|bitcambio.com.br|coinjar.com|bittylicious.com|quickbitcoin.co.uk|paymium.com|bity.com|coincorner.com|coinhako.com|bitoasis.net|buybitcoin.ph|coinage.ph|volabit.com|coincheck.com|bit2c.co.il|bitsofgold.co.il|buda.com|netcoins.ca|coinsmart.com|coinberry.com|coinsquare.com|mybtc.ca|coinspot.com.au|independentreserve.com|ginero.io|bitcoinvn.io|vbtc.exchange|surbitcoin.com|cryptobuyer.io|coins.co.th|maicoin.com|safello.com|cambistabitcoin.com|http://bitcoin.com|coinexx.com|coinfinity.co|cryptodispensers.com|jubiter.com|accointing.com|https://crypto.com|kot4x.com|coinapi.io|lakebtc.com|valr.com|hanbitco.com|zebpay.com|bidesk.com|hbtc.com|foblgate.com|paribu.com|vcc.exchange|paybito.com|chiliz.net|mxc.com|bkex.com|etherflyer.com|zb.com|ftx.com|sistemkoin.com|coinlim.com|paritex.com|omgfin.com|folgory.com|https://hoo.com|vindax.com|ripplefox.com|vebitcoin.com|coinegg.com|idex.market|newdex.io|safe.trade|dex.cybex.io|coinfield.com|getbtc.org|gobaba.com|hb.top|bitinka.com|bitinfi.com|dakuce.com|tideal.com|tidebit.com|omnitrade.io|btcmarkets.net|coinjar.com|coinmex.com|bitkonan.com|p2pb2b.io|incorex.com|coinsbit.io|gbx.global|litebit.eu|bitbegin.io|freiexchange.com|ooobtc.com|bitebtc.com|bitrue.com|bithash.net|tokenomy.com|orderbook.io|alluma.io|tokenjar.io|bitkub.com|satang.com|spicepay.com|http://bitcoinmeester.nl|stinex.net|myethshop.com|numoney.exchange|paxful.com|my.dogechain.info|coindcx.com|plus500.com|https://capital.com|ex.xbts.io|gatehub.net|coindeal.com|coinfalcon.com|stellarx.com|viabtc.com|eo.finance|eo.trade|bitseven.com|trade.sfox.com|mr.exchange|payexchanger.com|4coins.pl|tidex.com|indodax.com|gopax.co.kr|xcoins.io|bitmart.com|cex.io|gate.io|spectrocoin.com|exir.io|bitexbook.com|bitgo.com|bleutrade.com|zb.com|bitz.ai|coinsbank.com|upbit.com|cryptonex.org|rightbtc.com|bitflyer.com|zaif.jp|gemini.com|b2bx.exchange|fatbtc.com|liquid.com|xbtce.com|bithesap.com|otcbtc.com|mbaex.com|buyucoin.com|coinfloor.co.uk|coinrail.co.kr|huobi|latoken.com|coinhub.io|cpdax.com|infinitycoin.exchange|c2cx.com|allbit.com|latoken.com|hotbit.io|cryptology.com|kuna.io|stellarport.io|bitbns.com|thodex.com|luno.com|cryptomkt.com|coinspot.com.au|quidax.com|probit.com|nicehash.com|coins.ph|Abra.com|qubittech.dev|expresscrypto.io|block.io|portis.io|fortmatic.com|topchange.net|blackbanx.co|betfury.io|rollercoin.com</p><p></p><h4>Farming cold wallets:</h4><p>Owners very often record/save their key phrases to crypto wallets on their computer. We just need to collect them.</p><p></p><p><strong>Main locations</strong>:</p><p></p><p>1) Desktop\documents\downloads folder-search for text documents and check for keywords. Or images\files with the name wallet\seed\phrase\etc. You will quickly gain an understanding of which files should be skipped and which should probably be checked.</p><p></p><p>2) Telegram. Many stillers collect telegram sessions. Here we search for phrases in saved messages(Favorites).</p><p></p><p>3) Email address. We check the sent emails. Sometimes the owner sends himself an email with important information. Also, go and check out Google Drive, photos and documents.</p><p></p><p>4) Mega.nz - a cloud of files where people upload everything from personal photos to documents. It occurs in ~10% of logs and almost all are valid. You don't need to sign in with 2FA or anything else.</p><p></p><p>On some exchanges or web wallets, it is possible to make a backup of the seed phrase. If we log in and see that there is no activity on the wallet or it was before us, then we make a backup and take the last phrase.</p><p></p><p>There is an app for your phone - TrustWallet. You can enter up to 15 keywords in it and send a notification. If you receive money to any wallet, you will immediately know about it.</p><p></p><h4>Working with the desktop wallet grabber:</h4><p>Your stiller most likely collects desktop wallets - bitcoin, litecoin, exodus, and others.</p><p></p><p>From regular desktop wallets, we will have a wallet. dat file and a folder with the wallet name. Open the file with a text editor and search for the word name. Next to it will be an address, which we enter in the explorer and check for the balance. If you have a balance , download the wallet, replace the file, and try to withdraw it.