Inside the Search for 'Clean' Residential Proxies for Carding
Criminal actors are increasingly using residential proxies as part of a broader identity-simulation stack, alongside device fingerprints, browser profiles, and other techniques designed to create a convincing digital identity.
Intelligence analysis by Llama

Carders are becoming more selective in their use of residential proxies, attempting to match IP geography with stolen identity data and combining proxies with antidetect browsers and other techniques to create a convincing digital identity.
Imagine you're trying to buy something online, but you don't want the seller to know who you really are. You might use a special tool called a residential proxy to make it look like you're coming from a different place. But now, some bad guys are using these tools to try and trick the seller into thinking they're a real person. They're trying to create a fake identity that's hard to spot. It's like trying to wear a disguise to hide who you really are.
Analysis
A $60B Vote of Confidence
The use of residential proxies by criminal actors is a significant concern for defenders, as it highlights the need to consider the broader identity-simulation stack used by these actors. The dataset analyzed by Flare researchers shows that carders are increasingly using residential proxies as part of a broader identity-simulation stack, alongside device fingerprints, browser profiles, and other techniques designed to create a convincing digital identity. This approach is not limited to residential proxies, but also includes antidetect browsers, isolated devices, cookie history, WebRTC configuration, Canvas and WebGL fingerprints, and user-agent consistency. The goal of this approach is to create a coherent digital identity that is difficult to distinguish from a legitimate user's identity.
Why Cursor?
Carders are becoming more selective in their use of residential proxies, attempting to match IP geography with stolen identity data. This approach is not limited to country matching, but also includes city, ZIP code, time zone, browser language, and billing information. The use of antidetect browsers and other techniques designed to create a convincing digital identity is also becoming more prevalent. This approach is not limited to residential proxies, but also includes isolated devices, cookie history, WebRTC configuration, Canvas and WebGL fingerprints, and user-agent consistency.
The Road Ahead
The use of residential proxies by criminal actors highlights the need for defenders to treat residential traffic as context, rather than evidence that a user is legitimate. Defenders should consider the broader identity-simulation stack used by these actors, including device fingerprints, browser profiles, and other techniques designed to create a convincing digital identity. This approach requires a more nuanced understanding of the identity-simulation stack used by criminal actors and the need to consider the broader context in which residential traffic is used.
Key points
- Carders are increasingly using residential proxies as part of a broader identity-simulation stack.
- Carders are becoming more selective in their use of residential proxies, attempting to match IP geography with stolen identity data.
- The use of antidetect browsers and other techniques designed to create a convincing digital identity is becoming more prevalent.
- Defenders should treat residential traffic as context, rather than evidence that a user is legitimate.
- Defenders should consider the broader identity-simulation stack used by these actors, including device fingerprints, browser profiles, and other techniques designed to create a convincing digital identity.
If carders continue to refine their use of residential proxies and other techniques designed to create a convincing digital identity, defenders may be able to develop more effective strategies to detect and prevent these types of attacks. This could include the use of more advanced machine learning algorithms and the development of new tools and techniques to detect and prevent identity-simulation attacks.
If carders are able to successfully create convincing digital identities using residential proxies and other techniques, it could lead to a significant increase in the number of successful attacks. This could have serious consequences for businesses and individuals who are targeted by these attacks, including financial losses and damage to their reputation.



