Skip to content

Setup

Setup & testing guide

Get connected in minutes, verify your proxy, wire it into antidetect browsers and automation, and keep accounts healthy.

Quick start — get connected in 3 steps

You can be live on a real mobile IP in under two minutes. Everything you need lives in your customer portal — no support ticket required.

  1. 1Grab your credentials. Open your portal, select the line you want, and copy the connection string. We give it to you in every common shape — host:port:user:pass, a ready-made HTTP URL, a SOCKS5h string, a cURL command, a Python snippet, and a .env block — so you can paste it straight into whatever you use.
  2. 2Plug it into your tool. Most software wants the four parts separately. Map them like this: Host = the proxy hostname, Port = the numeric port, Username = your line username, Password = your line password. Pick HTTP/HTTPS or SOCKS5 depending on the tool (see the protocol section below).
  3. 3Test it. Route a request through the proxy and confirm the IP changed. The fastest check is a single cURL: copy the cURL command from the portal and run it, or use the example in the Testing section. You should see a New York, Austria, or Germany IP on a mobile carrier network — not your own.
# Credential format used everywhere in this guide:
host:port:user:pass

# Same line as a ready-to-use HTTP proxy URL:
http://user:pass@host:port

# One-line sanity check (returns the IP the world sees):
curl -x http://user:pass@host:port https://api.ipify.org

That is the whole loop. The rest of this guide is about doing it well — picking the right protocol, hardening against leaks, and keeping accounts healthy.

Choosing a protocol — HTTP/HTTPS vs SOCKS5(h)

Every line supports both HTTP/HTTPS and SOCKS5. They are not better or worse — they suit different jobs. Pick based on what your tool expects and whether you need DNS to resolve through the proxy.

HTTP / HTTPS

The default for browsers, antidetect tools, scrapers, and most app integrations. It understands web traffic natively, handles HTTPS via CONNECT tunnels, and is the format almost every piece of software accepts without fuss. Use it unless you have a specific reason not to.

SOCKS5 / SOCKS5h

A lower-level, protocol-agnostic tunnel. It carries any TCP traffic (not just HTTP), which matters for non-web tools, custom clients, and some automation frameworks. The key distinction is the trailing h:

  • socks5 — your machine resolves DNS locally, then sends the connection through the proxy. Your real DNS resolver (and therefore a hint of your true location) can leak.
  • socks5h — DNS is resolved through the proxy, on the proxy's network. This is what you almost always want: it keeps name resolution on the same mobile network as the exit IP and closes a common location-leak vector.

Rule of thumb: reach for HTTP/HTTPS for browsers and mainstream tools; reach for SOCKS5h when a tool offers SOCKS and you care about DNS staying on the proxy. The portal can hand you the SOCKS5h string pre-built.

# HTTP/HTTPS via curl
curl -x http://user:pass@host:port https://api.ipify.org

# SOCKS5h via curl (DNS resolved on the proxy — note the 'h')
curl -x socks5h://user:pass@host:port https://api.ipify.org

Authentication — username/password vs IP whitelist

Every line can be authenticated two ways. You can use either or both. Choose based on where your traffic originates.

Username / password

Credentials travel with the connection string (host:port:user:pass). This is the portable option: it works from any machine, any network, no setup on our side. Use it for laptops, roaming, dynamic-IP home connections, and anything where your own source IP changes.

IP whitelist

You authorize one or more of your own source IPs in the portal; connections from those IPs are accepted without sending a username or password. Use it when your traffic comes from a fixed location — a dedicated server, a cloud VM, an office with a static IP.

When to whitelist:

  • Your tool runs on a server or VM with a stable public IP.
  • You want to avoid embedding credentials in scripts, cron jobs, or shared configs.
  • You are running automation at volume and want one less secret in the pipeline.

Add or edit whitelisted IPs anytime in the portal. If your source IP is dynamic (most home and mobile connections), stick with username/password — a whitelist entry breaks the moment your ISP rotates your address. You can combine both: whitelist your server and keep credentials for your laptop on the same line.

Testing your proxy — verify IP, location, fraud score, and leaks

Never trust a proxy you have not verified. Run these checks through the proxy (in the same browser profile or with the same proxied client you will actually use), not on your bare connection. Each tool answers a different question.

The toolset

  • browserleaks.com — the gold standard for the full picture. Checks IP, WebRTC, DNS, Canvas/WebGL fingerprint, TLS, and timezone in one place. Start here.
  • ipqualityscore.com — fraud score and proxy/VPN detection. This is the number platforms care about most.
  • whoer.net — quick anonymity score, plus DNS and WebRTC leak indicators and a country-vs-locale consistency check. whoer.net/dns-leak-test is the dedicated DNS check.
  • ip2location.com — independent geolocation, ISP, ASN, and usage-type lookup. Confirm it reports a mobile/cellular usage type, not datacenter.
  • dnsleaktest.com — run the Extended Test; every resolver shown should be on the proxy's network and country, never your own ISP.
  • ipinfo.io — fast, reliable IP + ASN + org lookup; good for scripting (curl ipinfo.io through the proxy).

