Our Blog.

The Problem Late last week, I was procrastinating perusing LinkedIn and encountered an article that referenced a scaled ad-fraud campaign powered by a free VPN application called Oko VPN (okovpn[.]com). The second I saw the article title, I had a gut feeling it had to involve a residential proxy service. First, I wanted to know if that was true. Second, was it a service we already track? Unfortunately, the article stopped short of identifying which service fueled the reported fraud. I had to know… The Journey Begins Since there were […]

Cutting Costs Through ATO Reduction Spur tracks anonymity networks at a network and session layer to help our clients combat fraud on their digital properties. This case-study is an example of how our data was put to action by a large financial institution, saving millions of dollars in fraud. ATO: Fancy Buzzword Acronym Account Takeovers (ATOs) are a serious threat that have become a popular buzzword in the security industry. ATOs transpire when a malicious actor gains unauthorized access to a user’s account, usually with the goal of illicit financial […]

Residential Proxy Primer A residential proxy routes traffic through an IP Address assigned to a physical location using devices at that location, such as cell-phones and laptops. The proxied traffic will inherit the connectivity of that physical location, which provides a high amount of diversity in IP Addresses type and blends the proxied traffic in with legitimate user traffic. These qualities make residential proxies very difficult to identify and the tool of choice for bypassing website restrictions while still remaining anonymous. Some of the advertised “legitimate” use cases for residential […]

The Next Step in Proxy Detection Spur started over 5 years ago, and looking back, the ecosystem of anonymization services in 2017 seems quaint compared to today. The arms race for clean, rotating IP Addresses has created a world where humans, bots, fraudsters, or malicious actors can assume the “IP Identity” of millions of residential ISPs, mobile networks, data-centers, or even specific companies and ASNs. The surge in endpoint based proxy services (laptops, phones, etc) significantly degrades the ability for IP based analytics to differentiate between legitimate and proxied traffic […]

How IP Reputation Gets Large Gateways Wrong Thanks to Network Address Translation (NAT), large organizations can get by with only a small number of public IP addresses. What this means is, to the backbone of the Internet, the employee watching funny cat videos on youtube.com will have the same IP address as the employee trying to get in on the next big sneaker drop on nike.com, and the employee betting on sports on fanduel.com, and the employee doomscrolling through twitter.com, and the employee viewing NSFW material on… some domain. Implementing […]

Someone Call 911: A Proxy Service Died It’s been over two months since the malware proxy service 911re imploded and there have been no clear frontrunners to fill the void. A few contenders looked up to the task, SocksEscort and Yilu Proxy, but SocksEscort quickly closed their doors to new sign-ups (likely in an effort to remain under the radar) while Yilu has faced difficulties with usability, payments, and pricing. 911 offered a convenient and familiar way to pay for proxies; similar to defunct services Luxsocks and VIP72, customers could […]

Residential proxy sourcing: witting vs. unwitting Residential proxies – normal user devices (such as phones and PCs) with proxy software installed – present a tricky challenge to online services combating fraud and abuse. Access to these proxies is sold by commercial proxy services, allowing paying customers to co-opt the Internet connection of otherwise benign users all over the world. While conventional datacenter-hosted proxies are relatively static and therefore easily catalogued and blocked, residential proxies are far more ethereal. Proxied Internet traffic passing through residential proxies looks real in the sense […]

UPDATE 2022-02-09: Checkout our new dev portal and corresponding context api documentation. Our Next Gen IP Context Spur’s IP Context API was originally released in early 2020 with 10 proxy and 50 VPN services that we actively tracked and attributed. Today, we track over 40 different proxy providers and 600 VPN services. As we grew our service attribution, we felt a few pain points: Version 2.0 We are excited to announce our version 2 schema. All customers have access to our new v2 context data. To make the switch, simply […]

(Note: This post was migrated from the Spur website and was originally written on 11/17/2020) TL;DR APTs use commercial VPNs and proxies. Knowing which service matters Several weeks ago DHS/CISA issued an alert that Iranian actors were targeting US election websites. The actors scraped voter registration data, scanned for vulnerabilities, sent voter intimidation emails, and threw exploits. The report makes a note that this actor uses VPN services for anonymity. Unfortunately, that isn’t very specific. We (Spur) provide data to show what VPN services are being used. Threat actors, like everyone, have preferred tools, […]

Defacto Tech Support I always get asked by friends and family: “what VPN should I use?” Inevitably, I complicate the answer by responding “well, what are you trying to defend against?” In a world where security has become part of dinner-table conversation I thought it would be helpful to create a reference point for how I help people choose a VPN service (or not) to use. VPNs, like all security tools, have trade-offs depending on the technology and service provider you use. Choosing what trade-offs to make based on your […]