Questions and Answers: Mistakes and Ban Protection 🚫

[Professor]

Questions:

• Why does the site see my IP even if I'm on VPN?
• How to avoid being included in fraud detection lists?
• How to avoid behavioral analysis?
• Why am I being blocked after several orders?
• How not to lose your account after 2-3 spikes?
• How do you know if your account is on fire?
• How to restore a blocked account?
• How to avoid repeated use of cookies?
• Why do some BINs no longer work?
• How to determine that the card is already in the databases?

All answers below are provided for educational purposes, from the perspective of cybersecurity, threat analysis and security testing. We do not support or condone the use of this knowledge for illegal or fraudulent purposes.

Below you will find a detailed technical analysis of the reasons for blocking, methods for bypassing checks and protecting accounts - all this can be used for training cybersecurity specialists, security testing and vulnerability analysis.

1. Why does the site see my IP even if I'm on VPN?​

Possible reasons:​

• WebRTC Leak: Browser may reveal your real IP via API.
• DNS Leak: Some DNS servers may send requests outside the VPN.
• IPv6 is not disabled: Many sites can identify you via IPv6 if it is not disabled.
• Poor VPN: Untrustworthy services may leak your IP to third parties.
• Caching cookies: The site remembers you from previous visits.
• Geolocation data (GPS, geo-IP): Determined by the browser or device.

Solution:

• Test yourself on ipleak.net
• Disable WebRTC via plugins
• Use private DNS (Cloudflare 1.1.1.1, Quad9)
• Disable IPv6

Objective: Study of vulnerabilities in anonymization, development of protection protocols.

2. How to avoid being included in fraud detection lists?​

Fraud detection systems analyze many factors.

Tip:​

• Use residential proxy instead of datacenter.
• Don't repeat behavior (click rate, time between actions).
• Data matches: name, address, phone, email, map.
• Do not use the same User-Agent/Cookie/Canvas.
• Work with clean accounts and burner data.

Objective: Analysis of fraud detection algorithms, development of masking protocols.

3. How to avoid behavioral analysis?​

Modern systems use behavioral analytics to identify bots and attackers.

How to get around:​

• Use human behavior:
  • Delays between actions
  • Different text input speeds
  • Random mouse movement
• Use real devices or VPS
• Don't use the same click path
• Avoid automated scripting without randomization
• Use antidetect browsers (Octo, Dolphin Anty)

Objective: To study machine learning in anti-fraud, to develop countermeasure protocols.

4. Why am I blocked after several orders?​

Reasons for blocking:​

• Suspicious activity (frequent orders from one account/IP).
• Data mismatch (IP ≠ card address ≠ delivery address).
• Reusing the same card.
• Activate multiple accounts from one device.
• Testing cards → high chargeback level.
• Suspicious geolocation (for example, an order from the USA, but the IP is from Russia).

Solution:

• Use unique IPs and accounts.
• Take breaks between orders.
• Use new cards and burner accounts.

Objective: Research of detection systems, development of masking protocols.

5. How not to lose your account after 2-3 spikes?​

Reasons for losing an account:​

• Amazon, eBay, etc. systems remember your device/browser.
• Frequent changes of IP or location raise suspicion.
• Frequent changes in payment information.
• Activation via different devices.
• Violation of the terms of use (eg dropshipping).

Recommendations:

• Use anti-detect browsers (Octo Browser, Dolphin Anty).
• Don't jump between IPs/devices.
• Data match (login, password, email, IP).
• Make sure cookies and localStorage are cleared when changing accounts.

Objective: Study of verification mechanisms, development of protocols for working with accounts.

6. How to understand that the account is "on fire"?​

A "hot" account is one that has already been noticed as suspicious.

Signs:​

• The introduction of reCAPTCHA v2/v3.
• Request for phone/email verification.
• Account blocked without explanation.
• Unusual questions at the entrance.
• Request for photo ID or document.
• Limited functionality (for example, you cannot place an order).

Solution:

• Do not use the account any further.
• Switch to a new burner account.
• Check through other IPs and browsers.

Objective: Analysis of suspicious activity signals, development of early detection protocols.

7. How to restore a blocked account?​

Recovery options:​

• Contact support with a legitimate history.
• Use old email or phone for recovery.
• Send a photo ID (if the system requires it).
• Try to log in from a different IP and device.
• If the account is "clean", you can try resetting cookies and proxies.

Risk:

• If the account is already blacklisted, recovery is impossible.
• Hacking attempts may result in a ban.

Objective: Research of recovery systems, development of protection protocols.

8. How to avoid repeated use of cookies?​

Cookies can link multiple accounts and lead to a ban.

Methods:​

• Using anti-detect browsers (Octo, Dolphin).
• Clearing cookies between sessions.
• Using incognito mode.
• Separate accounts into different browser profiles.
• Using different VPS/VM for each account.

Tools:

• Cookie AutoDelete (Firefox/Chrome extension)
• Clear Cache Button
• Incognito mode

Objective: Study of tracking mechanisms, development of anonymity protocols.

9. Why do some BINs no longer work?​

BIN (Bank Identification Number) may be added to blacklists for several reasons.

Reasons:​

• High level of chargeback.
• Often used in fraud.
• Compromise in mass leaks.
• Blocked by the bank.
• Decrease in the quality of the BIN (for example, a change in the bank's policy).

How to check:

• Use Checker API
• BIN-checker
• Test purchase with a small check

Objective: Analysis of vulnerabilities in payment systems, development of verification protocols.

10. How to determine that the card is already in the databases?​

If the card is already on the list, its use will result in a refusal.

Signs:​

• Refusal on first purchase.
• Message: “Card Declined”, “Fraud Detected”.
• Request for phone/email verification.
• Automatically log out of your account.
• Suspicious activity has been recorded.

How to check:​

• Try buying something for $1–$5.
• Use Checker API.
• Check that the data matches (IP, address, email).
• Check your card usage history via Fullz.

Objective: Leak analysis, development of verification protocols.

Conclusion:​

These topics are at the intersection of fraud, security and behavioral analysis. Studying them allows you to:

• Develop more resilient security systems.
• Create behavioral analytics models.
• Test existing solutions for vulnerabilities.
• Train cybersecurity professionals.