Infoblox has released new threat intelligence research warning that residential proxy services have become deeply embedded across enterprise networks, creating significant reputational, operational, and cybersecurity risks that many organizations may not even be aware of.
The findings, developed in collaboration with Synthient and building on Infoblox’s earlier Kimwolf botnet investigation, reveal that more than 65% of Infoblox Threat Defense Cloud customers generated DNS queries linked to residential proxy networks in 2026. The research was based on the analysis of billions of DNS resolutions and associated network telemetry across customer environments.
“Residential proxies allow external actors to misuse your organization’s IP identity and reputation, often without enterprises even realizing it.” — Dr. Renée Burton, Vice President, Infoblox Threat Intel
Residential proxies route internet traffic through everyday consumer devices such as home routers, IoT devices, mobile phones, and systems running proxy-enabled applications. While these services are sometimes used for legitimate purposes such as web scraping or bypassing geographic restrictions, cybercriminals increasingly leverage them to disguise malicious activity, evade IP reputation systems, and bypass fraud controls.
According to the report, monthly DNS queries to residential proxy domains increased by approximately 25% between January 2025 and April 2026, growing from nearly 400 billion to more than 500 billion queries per month. Infoblox researchers attribute much of this growth to AI-driven web scraping activity, where attackers attempt to make automated traffic appear as though it originates from real consumers.
The research also found widespread exposure across industries, with more than 90% of pharmaceutical and food and beverage organizations showing proxy-related traffic, alongside over 60% of government and banking sector customers.
A key concern highlighted by researchers is that residential proxies often enter enterprise environments through seemingly harmless tools such as free VPN services, streaming applications, screensavers, productivity apps, and low-cost IoT devices. In many cases, users unknowingly consent to proxy functionality through lengthy software terms and conditions.
“Organizations may be unknowingly allowing third parties to leverage their infrastructure for malicious activity,” said Dr. Renée Burton, Vice President of Infoblox Threat Intel. She added that enterprises need stronger visibility and protective DNS controls to manage growing exposure risks tied to residential proxy networks.