What a healthy result looks like

  • Cellular ASN — the org/ISP resolves to a mobile network operator and the usage type reads 'mobile' or 'cellular' (not 'data center' / 'hosting'). This is the whole point of a 4G LTE line.
  • Matching country — IP geolocation, DNS resolver country, and your browser/OS locale all agree (New York for US lines; Austria or Germany for EU lines).
  • Low fraud score — on IPQualityScore, lower is better; you want a clean, low risk reading with proxy/VPN flags not raised against a residential/mobile classification.
  • No DNS leak — every resolver on dnsleaktest.com and whoer.net sits on the proxy network in the proxy country.
  • No WebRTC leak — browserleaks WebRTC shows the proxy IP only; your real public and local IPs must not appear.
  • Consistent timezone — timezone matches the IP's region (set your antidetect profile's timezone to the proxy location, or let it auto-match the IP).
# Scriptable health check through the proxy
curl -x http://user:pass@host:port https://ipinfo.io/json

# Expect: "country" matches your line (US/AT/DE),
# "org"/"asn" reads as a mobile carrier network,
# and the IP is NOT your own.

If geolocation or DNS disagrees with the IP, fix it before you touch any real account — a mismatch is exactly what fraud systems look for. Re-test after changing protocol (try SOCKS5h to pull DNS onto the proxy) or after rotating to a fresh IP.

Antidetect browser integration

Antidetect (multi-accounting) browsers give each account its own isolated browser profile with a distinct fingerprint. Pairing each profile with one of our mobile lines means each account also gets a distinct, real-carrier IP. As of 2026 the mainstream tools are Multilogin (Multilogin X), GoLogin, Dolphin{anty}, AdsPower, Undetectable, and Kameleo — all support custom HTTP/HTTPS and SOCKS5 proxies.

Generic steps (same idea in every tool)

  1. 1Create a new browser profile for the account you are setting up.
  2. 2Open that profile's proxy / connection settings.
  3. 3Set the proxy type to match your chosen protocol — HTTP (or HTTPS) for most cases, or SOCKS5 if you prefer DNS-on-proxy behavior.
  4. 4Enter the four fields from your portal credential string: Host, Port, Username, Password. (Take them from the host:port:user:pass value — first part Host, second Port, third Username, fourth Password.)
  5. 5Use the tool's built-in 'Check proxy' / 'Test connection' button. It should report the proxy IP and country. If it fails, re-check the port and that you copied the password fully.
  6. 6Set the profile's timezone, locale, and WebGL/geolocation to match the proxy country (most tools can auto-match to the IP). Save the profile and launch it.
  7. 7Inside the launched profile, run the Testing checklist above (browserleaks + IPQualityScore) before logging into anything.

The one rule that matters

One profile = one proxy = one account. Never share a single line across multiple profiles or accounts, and never move an account from the proxy it was created on. The whole value of fingerprint isolation collapses if two accounts exit from the same IP. Dedicate a line per identity and keep it stable.

Tip: most of these tools also accept a proxy at the moment you create the profile (paste the full string, or fill the four fields). Dolphin{anty}, AdsPower, and GoLogin additionally support bulk import, so you can map a batch of lines to a batch of profiles in one pass.

Per-platform tips

The platforms below all run aggressive multi-account and automation detection. The mechanics are the same everywhere: one dedicated proxy per account, a slow warm-up, and disciplined rotation. The specifics differ slightly per network.

Universal rules (apply to all)

  • One proxy per account. A real person has one phone on one connection — mirror that. Never let two accounts share an exit IP.
  • Warm up before you act. New accounts should browse, scroll, and consume for several days before posting, following, or messaging at volume. Ramp activity gradually.
  • Switch slowly. If you operate several accounts from one machine, leave 10–15 minutes between switching from one account to the next, and never log two accounts in back-to-back from the same IP.
  • Keep the IP stable per account. Don't rotate mid-session. Rotate the line's IP only between sessions, and keep the country fixed to where that account 'lives'.

Instagram

The strictest of the group. Pair one mobile line per account, keep the same country long-term, and warm new accounts for a week of passive use before following/posting. Avoid rapid follow/unfollow bursts — that, not the IP alone, is what triggers action blocks.

Facebook

Shares Meta's detection stack with Instagram, so isolation matters as much. Keep each profile on its own line and fingerprint; a clean mobile IP plus a consistent fingerprint and steady activity is what builds account trust over time.

TikTok

Very location- and device-consistency sensitive. Match the proxy country to the account's intended audience and keep timezone/locale aligned with the IP. Warm up by watching content in-feed before posting.

X (Twitter)

Tolerant of posting cadence but unforgiving of obvious automation and shared IPs. Use a dedicated line per account and stagger logins. Sudden bulk follows or identical posting patterns across accounts are the usual triggers.

