- Infoblox Threat Intel finds 65%+ of its cloud customers made DNS queries to residential-proxy domains in 2026
- Residential proxies could result in legal exposure or reputational damage if threat actors abuse them
- While not all residential proxies are illegal, abusers take advantage of anonymity coupled with cheap, unauthorized residential proxies to perform tasks that may be unethical, if not outright illegal at times
Users installing free VPNs, streaming apps, and even productivity apps might be unaware that they are often unintentionally the product themselves.
The old adage about there being no free lunch rings true here with many of these ‘free’ services essentially renting out the identity of an unsuspecting victim’s network to strangers, many of which use it for malicious reasons.
The practice, which is considered fair game by many such applications has security and privacy implications in addition to users being flagged for fraud or extra verification as IP reputation systems at datacenters account for requests seemingly originating from a victim’s network.
Blending in for a reason
The service being used here is called a ‘residential proxy,’ and while legitimate providers may exist, many of the sources are dubious to say the least. This is because demand for ‘clean’ residential proxies is both tremendous and consistent.
Research from Infoblox Threat Intel indicates that the situation is more dire than previously assumed, as nearly two thirds (65%) of its Threat Defense Cloud customers made DNS queries to domains used to access or orchestrate residential proxy networks in 2026, totaling over 500 billion such queries per month.
This is different from anonymizers like Tor or commercial VPNs, which produce anonymized traffic via voluntary nodes for the former and datacenter IPs for the latter. It leverages existing hardware on one’s residential network, such as home routers, phones, IoT…
