Right off the bat I'm going to clarify the different types of logs and why this

matters when hitting on sites.

#1. Stealer Logs.

Stealer logs are obtained from a piece of malware that is spread upon the victim(s)
computer(s). These "stealers" typically snatch all the saved passwords from the
victims browsers as well as all the autofills. If you're buying stealer logs from a
really sexy motherfucker who has an hq stealer, they'll even come with victims
cookies, useragent, and IP data. Cookies are pretty much authentication tokens for
websites. You know when you login to a website, close your pc, and the next time
you go on the webpage you are still logged in? That is thanks to cookies. Useragent
is simply the fingerprint of the browser that the victim uses to login. As long as
these logs are FRESH, these are the BEST logs of all time. If they have cookies/UA
they are EVEN BETTER!

#2. Mail Access Logs.

Mail access logs are obtained from database leaks. Some 12 year old kid buys a
saturated ass database from another 12 year old kid and BOOM. Before you know it he
bulk checked that database against some vulnerable email website like yahoo
(patched) or now at&t. These logs are typically pretty shit and public, but luckily
nobody knows how to truly cash these out. With these you get access to the victims
email as well as all the accounts associated. These are pretty much the mid range
logs when it comes to hitting for high values on sites.

#3. Basic Ass Logs

These logs are just valid accounts for a website that does not have or has not
triggered its 2fa measures. These logs consist of email:password to login to the
website, but no way to login to email. These are the bottom of the barrel discount
trash. Kind of like when you go to the store and purchase the $5 bottle of vodka.

Now that we've covered the different types of logs, here is how you're going to get
the victims payment method to approve the transactions.

Process:

(Collect as much info on your victim as you can before starting. You're really
going to want as much as possible here. Remember that autofills give away a lot of
info. Basically dox them for basic public info. Last 4 digits of cc will be shown
on the shopping website.)

Oh... and please use opsec. Nordvpn isn't going to protect you from the federalez.

SEing Victim:

#1. Call victim from their bank and tell them there's been recent fraud on their
card. Mention someone tried to shop at whatever website and attempted to spend tons
of cash. Call them by their name and ask them to confirm some details. This is best
if you spoof caller id to their bank.
#2. Go ahead and tell them their name, address, email, and phone number associated
with their account. Then ask them to provide the details for the credit card ending
in *Last 4 dig of their card* to confirm their identity.

#3. They'll provide the card details. Make sure to get the cvv and all. Next ask
them to confirm their security questions. Ask them their mother maiden name,
address, vehicle they drive.

#4. Ask them to hold while you verify info. Play hold music through the mic.

#5. Say all info is verified and that they'll need to cut their credit card into 8
pieces. Mention the bank will send them a new one which will arrive expedited in 1-
2 days and that their current card will not work. Make sure to tell them all unauth
transactions have been undone.

#6. Thank them, hang up.

IF THEY GIVE YOU SHIT, MOVE ONTO YOUR NEXT LOG. ONCE YOU HAVE THESE DETAILS ON A
VICTIM, MOVE ONTO ORDER PLACING PROCESS.

Placing Order:

#1. Purchase a solid antidetect fingerprint spoof browser with residential socks5
capacities. Also purchase some UHQ residential socks5 AND mobile socks5 proxies.
You will need both depending on victims cookie session.

#2. Load a residential/mobile socks5 proxy as CLOSE to the victims original IP

address into the antidetect browser. Lets say victim was in a specific city in
California, their ip type was a mobile ip, and their carrier was verizon. You're
going to want to pick a verizon mobile socks5 proxy closest to their city in
california. If your log didn't come with victim info, just pick whatever and pray.

#3. Go to scamalytics.com and check the fraud score of the IP. Keep trying proxies
until you find one with the LOWEST score. You're really aiming for a 1-2 here.

#4. Load your cookies and useragent into the browser. (If you have them, if you
don't then use a common useragent like newest version of google chrome.)

#5. Go to the website in which the log is on.

#6. You should be automatically logged in. At this point we need to bypass two
levels of antifraud. The antifraud of the website, and the antifraud of the bank.
(You won't be auto logged in if you don't have cookies. Just normally login if you
don't have cookies.)

#7. Browse around the website and gain more cookies. Add/remove shit from cart,
wishlist, etc. Do this for about 10 minutes, then close the browser (BUT DON'T
LOGOUT OF THE SITE) and wait 24 hrs.

#8. Go back onto the website, browse another 24 hours or so, then add a single item
to cart that you want. I suggest picking the item that ships the absolute FASTEST.
You're going to want to keep it around 2-5k. I don't recommend going over.

#9. Once the item is in your cart, go ahead and call the victims bank and let them
know you'll be placing a purchase for whatever amount at whatever store. Give them
all the security questions you se'd/phished earlier as well as the card details.
Basically pretend to be the victim. (It's best if you call under victims phone
number using spoof.)

#10. Once bank confirms, go ahead and place the order using the victims card,
ship/bill address, name, etc.

#11. Once the order is marked shipped, go ahead and call up the store as the victim
and tell them you fucked up and accidentally ordered to your old address. Mention
you just moved and ask that they reroute the package to your new address. (Best if
you spoof caller id as victims phone #)

#12. Give them a clean address and they should reroute it no problem.

#13. Get the item and rejoyce.

(Bonus: Bomb the fuck out of victims email after placing order etc. If you have
access just delete the sus emails.)
(Bonus 2: Why stop at a single order? Use their card to your hearts content. You
can figure out their limit by calling the bank. Cracked admins plz don't ban me,
everyone else posts about "logs" lol. )

This has been a very brief tutorial. You'll be lucky to hit using this info if you
don't have experience.

If you want 1:1 coaching on any fravd shit like this, you know where to find me. I
can hit anything. PepeMusic

Telegram: @refvnds