great stuff,,,,,thxlet seees
Good
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Residential proxies (static/sticky for a few days if possible)
- A solid antidetect setup
- Clean drops Riskified hasnt seen before
- An email spam bot (for covering your tracks)
Now lets break this shit down step by step:
First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.
Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.
If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.
Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.
No 2FA and a linked card? Jackpot. Youve got options:
- Let it cook for 24-72 hours then make your move
- Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest
Now its all warmed and ready youre at the crossroads:
- Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
- Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.
Bonus trick:
*** Hidden text: cannot be quoted. ***
Also:
*** Hidden text: cannot be quoted. ***
Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.
Conclusion
Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.
But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.
And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.
So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.
Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Proxies residenciales (estáticos/pegajosos durante unos dÃas si es posible)
- Una sólida configuración antidetección
- Gotas limpias que Riskified no ha visto antes
- Un bot de spam de correo electrónico (para cubrir tus huellas)
Ahora vamos a desglosar esta mierda paso a paso:
En primer lugar, construya ese registro en su antidetect. Si tiene un archivo completo, copie el agente de usuario asegurándose de que está imitando el sistema operativo y la versión del navegador correctos. Los detalles importan.
A continuación, busque un proxy en el mismo ASN que su registro. Algunos proveedores te permiten dirigirte a ASN especÃficos: usa esa mierda. Si no está utilizando el registro completo y no tiene idea de cuál es la IP de los registros, simplemente investigue el correo electrónico y al menos obtenga uno de la misma ubicación e ISP.
Si está trabajando con un archivo completo, importe esas cookies. ¿No tienes un registro completo? No hay problema. Sólo tienes que navegar por un montón de sitios aleatorios para calentar tu sesión. Haz que parezca un patrón de navegación real, no un bot con una misión.
Tiempo de inicio de sesión. Cruza los dedos y espera que no haya 2FA y una tarjeta vinculada. ¿No tienes ninguna tarjeta vinculada? TodavÃa puede usarlo con sus propias tarjetas, ya que es una cuenta antigua, pero sus posibilidades de esquivar ese control de verificación se borran. Sin embargo, todavÃa supera una cuenta nueva.
¿No tienes 2FA y tienes una tarjeta vinculada? Premio máximo. Tienes opciones:
- Deje que se cocine durante 24-72 horas y luego haga su movimiento
- Déjalo cocinar durante 24 horas, cambia el correo electrónico por el tuyo y luego déle otro descanso de 24 a 72 horas
Ahora que todo está calentado y listo, estás en la encrucijada:
- Compre un poco de mierda pequeña a la dirección de los titulares de la tarjeta primero. Aumenta el riesgo de quemar la tarjeta, pero Riskified confiará más en ti.
- Ve directo a matar y ordena a tu botÃn. Menos riesgo para la carta, pero Riskified aún podrÃa joderte.
Truco de bonificación:
Texto oculto: no se puede citar. ***
Bien
Además:
Texto oculto: no se puede citar. ***
Recuerda: un desliz y vuelves al punto de partida. Pero si lo haces bien, te estarás ahogando en un equipo exagerado antes de que te des cuenta.
Conclusión
Muy bien, mierda, eso es todo lo que dice la primera parte de nuestra odisea de cardado de StockX. Hemos cubierto los conceptos básicos de su infraestructura, cómo usar los registros para reducir su puntaje de fraude y el arte de la toma de control de cuentas sin que lo atrapen con los pantalones bajados.
Pero no te pongas arrogante, solo estamos arañando la superficie. En la segunda parte, sumérgete en el mundo de las tarjetas de inscripción para StockX.
Y para ustedes, bastardos codiciosos, la tercera parte es donde exploramos el arte de la doble inmersión, convirtiendo una partitura en dos a través de una avanzada con reemplazos.
Asà que estudia, practica y, por el amor de la mierda, usa tu cerebro. Esta guÃa es solo el comienzo. Depende de ti tomar este conocimiento y convertirlo en dinero contante y sonante o en un armario lleno de patadas promocionadas.
Clase descartada por ahora, degenerados. Nos vemos en la segunda parte, donde la mierda se pone realmente interesante. d0ctrine fuera.
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Residential proxies (static/sticky for a few days if possible)
- A solid antidetect setup
- Clean drops Riskified hasnt seen before
- An email spam bot (for covering your tracks)
Now lets break this shit down step by step:
First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.
Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.
If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.
Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.
¿No tienes 2FA y tienes una tarjeta vinculada? Premio máximo. Tienes opciones:
- Deje que se cocine durante 24-72 horas y luego haga su movimiento
- Déjalo cocinar durante 24 horas, cambia el correo electrónico por el tuyo y luego déle otro descanso de 24 a 72 horas
Ahora que todo está calentado y listo, estás en la encrucijada:
- Compre un poco de mierda pequeña a la dirección de los titulares de la tarjeta primero. Aumenta el riesgo de quemar la tarjeta, pero Riskified confiará más en ti.
- Ve directo a matar y ordena a tu botÃn. Menos riesgo para la carta, pero Riskified aún podrÃa joderte.
Truco de bonificación:
Texto oculto: no se puede citar. ***
Además:
Texto oculto: no se puede citar. ***
Recuerda: un desliz y vuelves al punto de partida. Pero si lo haces bien, te estarás ahogando en un equipo exagerado antes de que te des cuenta.
