Hello Everyone, Aied Mubarek !
If you received these messages using our tool :
Or
Don't Panic !
Quick updates on our side : Our servers and code works fine!, we constantly monitor for security bugs and bad API calls, so no it's "us" as in "our" problem.
So What happened ? : In one of our previous releases we explained that our cashout tool uses a weakness in STB payment system where we process CC's with OTP worldwide with modified and spoofed fingerprints, then decided to let other users cashout on it.
We can't disclose how much my team been using that tool and how much we cashed out (for obvious OPsec reasons) but let's say some K's each week (that's why i decided to let help you in your work), ofc it's not free for charge neither i'm a man of god, we charged 50 cents on the dollars for the free tier and opted for upfront 1200 USDT / week for 90/10 (we get 10% of cashout) and other tier packages and it was working fine ! Until the main API stopped working.
What's the main API ? : ofc i'm talking about the requests sent to STB servers themselves, we investigated and found that not just we got not just suspended but a police investigation was thrown to find the source of CC's fraud
. Great Job everyone we managed to piss the Tunisian Police !,
ofc if OPsec was bad we probably would have been caught, yet it didn't happen and it won't happen because no official names mentioned (or should i say only fake names were used to setup the bank accounts and local company to get their access).
The bad news is our service will be probably down for a bit (like a week or so), maybe because we didn't hide the Original serverside API Requests or maybe because our tool alone was processing 28K $ ++ daily ... it could be that and we're re-thiking about how to proceed next!, we tought a lot about this.
Here is an overview about how it works :
User (You) Make a Request => Request gets validated by our servers => Our servers sends a modified request to STB servers => STB servers give a response => our servers then sends you back that response.
and in just a matter of seconds ! (that's why it's instant)
The Good News !
If you received these messages using our tool :
| error | "Failed to initiate payment" |
Don't Panic !
Quick updates on our side : Our servers and code works fine!, we constantly monitor for security bugs and bad API calls, so no it's "us" as in "our" problem.
So What happened ? : In one of our previous releases we explained that our cashout tool uses a weakness in STB payment system where we process CC's with OTP worldwide with modified and spoofed fingerprints, then decided to let other users cashout on it.
We can't disclose how much my team been using that tool and how much we cashed out (for obvious OPsec reasons) but let's say some K's each week (that's why i decided to let help you in your work), ofc it's not free for charge neither i'm a man of god, we charged 50 cents on the dollars for the free tier and opted for upfront 1200 USDT / week for 90/10 (we get 10% of cashout) and other tier packages and it was working fine ! Until the main API stopped working.
What's the main API ? : ofc i'm talking about the requests sent to STB servers themselves, we investigated and found that not just we got not just suspended but a police investigation was thrown to find the source of CC's fraud
. Great Job everyone we managed to piss the Tunisian Police !,ofc if OPsec was bad we probably would have been caught, yet it didn't happen and it won't happen because no official names mentioned (or should i say only fake names were used to setup the bank accounts and local company to get their access).
The bad news is our service will be probably down for a bit (like a week or so), maybe because we didn't hide the Original serverside API Requests or maybe because our tool alone was processing 28K $ ++ daily ... it could be that and we're re-thiking about how to proceed next!, we tought a lot about this.
Here is an overview about how it works :
User (You) Make a Request => Request gets validated by our servers => Our servers sends a modified request to STB servers => STB servers give a response => our servers then sends you back that response.
and in just a matter of seconds ! (that's why it's instant)
The Good News !
- We applied for over 20 applications to get at least 20 API access (good for load-balancing).
- Looks like it capped at 100,000 TND daily (32 K $ daily) and red flags will be thrown so theortically if we cap 25K $ for each access it will be 500K $ daily with no red flags, ofc that's just an observation based on our suspension it could be lower but we can always apply for newer applications and cap the rates lower, (personnally i would love to cap it 1K $ daily for each access, all i need is more controllable applications).
- to apply for such access you need a local company and local bank account, it costs around 2K TND (640 $) only upfront as mainting them is very cheap.
- it's all about how legitimized the operation so we're considering many other steps that unfortunately we can't disclose.
- Application Side, we recently made the Telegram Bot availiable !, so keep an eye on my replies on Telegram, Breach Forums craxpro, etc ... for updates
- obviously we have the easy choice to shutdown our servers and use the tool for just ourselves and call it a day, but ... that won't happen we will get it back and offer the free tier and the API raining their servers down with cashout requests !, and this time way clever than before as we found out we had the possiblity of load balancing the checkers all along, (that means we will use multiple fronts and multiple bank accounts).
