The veritably first study to start probing the gestate of domestic delegates must have been carried out by Mi et al. This study, study carries out an in-depth analysis of domestic deputy services and waiters, which included roughly six million domestic IP addresses distributed across 230 countries and,000 Internet Service Providers( ISPs). Their exploration shows that irrespective of the fact that domestic deputy service providers assert that the deputy hosts engaged in the provision of the service freely, a significant number of delegates run on addressed hosts. They also reported records of potentially unwanted programs( Doggy), in addition to other felonious conduct similar to hosting malware, phishing, and announcement.
We utilized the dataset that was supplied by IP-Proxy for our research on open proxies, and it accounts for a significant component of our overall data set. In addition, we looked for websites that advertise open proxies and gathered the proxy IP addresses from such websites on a consistent basis as of November 2019. Since residential proxies are not public, it is difficult to get their IP addresses in the same manner as commercial proxies. In order to accomplish this goal, we went to Mi et al. and acquired their dataset of residential proxies. In order to obtain a dataset consisting of 6,419,987 residential proxies that were dispersed over more than 230 countries and much more than 52,000 ISPs, Mi et al. made use of an infiltration methodology. All through July 2017 & March 2018, the collected IPv4 addresses that were found to be serving as residential proxies were detected while utilizing five different residential proxy providers. Figure 1(b) illustrates the locale distribution of the residential proxies, and Table 1 illustrates the country/region distribution of the top 10 places for those proxies. Both figures may be found in the accompanying file.
Proxy Data Collection:
Both an open proxy and a residential proxy are available. We get a list of open proxy IP addresses by simply Googling for “open proxy list” and choosing websites that are either often updated or have the ability to carry out direct collecting orders. Table 2 gives an overview of the information that was gathered on the number of available proxy IP addresses. The IP2Proxy database contributes a significant amount of the information included in the dataset, which has a total of 1,045,468 distinct IP addresses. It has come to our attention that many lists include identical IPs (55,348 IP addresses). We got a residential proxy dataset from Mi et al. so that we could compile a list of residential proxy IP addresses. This dataset has a total of 6,419,987 IP addresses and therefore is composed of Public IP addresses that were obtained between June 2017 and April 2018. Between the two datasets, we see that there are certain IP addresses that are shared. That is to say, there are a total of 20,816 IP addresses included throughout.
Open and Residential Proxy Databases:
When we have gathered all of the information, the next step is to do a spatial analysis so that we can figure out the distribution of open and residential proxies. We classify the places of proxies according to the extent of autonomy of the cities, countries, and autonomous systems in which they are located. Using the Internet protocol local information and the Max-mind online database, we first determine the geographic location of each IP address as well as its Autonomous System Number (ASN).
Country-level Distribution of Proxies:
World Basis displays the global distribution of open and residential proxies throughout the nation. The deeper the shade of blue, the higher the number of proxies that are located in the specific nation. describes the city-level distribution of open proxies, with China and the US accounting for a considerable part as they occupy 28.7% of all open proxies. Other countries also account for a small fraction of open proxies. It should be noted that the prevalence of the residential proxy is shown here in a manner that is distinct from the distribution of the open proxy. Following Turkey and India with a significant chunk is Ukraine, then the United Kingdom, and finally Ukraine again. The top 10 country/region distributions of open and residential proxies from our data collection are summarized in Table 1. The distribution of open proxies by nation shows a concentration in the top two countries, but the distribution of residential proxies shows a greater degree of dispersion in Russia, European countries, and South American countries. The top 10 open proxy countries account for about 70% of the total, while residential proxy accounts for less than 50% (46.8%).
City-level Distribution of Proxies:
The distribution of cities over open and residential proxies is quite comparable to the distribution of nations. Nonetheless, China is at the very top of the country’s distribution. As can be seen in Table 3, there is only one city in China that makes the list of the top 10 cities: Hangzhou. This suggests that the proxy is dispersed over a large number of cities in China, namely among the almost 300 Chinese cities that are included in our dataset. the number of open proxies in each city is described below. In this graphic, we display the number of open and residential proxies in each city by using circles. In addition to this, we emphasize the top 10 cities by making them red and giving them a greater size. The number of accessible proxies in the city determines the size of the circle that encompasses the city. It would be helpful to restrict the area to a single nation so that we can get a clearer picture of the distribution inside the cities. displays the number of open proxies that are available in China. Based on this statistic, it is clear that a significant number of open proxies are occupied not just in Hangzhou but also in various cities in China. The top 10 cities in China with the highest open proxy numbers are represented by the largest 10 circles in this image. These cities also rank among the top 30 cities for the whole open proxy. This suggests that the open proxies in China are scattered throughout the country’s main cities, including Hangzhou, Nanchang, Nanjing, Guangzhou, and Beijing, among others.
