korkut34

Carding Novice
Joined
19.12.24
Messages
20
Reaction score
3
Points
3
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
nice
 

SujoyDS

Active Carder
Joined
29.11.24
Messages
29
Reaction score
5
Points
3
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
Ty
 

Electricfeel

Carding Novice
Joined
14.11.24
Messages
7
Reaction score
1
Points
3
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
Reallly great stuff
 

Peter_john21

Basic
Joined
16.01.21
Messages
35
Reaction score
6
Points
8
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
Respect my guy!
 

acb1980

Carding Novice
Joined
18.07.24
Messages
13
Reaction score
0
Points
1
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
thanks
 

facai88

Carding Novice
Joined
20.10.24
Messages
13
Reaction score
0
Points
1
1
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Linken Sphere的另一个杀手级功能是个人资料预热。在访问目标网站(尤其是使用日志)之前,您可以通过自动执行正常浏览模式来建立信任 - 产品搜索愿望清单添加评论阅读。混合您访问的网站并让个人资料老化几天。新鲜的个人资料表明存在欺诈行为,但具有既定浏览历史的个人资料则与合法流量融为一体。

View attachment 51553

结果不言而喻 - 我的成功率一直很高,我相信随着我们进入 2025 年,这种设置只会变得更加有效。当您处理复杂的反欺诈系统时,拥有可靠的反检测系统不仅仅是好事 - 它是必不可少的。



🧰 其他工具

当然,如果没有这些坏家伙,我的梳理设置就不会完整。

网站分析:

  • Caido:您分析网站的最佳帮手。当您需要了解网站如何运作以及其安全性如何运作时。
  • Burp Suite:Web 测试的重量级冠军。这款工具无所不能 - 拦截和侦察,应有尽有。
指纹检查:

  • demo.fingerprint.com:简单但有效。向您准确显示您访问网站时看到的内容。
  • creepjs:深入挖掘浏览器指纹的本质。你会对自己泄露的数据量感到震惊。
  • fv.pro:可靠的指纹检查器,可以逐一分解您的数字签名。
  • browserleaks:查看浏览器泄漏信息的完整软件包。相信我,它比你想象的还要多。

IP 检查:

  • IPQS (IPQualityScore):您的第一道防线。如果您的 IP被烧毁, IPQS 会在您浪费时间尝试卡之前通知您。
  • Scamalytics:不错的 IP 检查备份。虽然不及 IPQS 级别,但仍值得放在您的工具包中。

专业提示:将您的IPQS API 密钥连接到Linken Sphere。它会自动监视您的 IP 信誉 - 为您省去大量的麻烦和手动检查。

VPN



我同时运行ProtonVPN 。不是为了 OPSEC,而是为了它如何处理DNS 泄漏。只需将您的 VPN 位置与您的代理国家/地区匹配即可。这样,即使发生泄漏,所有流量看起来也像是来自同一个地方。干净且一致。

如果您未将国家 VPN 与代理匹配,则会出现 DNS 泄漏示例:




结论

这就是我为 2025 年制定的个人信用卡设置 - 反检测浏览器和代理以及混入其中并完成交易的工具。随着人工智能欺诈检测的兴起,商家正在加强他们的游戏,但对于那些适应的人来说,这意味着更高的分数。

此设置只是一个起点。您可能会找到自己的节奏,也许是不同的浏览器或新工具。这款游戏是关于不断演变的。因此,随着我不断更改自己的设置,我会更新此设置。

一如既往:保持领先。自满会让你破产。保持工具锋利,严密 OPSEC,永不停止学习。每次失误都是一次教训,每次打击都是一次经验。

数字世界就像是一片丛林,但只要具备正确的知识准备和适度的警惕性,你就能驾驭它。2025 年,那些适应能力强的人将获得最高分。

保持危险,保持聪明,祝你牌好运。祝你 2025 年财源广进,你们这些堕落的混蛋。教义过时了。
11
 

FragranceBoss

Carding Novice
Joined
01.01.25
Messages
1
Reaction score
0
Points
1
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
Thanks a lot, is the browser and proxy the main nececary things and is a mac addres changer useful?
 

theonly7

Carding Novice
Joined
11.12.24
Messages
11
Reaction score
0
Points
1
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
ty
 

MrFlimFlam98

Carding Novice
Joined
08.01.24
Messages
21
Reaction score
2
Points
3
View attachment 51543
👑 d0c's Carding Setup for 2025 👑

A lot of you newcomers keep blowing up my inbox asking the same old shit: 'd0ctrine whats your setup? What proxy provider do you use? What anti-detect do you use?' You know what? Im sick of it. So I said 'Fuck it' and wrote this guide. This is the shit I personally use and why I use it. Hopefully this will fatten your wallets as you navigate the tough times of carding this coming 2025.