</p><p></p><p>We usually get the electrum folder from electrum wallets. Everything is simple here, download the electrum wallet and open the file through it.</p><p></p><p>From multi-currency wallets, we will get a folder with files that we need to replace in our folder. Come here - C:\Users\Yourname\AppData\Roaming and we are looking for the folder of our wallet. Do not forget to install it at the beginning <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite2" alt=";)" title="Wink ;)" loading="lazy" data-shortname=";)" /></p><p></p><p>Often there is a password on the wallet. Unfortunately, we don't have many options here. We are trying to find a password from the text box with the passwords that Stiller stole. Sometimes the password can be found in text files and in telegram (if stiller collects them).</p><p></p><h4>Getting started:</h4><p><strong>We will need:</strong></p><p><strong></strong></p><p><strong>1) Browser to work with</strong></p><p><strong></strong></p><p><strong>2) Proxy/vpn</strong></p><p><strong></strong></p><p><strong>Budget option</strong>:</p><p></p><p>Firefox / Waterfox+quick manager Cookie plugin+HMA vpn(it has about 300 countries to choose from. The site is not available in Russia and this is a bonus for us-ip is more or less clean and not killed by schoolchildren)</p><p></p><p><strong>The best option for us will be:</strong></p><p></p><p>Cypher/Linken Sphere+911.re</p><p></p><p><strong>Let's analyze the work with the budget option. But in the future, it is advisable to switch to the paid version.</strong></p><p></p><p>1) Download the browser or use the already installed one.</p><p></p><p>2) Download Cookie quick manager</p><p></p><p>3) Clear cookies: Settings - >Privacy and Security->Delete data.</p><p></p><p>4) Download the vpn or use the already installed one. Link for HMA - <a href="https://my.hidemyass.com/" target="_blank">https://my.hidemyass.com</a> , but you will have to connect to any other vpn.</p><p></p><p>5) Connect the vpn to the country of the log, it can be determined by the folder name or by the information in the. txt file of the log.</p><p></p><p>6) Loading our cookies: Manage all cookies:</p><p></p><p><img src="https://telegra.ph/file/919cf1c9788a8022b9272.jpg" alt="919cf1c9788a8022b9272.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>Restore cookies from file:</p><p></p><p><img src="https://telegra.ph/file/c15355750d8ff97e89fdd.jpg" alt="c15355750d8ff97e89fdd.jpg" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p></p><p>Go to the log folder and look for the cookie file, usually it has the name Cookies or .txt file with the browser name. We take the largest cookies in terms of volume, if there are several of them.</p></blockquote><p></p>
[QUOTE="Ghosthunter, post: 537, member: 6"] [HEADING=3]The list of links may be useful to someone:[/HEADING] chase.com|bankofamerica.com|citi.com|chase.com|wellsfargo.com|wachovia.com|wamu.com|suntrust.com|citizensbank.com|hsbc.com|bbandt.com|53.com|regionsbank.com|lasallebank.com|keybank.com|pncbank.com|uboc.com|comerica.com|mandtbank.com|sovereignbank.com|amsouth.com|bankofthewest.com|ingdirect.com|mbna.com|commerceonline.com|harrisbank.com|capitalone.com|mellon.com|zionsbank.com|bancopopular.com|banknorth.com|navyfederal.org|compassweb.com|hiberniabank.com|usaa.com|colonialbank.com|etrade.com|astoriafederal.com|assocbank.com|cnb.com|hudsoncitysavingsbank.com|firstcitizens.com|ncsecu.org|schwab.com|rbccentura.com|websterbank.com|mercantile.net|commercebank.com|skyfi.com|fbopcorporation.com|downeysavings.com|bokf.com|chevychasebank.com|bank.guarantygroup.com|bancorpsouthonline.com|goldmansachs.com|thebancorp.com|td.com|morganstanley.com|www.goldmansachs.com|suntrust.com|ncsecu.org|americanexpress.com|mtb.com|bbvausa.com|statefarm.com|bbt.com|macys.com|huntington.com|tiaa.org|fidelity.com|amegybank.com|associatedbank.com|ally.com|bank7.com|barringtonbank.com|becu.org|beverlybank