Inside Residential IP Proxies: Lessons Learned from Large Measurement Campaigns

Elisa Chiapponi, Marc Dacier, Olivier Thonnard

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Residential IP Proxy (RESIP) providers represent a growing threat when used for web scraping and other malicious activities. RESIPs enable their customers to hide behind a vast network of residential IP addresses to perpetrate their actions. This helps the customers to evade detection. Thanks to two new large datasets of RESIP connections, we reveal new insights into RESIP inner functioning and modus operandi. We present the similarities and differences of the ecosystems associated with four RESIP providers (geographic distribution, types, management and amount of machines used). Moreover, we display how two of the providers have striking similarities and we propose a specific detection method to identify them. Furthermore, we show how to build a list of suspicious /24 blocks of IP addresses and use it to mitigate the actions of malicious parties behind RESIPs.
Original languageEnglish (US)
Title of host publication8th International Workshop on Traffic Measurements for Cybersecurity (WTMC 2023) co-located with 8th IEEE European Symposium on Security and Privacy
StatePublished - 2023

Bibliographical note

KAUST Repository Item: Exported on 2023-06-21
Acknowledgements: We thank the anonymous reviewers for their helpful feedback.


Dive into the research topics of 'Inside Residential IP Proxies: Lessons Learned from Large Measurement Campaigns'. Together they form a unique fingerprint.

Cite this