If possible, collect fingerprint information through a side channel such as WebRTC or WebTransport, and use the info to correlate payments. Or, if the attack is executed from a non-browser environment, you can pattern match the order of TLS cipher suite to that sent by the attacker and block them straight away.