Our Blog.

Residential Proxy Primer A residential proxy routes traffic through an IP Address assigned to a physical location using devices at that location, such as cell-phones and laptops. The proxied traffic will inherit the connectivity of that physical location, which provides a high amount of diversity in IP Addresses type and blends the proxied traffic in with legitimate user traffic. These qualities make residential proxies very difficult to identify and the tool of choice for bypassing website restrictions while still remaining anonymous. Some of the advertised “legitimate” use cases for residential […]

The Next Step in Proxy Detection Spur started over 5 years ago, and looking back, the ecosystem of anonymization services in 2017 seems quaint compared to today. The arms race for clean, rotating IP Addresses has created a world where humans, bots, fraudsters, or malicious actors can assume the “IP Identity” of millions of residential ISPs, mobile networks, data-centers, or even specific companies and ASNs. The surge in endpoint based proxy services (laptops, phones, etc) significantly degrades the ability for IP based analytics to differentiate between legitimate and proxied traffic […]

How IP Reputation Gets Large Gateways Wrong Thanks to Network Address Translation (NAT), large organizations can get by with only a small number of public IP addresses. What this means is, to the backbone of the Internet, the employee watching funny cat videos on youtube.com will have the same IP address as the employee trying to get in on the next big sneaker drop on nike.com, and the employee betting on sports on fanduel.com, and the employee doomscrolling through twitter.com, and the employee viewing NSFW material on… some domain. Implementing […]

Someone Call 911: A Proxy Service Died It’s been over two months since the malware proxy service 911re imploded and there have been no clear frontrunners to fill the void. A few contenders looked up to the task, SocksEscort and Yilu Proxy, but SocksEscort quickly closed their doors to new sign-ups (likely in an effort to remain under the radar) while Yilu has faced difficulties with usability, payments, and pricing. 911 offered a convenient and familiar way to pay for proxies; similar to defunct services Luxsocks and VIP72, customers could […]

Residential proxy sourcing: witting vs. unwitting Residential proxies – normal user devices (such as phones and PCs) with proxy software installed – present a tricky challenge to online services combating fraud and abuse. Access to these proxies is sold by commercial proxy services, allowing paying customers to co-opt the Internet connection of otherwise benign users all over the world. While conventional datacenter-hosted proxies are relatively static and therefore easily catalogued and blocked, residential proxies are far more ethereal. Proxied Internet traffic passing through residential proxies looks real in the sense […]

UPDATE 2022-02-09: Checkout our new dev portal and corresponding context api documentation. Our Next Gen IP Context Spur’s IP Context API was originally released in early 2020 with 10 proxy and 50 VPN services that we actively tracked and attributed. Today, we track over 40 different proxy providers and 600 VPN services. As we grew our service attribution, we felt a few pain points: Version 2.0 We are excited to announce our version 2 schema. All customers have access to our new v2 context data. To make the switch, simply […]

(Note: This post was migrated from the Spur website and was originally written on 11/17/2020) TL;DR APTs use commercial VPNs and proxies. Knowing which service matters Several weeks ago DHS/CISA issued an alert that Iranian actors were targeting US election websites. The actors scraped voter registration data, scanned for vulnerabilities, sent voter intimidation emails, and threw exploits. The report makes a note that this actor uses VPN services for anonymity. Unfortunately, that isn’t very specific. We (Spur) provide data to show what VPN services are being used. Threat actors, like everyone, have preferred tools, […]

Defacto Tech Support I always get asked by friends and family: “what VPN should I use?” Inevitably, I complicate the answer by responding “well, what are you trying to defend against?” In a world where security has become part of dinner-table conversation I thought it would be helpful to create a reference point for how I help people choose a VPN service (or not) to use. VPNs, like all security tools, have trade-offs depending on the technology and service provider you use. Choosing what trade-offs to make based on your […]

Network Defense is Hard Being a network defender is a really difficult job. Quality IP reputation feeds cost a lot of money. Sometimes you just want to take a shortcut and apply publicly available block lists to your firewalls to simplify your life. While this works for some, this might not be the best strategy for all businesses, especially those which can’t afford to have a false positive. Aggressive blocking might work for some but, simple lists of IP addresses lack the context to provide the granular control needed for […]

A Quick Recap Residential proxies and malware proxies are one of the core technologies Spur is battling in the fight against fraud. These services have large pools of IP addresses with benign reputations. But how? The answer is SDKs. These semi-legitimate SDKs offer monetization for mobile and desktop developers. These SDKs are reverse-tunnels connecting back to their parent service and allow the proxy company’s customers access to the end-user’s internet connection. When the end-user agrees to the application’s terms of service, they unknowingly provide consent to the proxy SDK. When […]