Interesting article. I’ve been curious for a while about how residential proxy IPs are collected too. Many come from shady browser extensions or mobile apps, especially free VPNs (wink wink Hola VPN). People often don’t realize they are turning their device into an exit node.
Some time ago I started to track this as a side project (I work in bot detection and was always surprised by how many residential proxies show up in attacks). It started just out of curiosity. Now I collect proxy IPs, which provider they belong to, and how often they are seen. I also publish stats here:
https://deviceandbrowserinfo.com/proxy-api/stats/proxy-db-30...
For example, in the last 30 days I saw more than 120K IPs from Comcast and nearly 100K from AT&T.
I also maintain an open IP (ranges) blocklist, mostly effective against data center and ISP proxies. Residential IPs are harder since they are often shared with legit users:
https://github.com/antoinevastel/avastel-bot-ips-lists
Even if you can’t block all of them, tracking volume and reuse gives useful signal.
bobbiechen · 20m ago
If you have a product worth buying, it's also worth stealing.
The existence of residential proxies like these is a massive pain if you run free trials or giveaways or host user-generated content (aka a spam/scam opportunity). DSLRoot is only one service of many (see last year's takedown of 911 S5 https://www.scworld.com/news/fbi-takes-down-911-s5-botnet-li... ) and there's plenty of demand for it.
Imagine getting hit by thousands+ of different IP addresses with different user agents, etc. Banning these IPs is not a great option - lots of collateral damage because many real people share IPs, depending on ISP setup.
I work on bot detection involving device fingerprinting - imo this is one of the only ways to defend against residential proxy activity, since you can sniff out the warning flags of automation software and other shared indicators regardless of IP.
zenmac · 7m ago
>I work on bot detection involving device fingerprinting
Yikes, this can become a slippery slop towards surveillance state very quickly with these type of authentication or human verification. Kinda like what the invisible pixel thing on steroid, but event more intrusive and harder to evade.
athrowaway3z · 1h ago
On the one hand, the guy makes it sound like it 'spawns cmd prompts' which suggests a Windows machine and a bunch of amateurs selling crap to third parties (and to the state), instead of being a state level actor. (which shouldn't be able to gather that much valuable metadata by spying on the network anyways)
On the other hand, 250$ is a suspiciously high number when you can get a dozen people to do it for 50$ in an afternoon.
ps. "top secret" clearing is a not secret club - it's a very big club and its practical purpose is you agreeing to increase legal liability by getting thrown into a different judicial tract if you screw up - eg by installing Russian hardware on your home.
deadbabe · 43m ago
It is so easy to pay a college student to get them to whitelist a MAC address for a GLiNet router you install somewhere in a university.
Some time ago I started to track this as a side project (I work in bot detection and was always surprised by how many residential proxies show up in attacks). It started just out of curiosity. Now I collect proxy IPs, which provider they belong to, and how often they are seen. I also publish stats here: https://deviceandbrowserinfo.com/proxy-api/stats/proxy-db-30...
For example, in the last 30 days I saw more than 120K IPs from Comcast and nearly 100K from AT&T.
I also maintain an open IP (ranges) blocklist, mostly effective against data center and ISP proxies. Residential IPs are harder since they are often shared with legit users: https://github.com/antoinevastel/avastel-bot-ips-lists
Even if you can’t block all of them, tracking volume and reuse gives useful signal.
The existence of residential proxies like these is a massive pain if you run free trials or giveaways or host user-generated content (aka a spam/scam opportunity). DSLRoot is only one service of many (see last year's takedown of 911 S5 https://www.scworld.com/news/fbi-takes-down-911-s5-botnet-li... ) and there's plenty of demand for it.
Imagine getting hit by thousands+ of different IP addresses with different user agents, etc. Banning these IPs is not a great option - lots of collateral damage because many real people share IPs, depending on ISP setup.
I work on bot detection involving device fingerprinting - imo this is one of the only ways to defend against residential proxy activity, since you can sniff out the warning flags of automation software and other shared indicators regardless of IP.
Yikes, this can become a slippery slop towards surveillance state very quickly with these type of authentication or human verification. Kinda like what the invisible pixel thing on steroid, but event more intrusive and harder to evade.
On the other hand, 250$ is a suspiciously high number when you can get a dozen people to do it for 50$ in an afternoon.
ps. "top secret" clearing is a not secret club - it's a very big club and its practical purpose is you agreeing to increase legal liability by getting thrown into a different judicial tract if you screw up - eg by installing Russian hardware on your home.