Carding 👟 StockX: The Ultimate Guide 👟



H

heydrichß

Active Carder
Joined
04.11.24
Messages
44
Reaction score
13
Points
8
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
this is the worst part of this method whaitng days after ___ Buy some small shit to the cardholders address first. It ups your risk of burning the card but 90% will kill the cc
 
R

rapidin1

Active Carder
Joined
30.10.24
Messages
35
Reaction score
1
Points
8
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
excellent information thank you
 
O

Oscarszn

Basic
Joined
08.08.21
Messages
22
Reaction score
3
Points
3
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
You the 🐐
 
d0ctrine

d0ctrine

Fraud Daddy
Elite
Supreme
Joined
26.12.23
Messages
199
Reaction score
2,254
Points
93
heydrichß said:
this is the worst part of this method whaitng days after ___ Buy some small shit to the cardholders address first. It ups your risk of burning the card but 90% will kill the cc
Click to expand...
It's entirely optional, and is perfectly doable with a good bin + SMS/Email spam. Some cards can even go for months.
 
S

slaveoflife

Carding Novice
Joined
08.09.24
Messages
19
Reaction score
3
Points
3
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
:love:
 
A

arturrr

Active Carder
Joined
28.10.24
Messages
36
Reaction score
3
Points
8
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Deja que la cuenta se cocine. Sí, me has oído bien. Una vez que inicies sesión y veas el método de pago vinculado, no te pongas nervioso de inmediato. Dale tiempo: de 24 a 72 horas es el tiempo ideal. Esto le da tiempo a Riskified para que se sienta cómodo con tu "nuevo dispositivo". Ir de compras inmediatamente después de iniciar sesión es como agitar una bandera roja. Una de las mejores formas de hacer esto con éxito es usar servidores proxy estáticos residenciales , que son servidores proxy que no cambian de IP durante un par de días. Esto no solo hace que Riskified confíe en tu dispositivo, sino que también confía en tu dirección IP.
    Después de la espera, también puedes tomar el control de la cuenta por completo cambiando el correo electrónico por uno tuyo, llegaremos a eso en un segundo.

Proceso de cardado de registros StockX

Una vez que hayas comprendido lo que hemos expuesto hasta ahora, esto es lo que necesitarás:

  • Un registro de EE. UU. impecable (o que coincida con el país de entrega)
  • Proxies residenciales (estáticos/permanentes durante unos días si es posible)
  • Una sólida configuración antidetección
  • Gotas limpias que Riskified no había visto antes
  • Un robot antispam (para ocultar tus huellas)
View attachment 46815
Ahora vamos a desglosar esto paso a paso:

En primer lugar, cree ese registro en su antidetect. Si tiene un archivo completo, copie el agente de usuario y asegúrese de que está imitando la versión correcta del sistema operativo y del navegador. Los detalles importan.

A continuación, busque un proxy en el mismo ASN que su registro. Algunos proveedores le permiten apuntar a ASN específicos; use esa información. Si no está utilizando el registro completo y no tiene idea de cuál es la IP de los registros, simplemente investigue el correo electrónico y al menos obtenga uno de la misma ubicación y el mismo ISP.

Si trabaja con un archivo completo, importe esas cookies. ¿No tiene un registro completo? No hay problema. Simplemente navegue por un montón de sitios al azar para calentar su sesión. Haga que parezca un patrón de navegación real, no un robot con una misión.

Hora de iniciar sesión. Cruza los dedos y espera que no haya una 2FA y una tarjeta vinculada. ¿No hay una tarjeta vinculada? Aún puedes usarla con tus propias tarjetas, ya que es una cuenta antigua, pero tus posibilidades de evadir ese control de verificación se eliminan. Sin embargo, sigue siendo mejor que una cuenta nueva.

¿No tienes autenticación de dos factores y una tarjeta vinculada? ¡Ganador del premio gordo! Tienes opciones:

  • Déjalo cocinar durante 24 a 72 horas y luego haz tu movimiento.
  • Déjalo cocinar por 24 horas, cambia el email al tuyo, luego déjalo reposar otras 24-72 horas

Ahora que todo está calentado y listo, estás en la encrucijada:

  • Compre primero algunas cosas pequeñas a la dirección del titular de la tarjeta. Aumenta el riesgo de quemar la tarjeta, pero Riskified confiará más en usted.
  • Ve directo a matar y ordena que te den el botín. Es menos arriesgado para la carta, pero Riskified podría joderte de todos modos.

