Advanced Search

Carding ? StockX: The Ultimate Guide ?



XTC | CUSTOMER SATISFACTION IS OUR PRIORITY
S

swipegleece2

Carding Novice
Joined
10.07.24
Messages
20
Reaction score
2
Points
3
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
thanks
 
J

JIaJI

Carding Novice
Joined
17.04.24
Messages
10
Reaction score
0
Points
1
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
thx
 
C

Celen

Carding Novice
Joined
11.03.25
Messages
18
Reaction score
0
Points
1
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Hãy để tài khoản đó nấu ăn. Vâng, bạn nghe tôi nói đúng. Khi bạn đăng nhập và thấy phương thức thanh toán được liên kết ngọt ngào đó, đừng vội vàng. Hãy cho nó thời gian - 24 đến 72 giờ là thời điểm lý tưởng. Điều này giúp Riskified có thời gian để làm quen với "thiết bị mới" của bạn. Việc mua sắm ngay sau khi đăng nhập cũng giống như vẫy cờ đỏ. Một trong những cách tốt nhất để thực hiện thành công việc này là sử dụng proxy tĩnh tại nhà , đây là những proxy không thay đổi IP trong một vài ngày. Điều này không chỉ khiến Riskified tin tưởng thiết bị của bạn mà còn tin tưởng địa chỉ IP của bạn.
    Sau khi chờ đợi, bạn cũng có thể tiếp quản hoàn toàn tài khoản bằng cách thay đổi email thành một trong những email của bạn, chúng ta sẽ tìm hiểu về điều đó trong giây lát.

Quy trình đánh thẻ gỗ StockX

Sau khi bạn đã hiểu những gì chúng tôi đã trình bày ở đây, đây là những gì bạn cần:

  • Một khúc gỗ nguyên sơ của Hoa Kỳ (hoặc phù hợp với quốc gia thả của bạn)
  • Proxy dân dụng (tĩnh/dính trong vài ngày nếu có thể)
  • Thiết lập chống phát hiện vững chắc
  • Những giọt sạch Riskified chưa từng thấy trước đây
  • Một bot thư rác email (để che giấu dấu vết của bạn)
View attachment 46815
Bây giờ chúng ta hãy phân tích từng bước một:

Đầu tiên, hãy xây dựng nhật ký đó vào antidetect của bạn. Nếu bạn có một kho lưu trữ đầy đủ, hãy sao chép tác nhân người dùng, đảm bảo rằng bạn đang mô phỏng đúng phiên bản hệ điều hành và trình duyệt. Chi tiết rất quan trọng.

Tiếp theo, hãy tìm một proxy trong cùng ASN với nhật ký của bạn. Một số nhà cung cấp cho phép bạn nhắm mục tiêu đến các ASN cụ thể - hãy sử dụng cái đó. Nếu bạn không sử dụng nhật ký đầy đủ và không biết IP nhật ký là gì, hãy nghiên cứu email và ít nhất hãy lấy một cái từ cùng một vị trí và ISP.

Nếu bạn đang làm việc với một kho lưu trữ đầy đủ, hãy nhập các cookie đó. Không có nhật ký đầy đủ? Không vấn đề gì. Chỉ cần duyệt một loạt các trang web ngẫu nhiên để khởi động phiên của bạn. Làm cho nó trông giống như một mẫu duyệt thực sự chứ không phải một bot đang làm nhiệm vụ.

Đã đến lúc đăng nhập. Hãy khoanh tay và hy vọng không có 2FA và thẻ được liên kết. Không có thẻ được liên kết? Bạn vẫn có thể sử dụng nó với thẻ của riêng mình vì đó là tài khoản cũ nhưng cơ hội trốn tránh kiểm tra xác minh của bạn sẽ bị xóa sổ. Tuy nhiên, vẫn tốt hơn là có một tài khoản mới.