Conclusión
Muy bien, mierda, eso es todo lo que dice la primera parte de nuestra odisea de cardado de StockX. Hemos cubierto los conceptos básicos de su infraestructura, cómo usar los registros para reducir su puntaje de fraude y el arte de la toma de control de cuentas sin que lo atrapen con los pantalones bajados.
Pero no te pongas arrogante, solo estamos arañando la superficie. En la segunda parte, sumérgete en el mundo de las tarjetas de inscripción para StockX.
Y para ustedes, bastardos codiciosos, la tercera parte es donde exploramos el arte de la doble inmersión, convirtiendo una partitura en dos a través de una avanzada con reemplazos.
Asà que estudia, practica y, por el amor de la mierda, usa tu cerebro. Esta guÃa es solo el comienzo. Depende de ti tomar este conocimiento y convertirlo en dinero contante y sonante o en un armario lleno de patadas promocionadas.
Clase descartada por ahora, degenerados. Nos vemos en la segunda parte, donde la mierda se pone realmente interesante. d0ctrine fuera.
Thank you gang
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Residential proxies (static/sticky for a few days if possible)
- A solid antidetect setup
- Clean drops Riskified hasnt seen before
- An email spam bot (for covering your tracks)
Now lets break this shit down step by step:
First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.
Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.
If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.
Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.
No 2FA and a linked card? Jackpot. Youve got options:
- Let it cook for 24-72 hours then make your move
- Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest
Now its all warmed and ready youre at the crossroads:
- Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
- Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.
Bonus trick:
*** Hidden text: cannot be quoted. ***
Also:
*** Hidden text: cannot be quoted. ***
Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.
Conclusion
Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.
But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.
And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.
So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.
Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Thabk
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Residential proxies (static/sticky for a few days if possible)
- A solid antidetect setup
- Clean drops Riskified hasnt seen before
- An email spam bot (for covering your tracks)
Now lets break this shit down step by step:
First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.
Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.
If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.
Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.
No 2FA and a linked card? Jackpot. Youve got options:
- Let it cook for 24-72 hours then make your move
- Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest
Now its all warmed and ready youre at the crossroads:
- Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
- Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.
Bonus trick:
*** Hidden text: cannot be quoted. ***
Also:
*** Hidden text: cannot be quoted. ***
Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.
Conclusion
Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.
But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.
And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.
So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.
Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
the goat
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Residential proxies (static/sticky for a few days if possible)
- A solid antidetect setup
- Clean drops Riskified hasnt seen before
- An email spam bot (for covering your tracks)
Now lets break this shit down step by step:
First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.
Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.
If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.
Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.
No 2FA and a linked card? Jackpot. Youve got options:
- Let it cook for 24-72 hours then make your move
- Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest
Now its all warmed and ready youre at the crossroads:
- Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
- Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.
Bonus trick:
*** Hidden text: cannot be quoted. ***
Also:
*** Hidden text: cannot be quoted. ***
Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.
Conclusion
Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.
But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.
And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.
So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.
Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
thanks
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Residential proxies (static/sticky for a few days if possible)
- A solid antidetect setup
- Clean drops Riskified hasnt seen before
- An email spam bot (for covering your tracks)
Now lets break this shit down step by step:
First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.
Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.
If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.
Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.
No 2FA and a linked card? Jackpot. Youve got options:
- Let it cook for 24-72 hours then make your move
- Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest
Now its all warmed and ready youre at the crossroads:
- Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
- Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.
Bonus trick:
*** Hidden text: cannot be quoted. ***
Also:
*** Hidden text: cannot be quoted. ***
Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.
Conclusion
Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.
But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.
And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.
So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.
Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
we love this
StockX: The Ultimate Guide
View attachment 46806
Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.
This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.
If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.
So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.
What the Fuck is StockX
View attachment 46807
Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:
StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.
Heres how it works:
- Sellers list their items
- Buyers place bids or buy at the asking price
- When a sale happens the seller ships the item to StockX
- StockX verifies its legit
- If it passes StockX ships it to the buyer
Sounds simple right? Well its this process that makes StockX the the shit for carders.
Why StockX is the Shit for Carders
Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:
- High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
- Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
- Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
- Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
- Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
- Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.
But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.
Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.
But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.
The StockX Infrastructure
Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.
View attachment 46808
View attachment 46810
Braintree
View attachment 46809
Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.
Riskified
View attachment 46811
Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.
The StockX Ruleset
The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.
What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812
This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:
- Using Logs to lower our fraud score
- Using Enroll Cards to bypass the verification request
Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.
Using Logs to Lower Our Fraud Score
This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.
Using Enroll Cards to Bypass Verification
Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.
Logs
View attachment 46813
If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.
For our purposes were after logs with StockX accounts that have linked payment methods.
Log sellers come in two flavors:
- Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
- Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.
The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.
Account Takeover Fraud (ATO)
View attachment 46814
Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.
There are two ways to stay off Riskifieds ATO radar:
- First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.- Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.
StockX Log Carding Process
Once youve understood what we have laid out here so far, heres what youll need:
View attachment 46815
- A pristine USA log (or matching your drops country)
- Residential proxies (static/sticky for a few days if possible)
- A solid antidetect setup
- Clean drops Riskified hasnt seen before
- An email spam bot (for covering your tracks)
Now lets break this shit down step by step:
First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.
Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.
If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.
Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.
No 2FA and a linked card? Jackpot. Youve got options:
- Let it cook for 24-72 hours then make your move
- Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest
Now its all warmed and ready youre at the crossroads:
- Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
- Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.
Bonus trick:
*** Hidden text: cannot be quoted. ***
Also:
*** Hidden text: cannot be quoted. ***
Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.
Conclusion
Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.
But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.
And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.
So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.
Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.