{
	"id": "6f94a35a-4458-4d3c-927b-c1db78a4a633",
	"created_at": "2026-04-06T00:20:01.316374Z",
	"updated_at": "2026-04-10T03:20:18.42359Z",
	"deleted_at": null,
	"sha1_hash": "a5ebb6e129d722ed05d3ec14b9828e1c017540f3",
	"title": "2025 State of the Internet: Digging into Residential Proxy Infrastructure - Censys",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41482,
	"plain_text": "2025 State of the Internet: Digging into Residential Proxy\r\nInfrastructure - Censys\r\nBy Jean Pierre Ruiz Ocampo\r\nPublished: 2025-08-14 · Archived: 2026-04-05 17:24:09 UTC\r\nUPDATE 9/24/2025: Clarifications on Our PolarEdge Research\r\nWe were recently informed by a community member that the certificate highlighted in earlier versions of this\r\nresearch is also present in older versions of Mbed TLS, version 3.4.0, previously known as PolarSSL.\r\nAdditionally, the TLS certificate we had associated with the “PolarEdge” malware also originates from the same\r\nMbed TLS repository. This new context reduces the confidence of the evidence linking the exposure footprint or\r\nthe RPX server we analyzed directly to PolarEdge.\r\nWhile our follow-up investigation  was derived from examining the historical data of a host known to have\r\ndistributed the PolarEdge payload, it is now believed the actor is leveraging known, exposed certificates as a\r\nmeans of reducing unique attributes. Based on this, we believe the RPX server discussed in the blog was most\r\nlikely either running on the attacker’s infrastructure or functioning as a relay server.\r\nTo ensure our reporting reflects this correction:\r\nWe have removed the original research content (still available at the following archive link for\r\ntransparency: “2025 State of the Internet: Digging into Residential Proxy Infrastructure”).\r\nWe have published a new post that reflects the most updated and verified analysis of the infrastructure\r\nanalyzed.\r\nOur threat intelligence dataset has been updated accordingly.\r\nTransparency, reproducibility and accuracy are central to our research, and we will continue to clearly\r\nacknowledge situations like this in order to provide our community with the most reliable information possible.\r\nThe Censys ARC Research Team\r\nCensys ARC is a team of elite security and threat researchers dedicated to identifying, analyzing, and shedding\r\nlight on Internet phenomena that impact our world. Using Censys’ Map of the Internet — the world’s most\r\ncomprehensive, accurate, and up-to-date source for Internet infrastructure — ARC investigates and measures the\r\nentirety of the public Internet to share critical and emerging threat intelligence and insights with organizations\r\naround the world. \r\nSource: https://censys.com/blog/2025-state-of-the-internet-digging-into-residential-proxy-infrastructure\r\nhttps://censys.com/blog/2025-state-of-the-internet-digging-into-residential-proxy-infrastructure\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://censys.com/blog/2025-state-of-the-internet-digging-into-residential-proxy-infrastructure"
	],
	"report_names": [
		"2025-state-of-the-internet-digging-into-residential-proxy-infrastructure"
	],
	"threat_actors": [],
	"ts_created_at": 1775434801,
	"ts_updated_at": 1775791218,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a5ebb6e129d722ed05d3ec14b9828e1c017540f3.pdf",
		"text": "https://archive.orkl.eu/a5ebb6e129d722ed05d3ec14b9828e1c017540f3.txt",
		"img": "https://archive.orkl.eu/a5ebb6e129d722ed05d3ec14b9828e1c017540f3.jpg"
	}
}