One further example is the United States of America, where there are a significant number of open proxies. It has a ranking of second in the open proxy distributions at the country level, but none of its cities feature in the top 10 of that distribution. This indicates that open proxies in the United States may be found in a wide variety of cities throughout the country. displays the number of open proxies that may be found in each city in the United States. A greater number of open proxies may be found over the whole of the region, with the greatest concentration found in the most populous parts in the east and west. Just three cities in the United States made it into the top 30, and they were placed 17th, 23rd, and 27th respectively, despite the fact that the United States has a huge number of open proxies.
Regarding the residential proxy, the allocation at the city level is where the most interesting information may be found. provides a presentation of the distribution of residential proxies throughout urban levels. As can be seen in, the cities of the Netherlands and other nations in Europe have a distribution pattern that is comparable to one another. On the other hand, the cities of Istanbul and Ankara in Turkey had a relatively low number of open proxies, as shown by their positions as first and third in the top 10 of the number of residential proxies, respectively. Both of these cities are in Turkey. We portray the distribution of proxies inside Turkey in order to have a better understanding of the residential proxy distribution in Turkey. This distribution is illustrated in. As was discussed before, the two largest cities in Turkey, Istanbul, and Ankara, hold a significant portion. One possible explanation for this is that practically all of Turkey’s population is concentrated in just two cities.
Analysis at the Country Level Using the blacklist services, we look to see whether any of the aforementioned blacklists have an open or residential proxy. After that, we examine each one of them to see if it is confirmed spam, if it is shown to be engaged in an attack, and if it has a vulnerability that may be exploited for future spam operations. Among them, we verify whether it is shown to be involved in an attack. The findings of the examination of open proxies are shown in Table 5. We have found that the blacklisting services contain 94.24% of all the open proxies in China, which makes China the nation with the greatest percentage of IPs that are included in their databases. In addition to this, it is the nation with the biggest number of proxies that have been shown to be engaged in spam operations and assault sources throughout the world, and it is also the country with the second-highest number of susceptible sources. On the other hand, it contains less than one percent of proxies that are susceptible. Iran, on the other hand, is ranked number 10 among the nations that have the most open proxies that are banned, yet it is ranked sixth among the countries that are engaged in attacks and susceptible sources.
This is because around 93% of Iran’s open proxies are blacklisted. Some notable nations and areas include Thailand and Taiwan, both of which have about 99.5% and 98% of their open proxies banned, respectively. On the other hand, although being in third place in terms of the number of open proxies that are blacklisted, the United States only represents 55.5% of its total open proxies, making it the least blacklisted nation when measured in terms of the percent representation. On the other hand, the analysis of residential IP addresses that is presented in Table 6 reveals that every country in the top 10 countries with the highest number of residential IP addresses has more than 90% of their IPs blacklisted by one or more of the services, with Turkey, Indonesia, Germany, and Mexico having more than 95% of their IPs blocked. The exceptions to this are the countries of Ukraine and Australia. We also find that Indonesia, Russia, Brazil, and Australia are among the top 10 nations with the most open and residential proxies that have been banned. We found that 99.3% of residential IP addresses in Mexico are blacklisted by at least one blacklisting service.
Additionally, 13.5% of Mexico’s IP addresses have been flagged for spam activities, 0.03% have been flagged for launching attacks, and 1.6% have been flagged for being vulnerable to future spam activities. In addition, Indonesia and Australia are the nations that are most susceptible to becoming involved in spam operations in the future because of the number of vulnerabilities that exist in their country. In addition, India, Vietnam, and Korea are three of the top nations with the biggest number of residential IP addresses that have been shown to be involved in spam operations. The top three nations with the largest representation of confirmed assaults are Thailand, Vietnam, and Mauritius, while the top three countries with the most susceptible IP addresses are India, Indonesia, and Australia respectively. India is the country with the biggest number of home IP addresses that have been linked to spam operations, as well as the highest number of residential IP addresses that are susceptible to being abused for spam in the future.
displays the top 10 cities that have open proxies that have been banned, according to our research. While it may seem that Bangkok has the biggest number of open proxies that have been banned, Nonthaburi, Hangzhou, Nanchang, and Nanjing all share the distinction of having more than 99% of their open proxies blacklisted. Yet, only Nanjing has more than 90 percent of its proxies participating in activities that have been shown to be spam. In addition, while the aforementioned services have banned 99.3% of the open proxies in Bangkok, just 28.74% of Bangkok’s proxies have been shown to engage in spam operations. In addition, Hangzhou has the highest percentage of its open proxies participating in assaults (23.56 percent), and around 44 percent of its proxies are active in spam operations. On the other hand, Table 8 reveals which cities have the highest number of residential IP addresses that have been banned.
It is clear that all of them, with the exception of Amsterdam and Kyiv, have more than ninety percent of their residential IPs on the blacklist, and four of them have more than ninety-five percent of their IPs on the blacklist. It is interesting to note that 99.91% of Bengaluru, India’s residential IP addresses are blacklisted by one or more of the services, and more than 41% (the highest percentage among cities) of those residential IP addresses have been proven to be used for spam activities, leaving more than 7% of the city’s residential IPs open to the possibility of being used in future spam campaigns. In addition, more than 10.4% of Brisbane’s home IP addresses are insecure, and over 39% of the city’s IP addresses have been identified as spammers. If these residential IPs are exploited, Brisbane has the potential to become the next city in the world with the highest rate of spam production.
