Abstract: Residential IP Proxies (RESIPs) enable proxying out requests from vast networks of residential devices without inserting any information revealing it. Despite legitimate uses, these proxies have been associated with malicious activities, particularly in the context of web scraping and automated campaigns. In this presentation, we initially describe RESIP networks, presenting the advantages they offer to malicious actors engaging in bot campaigns. Moreover, we show how RESIPs impact traditional bot detection methods. Malicious actors exploit the positive reputation established by genuine users, making it challenging to differentiate between legitimate and malicious activities. To counteract these challenges, we propose our RESIP detection technique based on Round Trip Time (RTT) measurements. We present the successful results obtained from applying this technique in both semi-controlled and real-world scenarios. In the second part of the presentation, we reveal new insights into RESIP inner functioning and modus operandi. We present the similarities and differences of the ecosystems associated with four RESIP providers (geographic distribution, types, and management of machines used). Moreover, we display how the global amount of residential IP addresses leveraged by RESIPs is smaller than what was considered so far, and we propose new directions to build upon the collected information.