Không có 2FA và thẻ liên kết? Jackpot. Bạn có các lựa chọn:

  • Để nấu trong vòng 24-72 giờ rồi hãy hành động
  • Để nó nấu trong 24 giờ, đổi email thành email của bạn, sau đó để nó nghỉ thêm 24-72 giờ nữa

Bây giờ mọi thứ đã ấm áp và sẵn sàng, bạn đang ở ngã ba đường:

  • Trước tiên hãy mua một số thứ nhỏ gửi đến địa chỉ của chủ thẻ. Điều này làm tăng nguy cơ cháy thẻ của bạn nhưng Riskified sẽ tin tưởng bạn hơn.
  • Tiến thẳng đến mục tiêu và ra lệnh thả quân. Ít rủi ro hơn cho lá bài nhưng Riskified vẫn có thể làm bạn thất vọng.

Mẹo thưởng:
*** Văn bản ẩn: không thể trích dẫn. ***


Cũng:
*** Văn bản ẩn: không thể trích dẫn. ***

Hãy nhớ: một lần trượt chân và bạn sẽ trở lại vạch xuất phát. Nhưng nếu làm đúng, bạn sẽ chìm đắm trong những món đồ được thổi phồng trước khi bạn biết điều đó.


Phần kết luận

Được rồi, đồ ngốc, vậy là xong Phần Một trong hành trình kiếm tiền bằng thẻ StockX của chúng ta . Chúng tôi đã đề cập đến những điều cơ bản về cơ sở hạ tầng của họ, cách sử dụng nhật ký để giảm điểm gian lận và nghệ thuật chiếm đoạt tài khoản mà không bị phát hiện.

Nhưng đừng tự mãn - chúng ta chỉ đang khám phá bề nổi. Trong Phần Hai, chúng ta sẽ khám phá thế giới đăng ký thẻ cho StockX .

Và đối với những tên khốn tham lam, Phần Ba là nơi chúng ta sẽ khám phá nghệ thuật kiếm tiền hai lần, biến một điểm thành hai thông qua một số mánh khóe nâng cao với các phần thay thế.

Vậy hãy học cách thực hành và vì Chúa hãy sử dụng bộ não của bạn. Hướng dẫn này chỉ là khởi đầu. Bạn phải nắm bắt kiến thức này và biến nó thành tiền mặt hoặc một tủ đầy những đôi giày được thổi phồng.

Giải tán lớp học đi, đồ suy đồi. Hẹn gặp lại ở Phần Hai, nơi mọi thứ thực sự trở nên thú vị. d0ctrine out.
Click to expand...
1
 
D

darad

Active Carder
Joined
08.04.24
Messages
54
Reaction score
0
Points
6
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
okok
 
D

distantguy

Carding Novice
Joined
12.03.24
Messages
19
Reaction score
1
Points
3
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Nhật ký
View attachment 46813

Nếu bạn chưa quen với trò chơi này, nhật ký có vẻ giống như một số nhảm nhí hippie về việc chặt cây. Nhưng trong thế giới của chúng ta, nhật ký là kho lưu trữ kỹ thuật số của những nạn nhân không nghi ngờ nhờ những kẻ đánh cắp mật khẩu botnet. Những thằng khốn khốn nạn này lây nhiễm vào máy tính của mọi người và thu thập từng chút thông tin đăng nhập mà họ có thể có được.

Đối với mục đích của chúng tôi là nhật ký sau với các tài khoản StockX đã liên kết các phương thức thanh toán.

Người bán nhật ký có hai hương vị:
  • Người bán kho lưu trữ đầy đủ: Những tên khốn này bán cho bạn toàn bộ enchilada - mọi tên người dùng mật khẩu và kỹ thuật số từ máy bị nhiễm. Nó đắt tiền nhưng bạn đang nhận được nạn nhân toàn bộ cuộc sống kỹ thuật số bao gồm thông tin người dùng và máy móc và địa chỉ IP của họ. Thứ này là vàng để vượt qua séc gian lận và đặc biệt là với séc 2FA của StockXnhưng nó sẽ khiến bạn phải trả giá.
  • Người bán chỉ có tài khoản: Những người này rút gọn nó chỉ còn thông tin đăng nhập mà bạn yêu cầu. Rẻ hơn và tiết kiệm chi phí vì bạn luôn tung xúc xắc xem tài khoản có phương thức thanh toán được liên kết hay 2FA hay không.

