Back to blog

A Study of the Core Components of the Best Residential Proxies Services (Series 5)

Based on the previous article, the author reports here a study on the core components of Proxy Residential services. The study analyzes the reasons for using these Proxy Residential, how they are recruited, and the services they provide.

1. proxy detection circumvention

IP Source Analysis

Using a penetration framework, the author collected 6,183,876 unique residential proxies addresses from five residential proxy service providers. These addresses cover 238 countries and regions, 28,035 network prefixes and more than 52,000 ISPs with rotating residential proxies worldwide. The author found that, as in ProxyLite, Germany and Italy accounted for more of the proxies, amounting to 1,866,258 IPs and 1,874,620 IPs, respectively. most of the residential proxy IPs are located in Europe America, etc. To identify residential IPs, the author trained a classifier. The study shows that 95.22% of the collected residential proxies are actually residential IPs, with ProxyRack having the highest percentage of non-residential IPs at 8.82%, while ProxyLite would be better with some small ISPs redistributing such non-residential IPs to hosting service providers.

Blacklisting and Malicious Activity

The author further investigated whether these residential IPs are blacklisted or not. The results show that 2.20% of the residential proxies IPs have been listed on at least one blacklist, with ProxyRack having the highest percentage of blacklists (2.54%) and ProxyLite having a more pristine blacklist. Of the malicious activities involved, spam and malicious website hosting were the most common. The study also found that 1,248 residential proxies IPs had been used in two botnet campaigns.

2. Proxies Recruitment

Volunteer Recruitment

The author explores how residential proxy services recruit proxies. Proxy service providers will have services that explicitly recruit regular users, and by installing a client, users can join their network and proxy others' traffic. While there are some proxies service providers do not find recruitment channels or related software.

3. Proxies Traffic Analysis

Traffic Collection and Analysis

In order to understand the operation of residential proxies, the author analyzed their traffic logs and found that some of the traffic involved illegal activities. The author found that 50 of the 67 PUPs (Potentially Unwanted Programs) were flagged as malware by at least one antivirus engine.

In the traffic targeting analysis, the author found that these PUPs mainly accessed advertising, search engine and shopping websites. It indicates that these residential proxies are involved in activities such as ad verification, ad blocking, seo monitoring and optimization and cross-border e-commerce.

Fast Flux

The author also found that some residential proxies act as fast flux proxies for some websites to avoid IP detection. Using passive DNS data and VirusTotal API, the author found that 1.14% of IPs had been mapped to malicious domains during the residential proxies, and the average mapping lasted 86.8 days.

4. Residential Proxies and Botnets

Distributed Denial of Service Attack Program Analysis

The study shows that some residential proxies have been used in distributed denial-of-service attack programs such as Hajime and IoT Reaper, and that these IPs may also have been recruited through stealthy intrusions. Although residential proxies exhibit different characteristics from distributed denial-of-service attack programs, detecting these proxies still presents new challenges.

Summarizing

Through an in-depth analysis of residential IP proxies, I found that these proxies not only have extensive global coverage, but also involve complex recruitment and usage mechanisms. Although some of the proxies may be involved in illegal activities, overall, residential proxy services have demonstrated a strong ability to provide anonymity and circumvent detection. This makes residential proxies an important tool for many online activities.