.com|bmoharris.com|bridgeviewbank.com|cffc.com|classicbank.com|corebank.com|crystallakebank.com|dime.com|dollarbank.com|easternbank.com|finemarkbank.com|firstcommercebank.net|gorhamsavings.bank|happybank.com|hinsdalebank.com|lakeforestbank.com|libertyvillebank.com|emarquettebank.com|merchantsbankal.com|midwestone.com|macu.com|nbarizona.com|nsbank.com|northbrookbank.com|norrybank.com|oldplanktrailbank.com|pnc.com|onlinebanking.regions.com|renasantbank.com|rhinebeckbank.com|bankschaumburg.com|bankstcharles.com|sbotl.com|tbkbank.com|tdbank.com|tiaabank.com|townbank.us|umpquabank.com|vectrabank.com|villagebankonline.bank|wheatonbank.com|wintrustbank.com|www.chime.com|www.nordea.com|www.nordea.fi|stripe.com|xoom.com|asb.co.nz|anz.co.nz|moneylion.com|bluebird.com|robinhood.com faceless.cc|luxsocks|911.re|fe-acc18.ru|sphere.tenebris.cc|ls.tenebris.cc BC=blockchain|binance|coinbase|yobit|stormgain|bitfinex.com|argenbtc.com|kraken.com|bittrex.com|kucoin.com|hitbtc.com|remitano.com|huobi.com|bitmex.com|bithumb.com|mercadobitcoin.com.br|btcturk.com|bitbay.net|poloniex.com|bitstamp.net|bitpanda.com|mercatox.com|https://exmo.com|altcointrader.co.za|coinoneco.kr|braziliex.com|bitcoin.de|bibox.com|liquid.com|whitebit.com|bitflyer.com|coinbene.com|bitbank.cc|oceanex.pro|coinex.com|crex24.com|bitexbook.com|cdlconline24.com|bexplus.com|ataix.com|primexbt.com|btc-alpha.com|overbit.com|zbg.com|simex.global|stockpoint.io|coinut.com|exrates.me|idax.pro|gopax.com|kryptono.exchange|localtrade.cc|tokok.com|acx.io|idcm.io|bitso.com|tradeogre.com|digifinex.com|oex.com|bl3p.eu|agoradesk.com|localcryptos.com|hodlhodl.com|changelly.com|chainex.io|deribit.com|big.one|nexo.io|exchange.gemini.com|paxos.com|genesistrading.com|korbit.co.kr|bitquick.co|wazirx.com|bitex.la|ripio.com|satoshitango.com|foxbit.com.br|flowbtc.com.br|bitcointoyou.com|bitcambio.com.br|coinjar.com|bittylicious.com|quickbitcoin.co.uk|paymium.com|bity.com|coincorner.com|coinhako.com|bitoasis.net|buybitcoin.ph|coinage.ph|volabit.com|coincheck.com|bit2c.co.il|bitsofgold.co.il|buda.com|netcoins.ca|coinsmart.com|coinberry.com|coinsquare.com|mybtc.ca|coinspot.com.au|independentreserve.com|ginero.io|bitcoinvn.io|vbtc.exchange|surbitcoin.com|cryptobuyer.io|coins.co.th|maicoin.com|safello.com|cambistabitcoin.com|http://bitcoin.com|coinexx.com|coinfinity.co|cryptodispensers.com|jubiter.com|accointing.com|https://crypto.com|kot4x.com|coinapi.io|lakebtc.com|valr.com|hanbitco.com|zebpay.com|bidesk.com|hbtc.com|foblgate.com|paribu.com|vcc.exchange|paybito.com|chiliz.net|mxc.com|bkex.com|etherflyer.com|zb.com|ftx.com|sistemkoin.com|coinlim.com|paritex.com|omgfin.com|folgory.com|https://hoo.com|vindax.com|ripplefox.com|vebitcoin.com|coinegg.com|idex.market|newdex.io|safe.trade|dex.cybex.io|coinfield.com|getbtc.org|gobaba.com|hb.top|bitinka.com|bitinfi.com|dakuce.com|tideal.com|tidebit.com|omnitrade.io|btcmarkets.net|coinjar.com|coinmex.com|bitkonan.com|p2pb2b.io|incorex.com|coinsbit.io|gbx.global|litebit.eu|bitbegin.io|freiexchange.com|ooobtc.com|bitebtc.com|bitrue.com|bithash.net|tokenomy.com|orderbook.io|alluma.io|tokenjar.io|bitkub.com|satang.com|spicepay.com|http://bitcoinmeester.nl|stinex.net|myethshop.com|numoney.exchange|paxful.com|my.dogechain.info|coindcx.com|plus500.com|https://capital.com|ex.xbts.io|gatehub.net|coindeal.com|coinfalcon.com|stellarx.com|viabtc.com|eo.finance|eo.trade|bitseven.com|trade.sfox.com|mr.exchange|payexchanger.com|4coins.pl|tidex.com|indodax.com|gopax.co.kr|xcoins.io|bitmart.com|cex.io|gate.io|spectrocoin.com|exir.io|bitexbook.com|bitgo.com|bleutrade.com|zb.com|bitz.ai|coinsbank.com|upbit.com|cryptonex.org|rightbtc.com|bitflyer.com|zaif.jp|gemini.com|b2bx.exchange|fatbtc.com|liquid.com|xbtce.com|bithesap.com|otcbtc.com|mbaex.com|buyucoin.com|coinfloor.co.uk|coinrail.co.kr|huobi|latoken.com|coinhub.io|cpdax.com|infinitycoin.exchange|c2cx.com|allbit.com|latoken.com|hotbit.io|cryptology.com|kuna.io|stellarport.io|bitbns.com|thodex.com|luno.com|cryptomkt.com|coinspot.com.au|quidax.com|probit.com|nicehash.com|coins.ph|Abra.com|qubittech.dev|expresscrypto.io|block.io|portis.io|fortmatic.com|topchange.net|blackbanx.co|betfury.io|rollercoin.com [HEADING=3]Farming cold wallets:[/HEADING] Owners very often record/save their key phrases to crypto wallets on their computer. We just need to collect them. [B]Main locations[/B]: 1) Desktop\documents\downloads folder-search for text documents and check for keywords. Or images\files with the name wallet\seed\phrase\etc. You will quickly gain an understanding of which files should be skipped and which should probably be checked. 