Understanding the Setup

If youve been paying any attention to my guides you know Im a huge fucking proponent of the iPhone as a carding device. Ive talked about why its the tits extensively on here:

📱 The iPhone: A Carder's Ultimate Tool 📱

So it should be no surprise that 60% of all my carding is done with an iPhone. But telling you to just buy an iPhone would be a massive letdown right? So for the remaining 40% where I use my laptop this guide will break down my setup. Most of the tools and services here are cross-platform meaning you can use them on any OS but to get the best results and highest success rate I recommend sticking with Apple devices. They give you low entropy since most devices look the same so you get a large margin of error when carding.



Proxy Provider

I switch up proxy providers like a paranoid dealer changes burner phones. There are plenty of reasons to do this but for the longest damn time Ive been riding with SmartProxy.

LINK TO SMARTPROXY

Why? Because it hits four of my must-have criteria:
  • Large Pool of Proxies: The bigger the pool the better. This pool is shared among all users so a larger pool means less chance of running into some other jackass using the same IP raising red flags.
  • Fast and Reliable: Ive had other proxy providers shit the bed mid-carding session forcing me to switch IPs and basically waving a giant red flag at the transaction. SmartProxy has been solid keeping me in the game without those fuck-ups.
  • ZIP Targeting: Lets be real ZIP codes are the bread and butter of any successful carding operation. The fact that SmartProxy lets you laser-focus on specific ZIPs? Thats a fucking game-changer.
  • High Percentage of Unique IPs: Its not just about having the biggest pool. PIA for example has a huge pool but you often end up with the same damn IP multiple times. SmartProxy has a solid percentage of unique IPs which is what you need to stay under the radar.
  • Blocks a Shitload of Financial Sites: This is pure fucking gold. If you read my guide on 🌐 Strategic Carding: Getting the Cleanest Possible IPs 🌐 youd know that to get the cleanest proxies you need providers that block financial and banking sites. Then you work around that block. SmartProxy is a fucking champ at this blocking everything from Shopify to Stripe to banking sites.

Unique IPs

View attachment 51545

Alright lets cut through the 'unique IP' marketing crap. Proxyway did a nice experiment to expose the truth about residential proxy pools. They didnt just take these providers inflated claims at face value. They put them to the test hammering them with hundreds of thousands of requests and cross-referencing the IPs with MaxMind and IP2Location.

They wanted to find out how many unique IPs each provider actually delivered how many were on different C-level subnets (important to avoid getting your ass blocked) and whether they were legit residential addresses.

SMARTPROXY
View attachment 51546

Smartproxy came out on top boasting 57% unique IPs with 37% on unique C-class subnetworks. They claim 10 million IPs and these numbers suggest theyre not entirely full of shit. Oxylabs was a close second but the rest? Fucking embarrassing. Luminati the supposed king of the hill only managed a pathetic 15% unique IPs. RSocks and PacketStream fared even worse. NetNut had a decent number of unique IPs but almost all were on the same subnet. Most other proxy fuckers just resell from these larger pools, so they are more or less the same shit.

OXYLABS
View attachment 51547

NETNUT
View attachment 51548

The bottom line? Most of these providers are inflating their numbers. Theyre probably counting IPs over weeks or months not whats available at any given moment. Smartproxy seems to be the least deceptive but always grill these providers on how they calculate their pool size before you hand over your hard-earned cash.



Smartproxy Script

Look Im all about efficiency. Aint nobody got time to manually configure proxies every damn time. So to make my life easier I whipped up a little script that I run in my terminal. I just punch in the ZIP code I want and boom I get a fresh IP.

View attachment 51552

Usually Smartproxy uses this format:

Code:
user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000

But Im a genius so I made a script that automates this. Heres the code:

Bash Script (Mac/Linux)

View attachment 51551


Code:
#!/bin/bash

# Your Smartproxy username and password
username='YOUR_USERNAME'
password='YOUR_PASSWORD'

# Check if ZIP code argument is provided
if [ $# -ne 1 ]; then
  echo 'Error: Please provide a ZIP code as argument'
  echo 'Usage: $0 <zipcode>'
  exit 1
fi

# Store ZIP code from command line argument
zipcode=$1

# Generate random 8-digit session number
session=$(printf '%08d' $(($RANDOM % 100000000)))

# Generate proxy string
proxy_str='user-${username}-session-${session}-sessionduration-60-country-us-zip-${zipcode}:${password}@gate.smartproxy.com:7000'

# Test the proxy
echo '=== Proxy IP Information ==='
curl -s --proxy 'https://${proxy_str}' ip-api.com/json | jq .
echo
echo '=== Proxy Configuration ==='
echo '${proxy_str}'

How to Use It (Mac):
  1. Save this script as `prox.sh` somewhere on your Mac.
  2. Open Terminal and navigate to where you saved the script.
  3. Make it executable: `chmod +x prox.sh`
  4. Run it: `bash prox.sh 90210` (replace 90210 with your desired ZIP).

