Who are the victims of residential proxies?
Executive Summary
Synthient’s Research Team systematically monitors the SDK ecosystem, analyzing outbound traffic patterns to assess the role of residential proxies in spam, credential stuffing, and ad-fraud operations. Although residential proxy providers have expanded rapidly over the past decade, often citing demand from AI and Big Data applications, our analysis indicates that these claims are overstated. The majority of observed proxy traffic continues to facilitate abuse targeting financial institutions, advertising networks, and e-commerce platforms. This report was done in collaboration with Infoblox with them publishing their own report seeking to add further context to “Who are the victims of residential proxies”.
This report pulls data from Helios, our proxy SDK tracking platform, which monitors the largest proxy SDKs and the egress of traffic from those providers. We showcase these findings to highlight the continued exploitation and targeting of vulnerable devices on local area networks (LAN) and the substantial volume of fraudulent traffic originating from residential proxies.
Synthient encourages defenders to think beyond traditional IP risk data. Residential proxy detection requires a multifaceted approach that leverages multiple tiers of data and detection methods. This report underscores the countermeasures required by private industry, as well as the growing need for regulation in this space.
The “AI Washing” of Residential Proxies
In the last several years, AI has grown significantly, and proxy providers have been quick to capitalize on this trend. Many of the largest proxy providers have updated their public-facing branding to highlight AI, implying it is a primary use case for their residential proxies. This shift in messaging has been seen almost universally; for example, HK Network (IPIDEA) used similar framing prior to its recent takedowns by Google.
Ready to access the raw data?
Detect residential proxies and anonymized traffic.