2) Telegram. Many stillers collect telegram sessions. Here we search for phrases in saved messages(Favorites). 3) Email address. We check the sent emails. Sometimes the owner sends himself an email with important information. Also, go and check out Google Drive, photos and documents. 4) Mega.nz - a cloud of files where people upload everything from personal photos to documents. It occurs in ~10% of logs and almost all are valid. You don't need to sign in with 2FA or anything else. On some exchanges or web wallets, it is possible to make a backup of the seed phrase. If we log in and see that there is no activity on the wallet or it was before us, then we make a backup and take the last phrase. There is an app for your phone - TrustWallet. You can enter up to 15 keywords in it and send a notification. If you receive money to any wallet, you will immediately know about it. [HEADING=3]Working with the desktop wallet grabber:[/HEADING] Your stiller most likely collects desktop wallets - bitcoin, litecoin, exodus, and others. From regular desktop wallets, we will have a wallet. dat file and a folder with the wallet name. Open the file with a text editor and search for the word name. Next to it will be an address, which we enter in the explorer and check for the balance. If you have a balance , download the wallet, replace the file, and try to withdraw it. We usually get the electrum folder from electrum wallets. Everything is simple here, download the electrum wallet and open the file through it. From multi-currency wallets, we will get a folder with files that we need to replace in our folder. Come here - C:\Users\Yourname\AppData\Roaming and we are looking for the folder of our wallet. Do not forget to install it at the beginning ;) Often there is a password on the wallet. Unfortunately, we don't have many options here. We are trying to find a password from the text box with the passwords that Stiller stole. Sometimes the password can be found in text files and in telegram (if stiller collects them). [HEADING=3]Getting started:[/HEADING] [B]We will need: 1) Browser to work with 2) Proxy/vpn Budget option[/B]: Firefox / Waterfox+quick manager Cookie plugin+HMA vpn(it has about 300 countries to choose from. The site is not available in Russia and this is a bonus for us-ip is more or less clean and not killed by schoolchildren) [B]The best option for us will be:[/B] Cypher/Linken Sphere+911.re [B]Let's analyze the work with the budget option. But in the future, it is advisable to switch to the paid version.[/B] 1) Download the browser or use the already installed one. 2) Download Cookie quick manager 3) Clear cookies: Settings - >Privacy and Security->Delete data. 4) Download the vpn or use the already installed one. Link for HMA - [URL='https://my.hidemyass.com/']https://my.hidemyass.com[/URL] , but you will have to connect to any other vpn. 5) Connect the vpn to the country of the log, it can be determined by the folder name or by the information in the. txt file of the log. 6) Loading our cookies: Manage all cookies: [IMG alt="919cf1c9788a8022b9272.jpg"]https://telegra.ph/file/919cf1c9788a8022b9272.jpg[/IMG] Restore cookies from file: [IMG alt="c15355750d8ff97e89fdd.jpg"]https://telegra.ph/file/c15355750d8ff97e89fdd.jpg[/IMG] Go to the log folder and look for the cookie file, usually it has the name Cookies or .txt file with the browser name. We take the largest cookies in terms of volume, if there are several of them. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
HOSTING & BOTNET
Working with a stealer from A to Z
Top