Residential proxy networks and services

  • Christmas in July: A Finely Wrapped Malware Proxy Service

    It is not often that Spur has the opportunity to glean full insight into a malware proxy service. Because we track hundreds of proxy and VPN services, our focus is generally on the proxies from a network standpoint rather than any related malware or its provenance. Even rarer do we get awareness into the actor(s) […]

    Continue Reading…

  • Taking a Bite Out of Fraud: How Spur “dog foods” Monocle to put a leash on fake signups

    If you build it, they will come Putting anything public-facing on the Internet will result in abuse over a long enough time span. As a basic example, fire up a “hello world” web application on a Raspberry Pi, punch a hole in your router’s firewall and port forward to your new web server, and watch […]

    Continue Reading…

  • Identifying the Nexus of Scaled Ad Fraud

    The Problem Late last week, I was procrastinating perusing LinkedIn and encountered an article that referenced a scaled ad-fraud campaign powered by a free VPN application called Oko VPN (okovpn[.]com). The second I saw the article title, I had a gut feeling it had to involve a residential proxy service. First, I wanted to know […]

    Continue Reading…

  • Case Study: Cutting Costs Through ATO Reduction

    Cutting Costs Through ATO Reduction Spur tracks anonymity networks at a network and session layer to help our clients combat fraud on their digital properties. This case-study is an example of how our data was put to action by a large financial institution, saving millions of dollars in fraud. ATO: Fancy Buzzword Acronym Account Takeovers […]

    Continue Reading…

  • What is a Residential Proxy?

    Residential Proxy Primer A residential proxy routes traffic through an IP Address assigned to a physical location using devices at that location, such as cell-phones and laptops. The proxied traffic will inherit the connectivity of that physical location, which provides a high amount of diversity in IP Addresses type and blends the proxied traffic in […]

    Continue Reading…

  • I Don’t Like Big Gateways (and I Cannot Lie)

    How IP Reputation Gets Large Gateways Wrong Thanks to Network Address Translation (NAT), large organizations can get by with only a small number of public IP addresses. What this means is, to the backbone of the Internet, the employee watching funny cat videos on will have the same IP address as the employee trying […]

    Continue Reading…

  • Big Socks to Fill: Tracking the Next 911RE

    Someone Call 911: A Proxy Service Died It’s been over two months since the malware proxy service 911re imploded and there have been no clear frontrunners to fill the void. A few contenders looked up to the task, SocksEscort and Yilu Proxy, but SocksEscort quickly closed their doors to new sign-ups (likely in an effort […]

    Continue Reading…

  • The market for clean IP addresses: The good, the bad, and the ugly

    Residential proxy sourcing: witting vs. unwitting Residential proxies – normal user devices (such as phones and PCs) with proxy software installed – present a tricky challenge to online services combating fraud and abuse. Access to these proxies is sold by commercial proxy services, allowing paying customers to co-opt the Internet connection of otherwise benign users […]

    Continue Reading…

  • Proxy Diversity (or lack thereof)

    A Quick Recap Residential proxies and malware proxies are one of the core technologies Spur is battling in the fight against fraud. These services have large pools of IP addresses with benign reputations. But how? The answer is SDKs. These semi-legitimate SDKs offer monetization for mobile and desktop developers. These SDKs are reverse-tunnels connecting back […]

    Continue Reading…

  • Residential Proxies: The “Legal” Botnet That Nobody Talks About

    If I were to say that a new botnet has compromised over 70 million devices world-wide, it would be front-page news. At the very least, it would be trending within most security communities. Luminati has a current claim of 70 million clean IPs available for their proxy network. Oxylabs says 100 million. Both networks source their IP pool from SDKs embedded in mobile, browser, or desktop applications. Why are Luminati and Oxylabs ignored by the security community?

    Continue Reading…

← Return to Blog

Context-API Malware Misc Monocle News Residential Proxies