911[.]re

A residential proxy service known as 911[.]re provided users with access to residential IP addresses for anonymity, primarily serving cybercrime communities seeking to conceal malicious traffic. It operated as a platform where customers could purchase or rent proxy nodes to route their internet traffic through legitimate residential connections, thereby masking the origin of their activities. The service emphasized ease of integration via an API that allowed automated management of account balances and proxy allocations. Its core offering centered on supplying a large pool of residential IPs sourced from compromised or rented home networks, which are harder to block than data‑center addresses. The platform marketed itself as a reliable tool for maintaining persistent anonymity while conducting various online operations. By focusing on residential infrastructure, it filled a niche that many traditional proxy providers did not adequately cover.

In July 2022 the service suffered a breach when attackers exploited an unauthenticated API endpoint to alter user account balances and subsequently destroyed critical servers, backups, and financial systems, rendering the platform irrecoverable. The shutdown abruptly removed a widely used anonymity layer for cybercriminals, causing notable disruption within underground markets that had depended on 911[.]re for proxy services. The incident highlighted systemic weaknesses in API security, drawing parallels to another proxy provider that had leaked customer data through exposed interfaces. Although the organisation’s size, ownership, or parent‑subsidiary structure were not disclosed in the available sources, its sudden disappearance demonstrated how critical a single point of failure could be for illicit proxy ecosystems. The loss of the service was reported to have temporarily reduced fraudulent traffic aimed at financial and cryptocurrency targets, as attackers sought alternative infrastructure. Overall, the case of 911[.]re serves as a concrete example of how inadequate protection of administrative APIs can lead to total service collapse and broader repercussions for the threat landscape.