For the Windows Gang:

You can use PowerShell for a similar script:
*** Hidden text: cannot be quoted. ***

How to Use It (Windows):
  1. Save this as `prox.ps1`.
  2. Open PowerShell as an administrator.
  3. Navigate to the scripts location.
  4. Run it: `.\prox.ps1 10001` (replace 10001 with your ZIP).

Important: Dont forget to replace `'YOUR_USERNAME'` and `'YOUR_PASSWORD'` with your actual Smartproxy credentials in both scripts. Also make sure you have `curl` installed on your Mac and that PowerShell has the necessary permissions to make web requests.



Antidetects

Ive burned through more antidetect browsers than I care to count but only two have proven their worth: GoLogin and Linken Sphere. Dont worry Ill drop a detailed analysis of every antidetect browser Ive tested soon but for now lets focus on what actually works especially if youre running a Mac setup.

LINK TO LINKEN SPHERE



These days I exclusively roll with Linken Sphere. Why? Simple - its the only one that consistently plays nice with custom DNS settings which you absolutely need when dealing with SmartProxy's blocked sites. Their hybrid fingerprinting option keeps my entropy stable and lets me blend in with the normies without raising any red flags.

View attachment 51554

Another killer feature in Linken Sphere is profile warming. Before hitting your target sites especially with logs you can build trust by automating normal browsing patterns - product searches wishlist adds review reading. Mix up the sites you visit and let profiles age for a few days. Fresh profiles scream fraud but ones with established browsing history blend right in with legitimate traffic.

View attachment 51553

The results speak for themselves - my success rate has been solid and Im betting this setup will only get more effective as we push through 2025. When youre dealing with sophisticated antifraud systems having a reliable antidetect isnt just nice to have - its fucking essential.



🧰 Other Tools

Of course my carding setup wouldnt be complete without these bad boys.

Site Analysis:

  • Caido: Your best friend for picking apart websites. When you need to understand how a site works and how its security operates.
  • Burp Suite: The heavyweight champion of web testing. This beast does everything - intercepting and reconaissance you name it.
Fingerprint Checks:

  • demo.fingerprint.com: Simple but effective. Shows you exactly what sites see when you visit them.
  • creepjs: Gets into the nitty-gritty of your browser fingerprint. Youll be shocked at how much data youre giving away.
  • fv.pro: Solid fingerprint checker that breaks down your digital signature piece by piece.
  • browserleaks: The full package for seeing what info your browser spills. Trust me its more than you think.

IP Checks:

  • IPQS (IPQualityScore): Your first line of defense. If your IP is burned IPQS will tell you before you waste your time trying cards.
  • Scamalytics: Decent backup for IP checking. Not quite IPQS level but still worth having in your toolkit.

Pro tip: Hook your IPQS API key up to Linken Sphere. Itll watch your IP reputation automatically - saves you a ton of headache and manual checks.

VPN



I run ProtonVPN alongside everything else. Not really for OPSEC but for how it handles DNS leaks. Just match your VPN location to your proxys country. That way even if something leaks all the traffic looks like its coming from the same place. Clean and consistent.

Sample of an exposed DNS leak if you don't match the country VPN with your proxy:




Conclusion

Thats my personal carding setup for 2025 - anti-detect browsers and proxies and the tools to blend in and get your transactions through. With AI fraud detection on the rise merchants are stepping up their game but that means bigger scores for those who adapt.

This setup is just a starting point. Youll find your own rhythm maybe a different browser or a new tool. This game is about constant evolution. As such expect that I will update this as I change my own setup from time to time.

As always: stay ahead of the curve. Complacency gets you busted. Keep your tools sharp your OPSEC tight and never stop learning. Every fuck up is a lesson every hit is experience.

The digital world is a fucking jungle but with the right knowledge preparation and a healthy dose of paranoia you can navigate it. In 2025 the biggest scores go to those who adapt.

Stay dangerous stay smart and may your cards hit clean. Heres to a profitable 2025 you degenerate fucks. d0ctrine out.
 
Top Bottom