What is a Residential Proxy?
Residential Proxy Primer A residential proxy routes traffic through an IP Address assigned to a physical location using devices at that location, such as cell-phones and laptops. The proxied traffic will inherit the connectivity of that physical location, which provides a high amount of diversity in IP Addresses type and blends the proxied traffic in […]
I Don’t Like Big Gateways (and I Cannot Lie)
How IP Reputation Gets Large Gateways Wrong Thanks to Network Address Translation (NAT), large organizations can get by with only a small number of public IP addresses. What this means is, to the backbone of the Internet, the employee watching funny cat videos on youtube.com will have the same IP address as the employee trying […]
Big Socks to Fill: Tracking the Next 911RE
Someone Call 911: A Proxy Service Died It’s been over two months since the malware proxy service 911re imploded and there have been no clear frontrunners to fill the void. A few contenders looked up to the task, SocksEscort and Yilu Proxy, but SocksEscort quickly closed their doors to new sign-ups (likely in an effort […]
The market for clean IP addresses: The good, the bad, and the ugly
Residential proxy sourcing: witting vs. unwitting Residential proxies – normal user devices (such as phones and PCs) with proxy software installed – present a tricky challenge to online services combating fraud and abuse. Access to these proxies is sold by commercial proxy services, allowing paying customers to co-opt the Internet connection of otherwise benign users […]
Proxy Diversity (or lack thereof)
A Quick Recap Residential proxies and malware proxies are one of the core technologies Spur is battling in the fight against fraud. These services have large pools of IP addresses with benign reputations. But how? The answer is SDKs. These semi-legitimate SDKs offer monetization for mobile and desktop developers. These SDKs are reverse-tunnels connecting back […]
Residential Proxies: The “Legal” Botnet That Nobody Talks About
If I were to say that a new botnet has compromised over 70 million devices world-wide, it would be front-page news. At the very least, it would be trending within most security communities. Luminati has a current claim of 70 million clean IPs available for their proxy network. Oxylabs says 100 million. Both networks source their IP pool from SDKs embedded in mobile, browser, or desktop applications. Why are Luminati and Oxylabs ignored by the security community?