Who come form
Legit signed application but carders use it to find credit cards.
firefox history for another rdp:
AutoComplete feature of browser says "markfenton46" for validshop and "samx" as captcha
After this first try, i've installed a keylogger to monitor carders activities.
Screenshots took by the keylogger:
• dns: 2 ›› ip: 22.214.171.124 - adresse: WEIGHT-LOSS-RESOURCE.COM
Libery reserve on clipboard:
They download pictures of womens and creat fake dating profiles to contact people saying always the same things:
Registering a fake profile on 'POF'
"Hello my name is brotney" (fail)
Fake accounts on various dating sites, downloading a picture of a girl for "lavaplace":
Creating a fake profile:
Looking for people on "Zoosk":
And more and more:
Contacting a guys on "lavaplace":
And more and more, without forgiving to tell them a "happy valentines day":
Searching for more people:
Sending the same message to people:
Let's do some spam also:
Some guys look surprised by the age difference:
Received messages on yahoo:
I don't talk about that here but compromised machines was also used alot for buy stuff with stolen credit cards according to my logs: LCD monitor, plane tickets... and some other shit's (i've not really looked what they have do with stolen money)
If you are part of the good force and interested by a copy of logs, drop me a mail.