Reddit

Account age and karma carry the trust. Give each account its own line, build history slowly with genuine comments before posting links, and avoid operating several accounts from one IP in the same subreddit window.

VPN setup (WireGuard / OpenVPN)

On VPN plans we deliver a ready-to-import configuration file when your plan is activated — you do not generate keys yourself. You install a standard client, import that config, and connect. A VPN tunnel routes your whole device (or a chosen app) through the mobile line, which is the right choice when you need every connection on the IP, not just a single browser.

WireGuard

  1. 1Install the WireGuard client for your platform from wireguard.com/install (Windows, macOS, Linux, iOS, Android).
  2. 2Open WireGuard and choose 'Add Tunnel' → 'Import from file', then select the .conf file we delivered. On mobile you can scan the QR code if one was provided.
  3. 3Activate the tunnel. The client shows a handshake and live transfer counters once connected.
  4. 4Verify with the Testing checklist (ipinfo.io / browserleaks) that your IP is now the mobile line.

OpenVPN

  1. 1Install OpenVPN Connect from openvpn.net/client (Windows, macOS, Linux, iOS, Android).
  2. 2Open the app, choose to import a profile, and select the .ovpn file we delivered.
  3. 3Connect. If the profile uses credentials, enter the ones supplied with your config.
  4. 4Verify your IP and location through the Testing tools before relying on the tunnel.

What UDP/QUIC unlocks

Both WireGuard and our OpenVPN profiles run over UDP, which passes QUIC (HTTP/3) traffic cleanly. That matters because many modern apps and sites — and most video — prefer QUIC; a UDP-capable tunnel means those connections work natively and fast instead of being forced to fall back. WireGuard in particular is lightweight and low-latency, which makes it the better default for mobile and for anything latency-sensitive.

Multi-SIM VPN plans rotate the egress IP automatically per connection, so you get fresh mobile addresses without touching the config. Keep the same client installed; the rotation happens upstream.

Automation / API

For scripted workflows you have two moving parts: the proxy connection string (to route requests) and your rotation link (to request a fresh IP on demand). Both come from the portal.

Rotation in scripts

Your line includes a rotation link — a private URL that triggers an on-demand IP change for that line. Call it from your code (a plain GET) whenever you want the next IP, then continue your requests through the same proxy host/port. Keep at least 5 minutes between rotations; rotating faster than the network settles gives you worse, not better, IPs and can look abusive. Treat the rotation link as a secret, the same as your password.

# Trigger an on-demand rotation, then keep working through the same line.
# (5-minute minimum between rotations recommended.)
curl -s "https://<your-rotation-link-from-portal>"
sleep 300   # let the new IP settle
curl -x http://user:pass@host:port https://ipinfo.io/json

cURL

# HTTP/HTTPS
curl -x http://user:pass@host:port https://api.ipify.org

# SOCKS5h (DNS resolved on the proxy)
curl -x socks5h://user:pass@host:port https://api.ipify.org

Python (requests)

import requests

proxies = {
    "http":  "http://user:pass@host:port",
    "https": "http://user:pass@host:port",
}

r = requests.get("https://ipinfo.io/json", proxies=proxies, timeout=30)
print(r.json())

# SOCKS5h variant (pip install requests[socks]):
# proxies = {
#     "http":  "socks5h://user:pass@host:port",
#     "https": "socks5h://user:pass@host:port",
# }

You can also schedule rotation from the portal (set an interval) instead of calling the link from code — useful when you want a steady drip of fresh IPs without managing timing in your script. The portal copy buttons hand you the cURL, Python, and .env forms pre-filled, so you rarely have to assemble a string by hand.

Best practices

Mobile IPs are a scarce, high-trust resource. Treat them with discipline and they stay clean for a long time.

  • Dedicate a line to important accounts. Anything you cannot afford to lose gets its own line that nothing else touches — no sharing across accounts, no reusing for throwaway tasks.
  • Use IP whitelist where you can. If your automation runs from a fixed server IP, whitelist it and keep credentials out of your scripts entirely. Fewer secrets, fewer leaks.
  • Pin protocol and DNS sensibly. Prefer SOCKS5h (or a browser/profile whose DNS rides the proxy) so name resolution never escapes to your real network.
  • Monitor health, not just uptime. Periodically re-run the Testing checklist on production lines: confirm the cellular ASN, country match, and a low fraud score. Catch drift before a platform does.
  • Avoid excessive rotation. Keep at least 5 minutes between rotations and rotate only between sessions, never mid-task. Constant churn lowers IP quality and looks unnatural — a stable IP per session reads as a real device.
  • Keep identity signals consistent. Match timezone, locale, and language to the proxy country, and keep each account on the same country long-term. Sudden geography jumps are a classic red flag.
  • Warm up, then scale. New accounts and new lines both benefit from a gentle ramp. Build trust with light activity before pushing volume.
  • Guard your rotation links and credentials. They are line secrets. Rotate them in the portal if you suspect exposure, and never commit them to a repo.
Stuck on a step? Contact us — we read every message.