The site sends a regular TCP request from the browser (or anti-detect browser).
The anti-fraud system responds and injects a script for a STUN request.
The browser makes a STUN request over UDP, bypassing the proxy from the real address, since we remember that the proxy or anti-detect browser may not support UDP.
If the IPs of the TCP connection and UDP differ — the user is exposed for using a proxy.
The image and information taken from the article ZloyTeam