Truco extra:
***Texto oculto: no se puede citar.***


También:
***Texto oculto: no se puede citar.***

Recuerda: si cometes un error, volverás al punto de partida. Pero si lo haces bien, antes de que te des cuenta estarás inundado de artículos promocionados.


Conclusión

Muy bien, imbéciles, con esto terminamos la primera parte de nuestra odisea de tarjetas de StockX . Hemos cubierto los aspectos básicos de su infraestructura, cómo usar los registros para reducir su puntuación de fraude y el arte de la apropiación de cuentas sin que lo atrapen con los pantalones bajados.

Pero no se confíe: apenas estamos empezando. En la segunda parte, nos adentraremos en el mundo de las tarjetas de inscripción para StockX .

Y para ustedes, bastardos codiciosos, la tercera parte es donde exploraremos el arte de la doble inmersión, convirtiendo una puntuación en dos a través de algunas manipulaciones avanzadas con reemplazos.

Así que estudia, practica y, por el amor de Dios, usa tu cerebro. Esta guía es solo el comienzo. Depende de ti tomar este conocimiento y convertirlo en dinero contante y sonante o en un armario lleno de zapatillas de moda.

Clase terminada por ahora, degenerados. Nos vemos en la segunda parte, donde la cosa se pone realmente interesante. Doctrina fuera.
Click to expand...
thanks
 
R

Realicky

Carding Novice
Joined
16.06.24
Messages
14
Reaction score
3
Points
3
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
Awesome bro
 
C

chrisvec556

Carding Novice
Joined
18.10.24
Messages
12
Reaction score
2
Points
3
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
Reply
 
P

Premancc

Carding Novice
Joined
29.05.22
Messages
20
Reaction score
0
Points
1
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
good
 
D

d00bs

Carding Novice
Joined
02.06.24
Messages
5
Reaction score
0
Points
1
d0ctrine said:

👟 StockX: The Ultimate Guide 👟

View attachment 46806

Today we will dive into the beast that is StockX. This wasnt written like our typical carding guides because theres simply too many moving parts to hold your hand through every step. Were dealing with a complex system here, not some random online shop you can hit with a shitty residential proxy and second-hand CVV.

This guide is so packed were splitting it into three parts. Part One will cover the first method of carding StockX - understanding their security, not getting hit by some checks, and navigating their payment system. Part Two will dive into an alternative carding approach, giving you a different angle to attack from. Part Three is where shit gets more interesting. Well explore the art of double-dipping via replacements, turning one successful hit into multiple scores. Its some advanced fuckery you can only read here, the best forum there is.

If youre still struggling with basic card shops or think residential proxies are the answer to everything, StockX will eat you alive. This is advanced level carding where every detail matters and one slip-up can burn your whole operation.

So strap in. Were about to embark on a journey through one of the challenging carding targets out there. By the end of this, youll either be copping rare kicks like a boss or crying in the corner wondering what hit you. The choice is yours.





What the Fuck is StockX

View attachment 46807

Unless youve been living under a rock or still think carding is about stealing grocery carts youve probably heard of StockX. But for those of you clueless lets break it down:

StockX is like eBay for hypebeasts and sneakerheads. Its a marketplace where people buy and sell limited edition sneakers, streetwear, watches and other collectibles. StockX acts as the middleman authenticating every item to make sure youre not getting some knockoff bullshit made in someones basement.

Heres how it works:

  • Sellers list their items
  • Buyers place bids or buy at the asking price
  • When a sale happens the seller ships the item to StockX
  • StockX verifies its legit
  • If it passes StockX ships it to the buyer

Sounds simple right? Well its this process that makes StockX the the shit for carders.