Sự lựa chọn phụ thuộc vào túi của bạn sâu như thế nào và bạn muốn nó hoạt động tồi tệ như thế nào. Lưu trữ đầy đủ cung cấp cho bạn nhiều thứ hơn để làm việc nhưng danh sách chỉ có tài khoản có thể là một cách hiệu quả về chi phí để kiểm tra nước.

Gian lận chiếm đoạt tài khoản (ATO)

View attachment 46814

Riskified không chỉ là một số AI ngu ngốc đang tìm kiếm tài khoản mới. Họ đang cảnh giác cao đối với ATO - Gian lận chiếm đoạt tài khoản. Đó chính xác là những gì đã làm với những khúc gỗ này. Vì vậy, chúng ta phải thông minh về điều này nếu không sẽ bị bắt quả tang với quần của chúng ta xuống.

Có hai cách để tránh khỏi radar ATO của Riskified:
  • Đầu tiên, nếu bạn đang làm việc với một nhật ký đầy đủ, tốt hơn hết bạn nên bắt chước rằng thiết lập nạn nhân như cuộc sống của bạn phụ thuộc vào nó. Khớp trình duyệt và IP của họ, nhập cookie của họ, mọi thứ.
    Bây giờ nếu bạn chỉ có thông tin đăng nhập tài khoản và không có thông tin máy móc, bạn sẽ phải phỏng đoán. Đây là một mẹo chuyên nghiệp: đừng chạy thứ này trên Mac hoặc Linux. 99% nhật ký này đến từ các máy Windows bị nhiễm phần mềm độc hại. Bám sát dấu vân tay Windows phổ biến an toàn. Hãy tìm hiểu email của nạn nhân để tìm ra nơi họ sống và lấy một ủy quyền cư trú từ khu vực đó.
  • Hãy để tài khoản đó nấu. Vâng, bạn đã nghe tôi đúng. Khi bạn đăng nhập và thấy phương thức thanh toán được liên kết ngọt ngào đó, đừng chuyển sang ham ngay lập tức. Hãy cho nó thời gian - 24 đến 72 giờ là điểm ngọt ngào. Điều này mang lại cho Riskified thời gian để cảm thấy thoải mái với "thiết bị mới" của bạn. Đi mua sắm ngay sau khi đăng nhập giống như vẫy cờ đỏ. Một trong những cách tốt nhất để thực hiện điều này thành công là sử dụng proxy dân cư tĩnh, đây là những proxy không thay đổi IP trong vài ngày. Điều này không chỉ làm cho Riskified tin tưởng thiết bị của bạn, nó còn tin tưởng địa chỉ IP của bạn.
    Sau khi chờ đợi, bạn cũng có thể tiếp quản hoàn toàn tài khoản bằng cách thay đổi email thành một trong những email của bạn, chúng tôi sẽ giải quyết vấn đề đó trong giây lát.

Quy trình phân loại nhật ký StockX

Khi bạn đã hiểu những gì chúng tôi đã trình bày ở đây cho đến nay, đây là những gì bạn cần:

  • Nhật ký nguyên sơ của Hoa Kỳ (hoặc phù hợp với quốc gia giọt của bạn)
  • Proxy dân cư (tĩnh / dính trong vài ngày nếu có thể)
  • Một thiết lập chống phát hiện vững chắc
  • Giọt sạch Riskified chưa từng thấy trước đây
  • Bot spam email (để che dấu vết của bạn)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Tiếp theo, tìm một proxy trong cùng ASN với nhật ký của bạn. Một số nhà cung cấp cho phép bạn nhắm mục tiêu các ASN cụ thể - sử dụng thứ đó. Nếu bạn không sử dụng nhật ký đầy đủ và không biết IP nhật ký là gì, chỉ cần nghiên cứu email và ít nhất lấy một email từ cùng một vị trí và ISP.

