Troubleshooting

Something not working? Most issues fall into one of the eight patterns below. Find the symptom that matches, follow the diagnosis, apply the fix.

Connection refused or timeout on the gateway

Symptoms: Your client reports “connection refused”, “connection timed out”, or “no route to host” when calling p.shifter.io:443.

Diagnosis:

1. Confirm you are pointing at the new gateway: p.shifter.io:443. Legacy plans use per-port subdomains like apollo.p.shifter.io:<port>.
2. Check your source IP is not behind a firewall that blocks outbound 443.
3. Test raw connectivity: nc -vz p.shifter.io 443.

Fix: If raw connectivity works but the proxy fails, the issue is authentication. See the 407 section below. If raw connectivity fails, check egress firewall rules and retry from a different network.

HTTP 407 Proxy Authentication Required

Symptoms: Every request returns 407 Proxy Authentication Required.

Diagnosis:

• Wrong credentials: typo in username or password.
• Unknown flag: a malformed country code, city slug, or session string in the extended username.
• Password regenerated: old password no longer valid after a rotation in the panel. Fix:

1. Strip all flags and retry with the bare username and password first. If that works, add flags back one at a time.
2. Check shifter.io/panel under Residential Proxies to confirm your password.
3. If you rotated passwords recently, roll the new value out to all clients.

Slow response times from residential IPs

Symptoms: Requests take 5-10+ seconds. Previously fast IPs have slowed down.

Diagnosis: Residential IPs come from real ISP connections. Some drift in latency is normal. Persistent slowness usually means:

• The end user of that IP is using the connection heavily (Netflix, large upload).
• The target site is throttling the IP.
• The pool filter is too narrow and you’re getting backed-up IPs.

Fix:

• Rotate more aggressively (drop the sticky session or shorten ttl).
• Broaden your filter (drop the city, keep just the country).
• For ISP proxies: use Managing IPs → Replace to swap the slow IP for a fresh one.

IP geolocation does not match my target

Symptoms: You requested country-us-city-new_york and the target site thinks you’re somewhere else.

Diagnosis:

• Residential IPs are geolocated by third-party databases (MaxMind, IP2Location). Those databases are not always consistent with the target site’s own geolocation source.
• Mobile carrier IPs and newly-assigned ISP ranges can be misclassified for weeks.

Fix:

• Retry the request. Shifter assigns a new IP on every request (or every sticky session) and the next one may have more accurate geolocation on the target’s database.
• If you need guaranteed geography for a specific target, contact support with the target URL and the desired location. We can pre-validate IPs against that target.

HTTPS errors, SSL/TLS failures

Symptoms: SSL handshake failed, certificate verify failed, or tls: bad record MAC.

Diagnosis:

• You’re running an old OpenSSL or Node version that rejects the gateway’s cipher suite.
• Corporate proxies chain-of-trust broken.

Fix:

• Update your client’s TLS library. Node 18+, Python requests 2.28+, curl 7.80+ are known good.
• Pin the gateway certificate to bypass chain issues if your environment requires strict hosts.
• For debugging only: curl --proxy-insecure disables cert verification on the proxy leg. Never ship this flag.

Target site still blocks me

Symptoms: Even through residential proxies with rotation, a specific target returns CAPTCHAs, 403s, or empty bodies.

Diagnosis: The target has layered anti-bot (Cloudflare, Akamai, DataDome) that fingerprints beyond IP. Common giveaways:

• User-Agent does not match TLS fingerprint (JA3/JA4 mismatch).
• Headers are sent in a different order than a real browser.
• Browser APIs (WebDriver detection, navigator.webdriver flag) expose automation.
• IP rotation is too aggressive for the target’s session model.

Fix:

• Switch from raw proxies to the Web Scraping API, which includes stealth mode and CAPTCHA solving.
• Or: open a ticket with the target URL. Many cases are tunable from our side.

Web Scraping API returns 509 Bandwidth Limit Exceeded

Symptoms: Scraping API returns 509 even though you have credits remaining on your plan.

Diagnosis: 509 means plan quota exhausted. If you still have credits on the dashboard, check:

• You’re using the correct API key (not one from an old plan).
• Extra Traffic is enabled if you want overage to convert to pay-as-you-go.

Fix:

• Confirm the key matches the active plan in Web Scraping API → API Keys.
• Enable Billing → Extra Traffic to auto-convert overages to per-credit pricing.
• Upgrade the plan if you’re regularly running out.

Payment failed or subscription did not activate

Symptoms: You paid but the plan shows as inactive, or renewal failed silently.

Diagnosis:

• Card issuer blocked the transaction (common with international card-not-present charges).
• Card expired or 3DS challenge not completed.
• Crypto payment not yet confirmed (6 confirmations required).

Fix:

1. Check the card’s transaction history on your banking app. If the charge was rejected, retry with a different card.
2. For crypto, payments are detected by the processor on 6 blockchain confirmations. Usually 15-60 minutes for BTC/ETH.
3. If the charge went through but the plan is still inactive after 30 minutes, email hi@shifter.io with the invoice ID.

Tip

For anything not covered here, start a live chat from the panel or email hi@shifter.io. Include: the product, the plan, a timestamp, and a verbatim error message.

See also

• Billing & Pricing - refunds, invoices, payment methods.
• Support - contact channels, SLAs, status page.