Why StockX is the Shit for Carders

Now youre probably thinking "Why the fuck should I care about some fancy sneaker site?" Listen up dipshit because this is where it gets good:

  • High-Value Items: Were not talking about carding $20 t-shirts here. StockX deals in items that can go for thousands. Some rare sneakers or limited edition watches can fetch prices that make your eyes water. One successful hit can net you more profit than a month of carding cheap-ass gift cards.
  • Easy Resale: Unlike that stupid vacuum you carded thats collecting dust in your living room StockX items are designed to be flipped. The resale market for these goods is huge and active. You can turn your carded items into cold hard cash before you know it.
  • Diverse Inventory: Sneakers, watches, streetwear, electronics - StockX has it all. This variety means you can diversify your carding portfolio like a Wall Street pro.
  • Built-in Legitimacy: Heres the beauty - StockXs authentication process actually works in our favor. Once an item passes their check its got the StockX stamp of approval. This makes reselling your carded goods a whole lot easier because buyers trust the platform.
  • Global Market: StockX operates worldwide. This opens up a whole new level of possibilities for drop addresses and resale options.
  • Price Volatility: Some items on StockX fluctuate in price like crypto. Time it right and you can make even more profit on top of your initial card.

But heres the real cherry on top - the double-dip potential. StockXs replacement policy is a goldmine if you know how to work it. Get an order through claim it never arrived and boom - youve doubled your score. Well dive deep into this in Part Two but just know its like hitting the fraud lottery twice.

Now dont get too excited. All this potential comes with a price. StockXs security is tight. Theyre not some lowly operation. Youre dealing with advanced fraud detection and a team dedicated to sniffing out sus transactions.

But for those with the skills and the balls to take it on StockX is the promised land of carding. Master this and youll be swimming in hyped sneakers and streetwear in no time.


The StockX Infrastructure

Alright lets talk about the backbone of StockXs defenses - their fucking infrastructure. If youve read my other guides you know how we do recon so Ill spare you the boring details. But theres two key players you need to know about if you want any shot at success on StockX: Braintree and Riskified.

View attachment 46808
View attachment 46810

Braintree
View attachment 46809


Braintree is pretty straightforward in theory. Its a PayPal company so if youve used cards on PayPal eBay or other Braintree stores youre probably already on their radar. They share data across platforms. A declined hit on some random Braintree site can fuck you over on StockX.

Riskified

View attachment 46811

Now Riskified this is where shit gets real complex. Forget about just using the cardholders email and calling it a day. This method rarely works with StockX as they have their own ruleset that gets applied by Riskified, and its pretty freaking sensitive.


The StockX Ruleset

The StockX ruleset is rigid and hard to bypass, hinging on whatever score Riskified gives you. Unless you hit a very low fraud score with Riskified, youll get caught in StockXs fraud check. The threshold is so low even legitimate customers are getting verification emails constantly.

What does this mean for us? Simple, we need to either get our fraud score so low we dont get hit by the verification request, or we find a way to bypass the verification request altogether.
View attachment 46812

This is why for StockX we have two different approaches, each with their advantages and disadvantages and differing resource requirements:

  • Using Logs to lower our fraud score
  • Using Enroll Cards to bypass the verification request

Unless youre gods chosen carder, using a simple CVV and getting those Travis Scott kicks wont really work.

Using Logs to Lower Our Fraud Score

This method is about looking as legitimate as possible. Were talking pristine logs, clean IPs, and a spotless digital footprint. The cost of this is just the proxies and the logs, which can get expensive depending where you source them. The goal is to slip under Riskifieds radar undetected. We will cover later below.

Using Enroll Cards to Bypass Verification

Enroll cards are the holy grail of carding. These are cards with direct access to real-time transaction data. Its like having a direct line to the cardholders bank account. We can use this to pass the verification check. The cost of this of course, are the enroll cards, which is pretty costly nowadays. We will cover this on the second installment.


Logs
View attachment 46813

If youre new to this game logs might sound like some hippie bullshit about cutting down trees. But in our world logs are the digital archives of unsuspecting victims courtesy of botnet password stealers. These nasty little fuckers infect peoples computers and harvest every bit of login info they can get their grubby hands on.

For our purposes were after logs with StockX accounts that have linked payment methods.