Nếu bạn đang làm việc với một kho lưu trữ đầy đủ, hãy nhập những cookie đó. Không có nhật ký đầy đủ? Không vấn đề gì. Chỉ cần duyệt qua một loạt các trang web ngẫu nhiên để khởi động phiên của bạn. Làm cho nó trông giống như một mô hình duyệt web thực sự, không phải một bot nào đó đang thực hiện nhiệm vụ.

Thời gian đăng nhập. Bắt chéo ngón tay của bạn và hy vọng không có 2FA và một thẻ được liên kết. Không có thẻ được liên kết? Bạn vẫn có thể sử dụng nó với thẻ của riêng mình vì nó là một tài khoản cũ nhưng cơ hội trốn tránh kiểm tra xác minh đó của bạn sẽ bị xóa sổ. Tuy nhiên, vẫn đánh bại một tài khoản mới.

Không có 2FA và thẻ được liên kết? Jackpot. Bạn có các tùy chọn:

  • Để nó nấu trong 24-72 giờ sau đó thực hiện di chuyển của bạn
  • Để nó nấu trong 24 giờ, đổi email thành email của bạn, sau đó cho nó nghỉ thêm 24-72 giờ

Bây giờ tất cả đã ấm áp và sẵn sàng cho bạn, bạn đang ở ngã ba đường:

  • Mua một số thứ nhỏ đến địa chỉ chủ thẻ trước. Nó làm tăng nguy cơ đốt thẻ của bạn nhưng Riskified sẽ tin tưởng bạn hơn.
  • Đi thẳng để tiêu diệt và ra lệnh để thả của bạn. Ít rủi ro hơn đối với thẻ nhưng Riskified vẫn có thể làm bạn khó chịu.

Thủ thuật thưởng:
Văn bản ẩn: không thể trích dẫn. ***


Cũng:
Văn bản ẩn: không thể trích dẫn. ***

Hãy nhớ rằng: một lần trượt và bạn sẽ quay trở lại vị trí đầu tiên. Nhưng hãy làm đúng và bạn sẽ chết đuối trong thiết bị thổi phồng trước khi bạn biết điều đó.


Kết thúc

Được rồi, đó là một phần của Phần Một trong cuộc phiêu lưu chải thẻ StockX của chúng tôi. Chúng tôi đã đề cập đến những điều cơ bản về cơ sở hạ tầng của họ, cách sử dụng nhật ký để giảm điểm gian lận của bạn và nghệ thuật chiếm đoạt tài khoản mà không bị bắt gặp với quần.

Nhưng đừng tự mãn - chỉ đang cào xước bề mặt. Trong Phần Hai, hãy đi sâu vào thế giới thẻ đăng ký cho StockX.

Và đối với những tên khốn tham lam Phần ba là nơi khám phá kỹ thuật nhúng đôi, biến một điểm thành hai thông qua một số thứ chết tiệt nâng cao với các thay thế.

Vì vậy, hãy học tập, thực hành và vì lợi ích của bạn, hãy sử dụng bộ não của bạn. Hướng dẫn này chỉ là khởi đầu. Tùy thuộc vào bạn để lấy kiến thức này và biến nó thành tiền mặt lạnh lùng hoặc một tủ quần áo đầy những cú đá cường điệu.

Lớp học bị sa thải vì bây giờ bạn thoái hóa. Hẹn gặp lại bạn trong Phần Hai, nơi những thứ thực sự trở nên thú vị. d0ctrine ra.
Click to expand...
Ok
 
D

doctorrrrrrr

Carding Novice
Joined
18.03.25
Messages
18
Reaction score
2
Points
3
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
class
 
J

JokesJoker

Carding Novice
Joined
15.01.25
Messages
14
Reaction score
0
Points
1
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
 
M

marin044

Basic
Joined
02.11.21
Messages
55
Reaction score
12
Points
8
d0ctrine said:

? StockX: The Ultimate Guide ?

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
thanks
 
You must log in or register to reply here.
Top Bottom