Between June 2017 and April 2018, the residential proxies dataset was obtained, while our blacklisting study was completed in 2019. Because an IP address could be associated with a residential proxy for a certain period of time (for example, during the data observation/collection time), but then later be associated with malicious activities, such a difference in the time between data collection and analysis could lead to some false alarms on the number of residential proxies that are blacklisted. This is because an IP address could be associated with a residential proxy for the time being (during the data observation/collection time), but then later be associated with malicious activities (e.g., during the blacklisting analysis). Due to the constraints of investigating the time period during which the IPs functioned as residential proxies and the lack of information provided by the blacklisting services on the date on which an IP address was added to a particular blacklist, the results of this study do not take into account the possibility of such a scenario. Instead, they focus on the more likely event that the IPs were used for malicious purposes. The impact of such limitations is less obvious given the size of the dataset of proxies used in this study, which totals 7,465,455 proxies and consists of 1,045,468 open proxies and 6,419,987 residential proxies. Because of this, the analysis provides insights into the general behavior of the proxy ecosystem.
Analysis at the ASN level In a similar vein, all open proxies for ASNs such as 4134 have been banned, despite the fact that only 47.66% of those proxies have been shown to be engaged in spam operations, and only 21.95% of those proxies have been involved in attacks. This might be due to the fact that blacklisting services, like protect, blacklist all of the IP addresses that are associated with the ASN with the lowest performance. This also explains why open proxies belonging to ASNs 4837 and 45758 have been blacklisted 100 percent of the time. Additionally, take note that the blacklisting rate for all ASNs is higher than 99%, with the exception of two. In addition to this, over 33 percent of ASN 121090’s open proxies are actively participating in assaults. In addition, nearly 5% of the open proxies that are part of the ASN 7713 network are susceptible to future spam actions. On the other side, Table 10 presents the top 10 ASNs that have the greatest number of IP addresses that have been banned all over the globe. Take note that residential proxies tend to follow trends in a manner that is very comparable to open proxies. Specifically, all of the ASNs in the table have a blacklisting rate that is more than 90%, and eight out of ten of them have an IP blacklisting rate that is greater than 99%. A further point of interest is that ASN 24560, which has a blacklisting rate of 99.96%, has 32.5% of its residential IPs that have been shown to be engaged in spamming, and less than 4% of its IPs are susceptible to future spam operations. Despite the large number of home IPs in our dataset and the large representation in spam activities, one thing that all residential IPs have in common is a low confirmed attack record. This is a common trait among residential IPs.
Even though the United States has the third highest number of open proxies that are blacklisted, this number only accounts for 55.50% of all of its open proxies, making it the country that has the lowest percentage of open proxies that are blacklisted in comparison to the total number of proxies that it hosts. We also found that Indonesia and Australia have the largest number of susceptible proxies, which means that there is a possibility that these countries’ proxies may be exploited in the future for spamming and other nefarious actions. In addition, it has been shown that both nations have a large proportion of proxies that are participating in spamming assaults; the number for Indonesia is 34.59%, while the figure for Australia is 20.49%. More than ninety percent of the open proxies in Nanjing that are on the blacklist have been proven to be participating in spam operations. This highlights a likely geographical concentration of malevolent activity. In addition, a number of different cities and ASes have proxy blacklisting percentages that are more than 99%, which points to the possibility of regional blacklisting practice.
Internet proxies are a kind of intermediary that acts as a conduit between users and servers. They are often used by users to conceal their identity and safeguard their privacy online. In addition, proxies are used to circumvent geographical limits imposed by policies in order to get access to the internet. This makes it possible for users to have unrestricted access to the internet. On the other hand, adversaries may use them to initiate attacks, gather data from users, and insert advertisements and files using them. This is something that is brought to light in this study by the exhaustive research that was done on the two different kinds of proxies, namely open and residential proxies. After analyzing a dataset that contained 1,045,468 open proxies and 6,419,987 residential proxies, we discovered that 79.11% of open proxies are blacklisted by various blacklisting services. Of these blacklisted open proxies, 28.23% were classified as spam proxies, and 6.97% were classified as proxies that were used to launch an attack. Similarly, according to the findings of our research, 86.04 percent of residential proxies are banned, despite the users’ best attempts to conceal their identities. Of these, 16.85 percent have been classified as spam, and 0.27% have been linked to adversary attacks. In addition, we came to the conclusion that the distribution of proxies has a positive correlation with the GDP as well as the Internet speed on the level of the nation in which a person resides. This research, along with numerous other studies that have been published in the past, exposes the harmful use of Internet proxies and the danger that comes with using them. Proxy servers are often thought of as a means to access the Internet while maintaining one’s anonymity.