Our Blog.

How IP Reputation Gets Large Gateways Wrong Thanks to Network Address Translation (NAT), large organizations can get by with only a small number of public IP addresses. What this means is, to the backbone of the Internet, the employee watching funny cat videos on youtube.com will have the same IP address as the employee trying […]

Someone Call 911: A Proxy Service Died It’s been over two months since the malware proxy service 911re imploded and there have been no clear frontrunners to fill the void. A few contenders looked up to the task, SocksEscort and Yilu Proxy, but SocksEscort quickly closed their doors to new sign-ups (likely in an effort […]

Residential proxy sourcing: witting vs. unwitting Residential proxies – normal user devices (such as phones and PCs) with proxy software installed – present a tricky challenge to online services combating fraud and abuse. Access to these proxies is sold by commercial proxy services, allowing paying customers to co-opt the Internet connection of otherwise benign users […]

Our Next Gen IP Context Spur’s IP Context API was originally released in early 2020 with 10 proxy and 50 VPN services that we actively tracked and attributed. Today, we track over 40 different proxy providers and 600 VPN services. As we grew our service attribution, we felt a few pain points: Adding new metadata […]

(Note: This post was migrated from the Spur website and was originally written on 11/17/2020) TL;DR APTs use commercial VPNs and proxies. Knowing which service matters Several weeks ago DHS/CISA issued an alert that Iranian actors were targeting US election websites. The actors scraped voter registration data, scanned for vulnerabilities, sent voter intimidation emails, and threw exploits. […]

Defacto Tech Support I always get asked by friends and family: “what VPN should I use?” Inevitably, I complicate the answer by responding “well, what are you trying to defend against?” In a world where security has become part of dinner-table conversation I thought it would be helpful to create a reference point for how […]

Network Defense is Hard Being a network defender is a really difficult job. Quality IP reputation feeds cost a lot of money. Sometimes you just want to take a shortcut and apply publicly available block lists to your firewalls to simplify your life. While this works for some, this might not be the best strategy […]

A Quick Recap Residential proxies and malware proxies are one of the core technologies Spur is battling in the fight against fraud. These services have large pools of IP addresses with benign reputations. But how? The answer is SDKs. These semi-legitimate SDKs offer monetization for mobile and desktop developers. These SDKs are reverse-tunnels connecting back […]