Log sellers come in two flavors:
  • Full Archive Sellers: These bastards sell you the whole enchilada - every password username and digital turd from the infected machine. Its pricey but youre getting the victims entire digital life including their user-agent and machine info and IP address. This shit is gold for bypassing fraud checks and especially with StockXs 2FA check but itll cost you.
  • Account-Only Sellers: These guys strip it down to just the credentials you require. Cheaper and cost-effective since youre always rolling the dice on whether an account has a linked payment method or 2FA.

The choice comes down to how deep your pockets are and how badly you want it to work. Full archives give you more to work with but account-only lists can be a cost-effective way to test the waters.

Account Takeover Fraud (ATO)

View attachment 46814

Riskified isnt just some dumbass AI looking for new accounts. Theyre on high alert for ATO - Account Takeover Fraud. Which is exactly what were doing with these logs. So we gotta be smart about this or well get caught with our pants down.

There are two ways to stay off Riskifieds ATO radar:
  • First if youre working with a full log you better mimic that victims setup like your life depends on it. Match their browser and their IP, import their cookies, everything.
    Now if youre rolling with just account credentials and no machine info youre in for some guesswork. Heres a pro tip: dont run this shit on Mac or Linux. 99% of these logs come from Windows machines infected by malware. Stick to a safe popular Windows fingerprint. Do some digging on the victims email to figure out where they live and grab a residential proxy from that area.
  • Let that account cook. Yeah you heard me right. Once you log in and see that sweet linked payment method dont go ham right away. Give it time - 24 to 72 hours is the sweet spot. This gives Riskified time to get cozy with your "new device". Going on a shopping spree right after logging in is like waving a red flag. One of the best way to make to do this successfully is to use static residential proxies, these are proxies that dont change IPs for a couple of days. What this does is not just make Riskified trust your device, it also trusts your IP address.
    After the wait you can also take over the account completely by changing the email to one of yours, we will get to that in a second.

StockX Log Carding Process

Once youve understood what we have laid out here so far, heres what youll need:

  • A pristine USA log (or matching your drops country)
  • Residential proxies (static/sticky for a few days if possible)
  • A solid antidetect setup
  • Clean drops Riskified hasnt seen before
  • An email spam bot (for covering your tracks)
View attachment 46815
Now lets break this shit down step by step:

First up build that log into your antidetect. If youve got a full archive copy the user-agent making sure youre mimicking the right OS and browser version. Details matter.

Next find a proxy in the same ASN as your log. Some providers let you target specific ASNs - use that shit. If youre not using the full log and have no idea what the logs IP is just research the email and at least get one from the same location and ISP.

If youre working with a full archive import those cookies. No full log? No problem. Just browse a bunch of random sites to warm up your session. Make it look like a real browsing pattern not some bot on a mission.

Login time. Cross your fingers and hope for no 2FA and a linked card. No linked card? You can still use it with your own cards since its an aged account but your chances of dodging that verification check gets obliterated. Still beats a fresh account though.

No 2FA and a linked card? Jackpot. Youve got options:

  • Let it cook for 24-72 hours then make your move
  • Let it cook for 24 hours, change the email to yours, then give it another 24-72 hour rest

Now its all warmed and ready youre at the crossroads:

  • Buy some small shit to the cardholders address first. It ups your risk of burning the card but Riskified will trust you more.
  • Go straight for the kill and order to your drop. Less risk to the card but Riskified might still fuck you over.

Bonus trick:
*** Hidden text: cannot be quoted. ***


Also:
*** Hidden text: cannot be quoted. ***

Remember: one slip-up and youre back to square one. But get it right and youll be drowning in hyped gear before you know it.


Conclusion

Alright dipshits thats a wrap on Part One of our StockX carding odyssey. Weve covered the basics of their infrastructure how to use logs to lower your fraud score and the art of account takeover without getting caught with your pants down.

But dont get cocky - were just scratching the surface. In Part Two well dive into the world of enroll cards for StockX.

And for you greedy bastards Part Three is where well explore the art of double-dipping, turning one score into two through some advanced fuckery with replacements.

So study up practice and for fucks sake use your brain. This guide is just the beginning. Its up to you to take this knowledge and turn it into cold hard cash or a closet full of hyped kicks.

Class dismissed for now you degenerates. See you in Part Two where shit really gets interesting. d0ctrine out.
Click to expand...
gimme da bonus
 
You must log in or register to reply here.
Top Bottom