A First Look at User-Installed Residential Proxies From a Network Operator’s Perspective

Abstract

Residential proxies (RESIP) enable the tunneling of traffic through non-data center Internet connections. Previous research has focused on malicious software on end-user devices that made them part of RESIP networks. This study investigates RESIP networks that users voluntarily join in exchange for monetary rewards, aiming to understand the activities facilitated through these services. We developed a testbed environment to operate and monitor eight different residential proxy applications over 7.5 months, enabling us to collect and analyze 368 GB of proxied network traffic, the majority of which is encrypted.In this work, we highlight three distinct case studies that suggest these proxies are used in practices not advertised by the RESIP providers and in one case, shed light on the scale of the proxied campaigns. Firstly, we discuss the use of RESIPs on two dating apps, Tinder and happn, highlighting their likely role in facilitating fraudulent activities. Secondly, an analysis of metadata suggests that RESIPs may play a crucial part in phishing campaigns. Thirdly, a collaboration with a leading technology company in the travel industry allows us to analyze the behavior of web scrapers.Our results underscore the need for enhanced detection mechanisms to mitigate fraud and protect users.

Publication
In 2024 20th International Conference on Network and Service Management (2024 20th International Conference on Network and Service Management (CNSM))
Elisa Chiapponi
Elisa Chiapponi
Cybersecurity Researcher

Cybersecurity Researcher in the Global Security Operations at Amadeus IT Group