Comment by pigggg

There are "live" residential proxy IP lists you can purchase today from a variety of companies. Various companies defending use them as an additional data point when making a call to throw a captcha or block.

ISPs have been fairly silent on the topic (it is a hot topic for many of them due to the kimwolf botnet leveraging resiproxies to function and launching attacks). In many cases, being a resiproxy is a violation of the TOS - but they struggle with enforcement and how to do customer engagement given that most resiproxies are loaded without the end user knowing. So you have an educational problem - how does an end user figure out how to remove it.

Some ISPs could null the resiproxy c2 infra - and a few have played in that space.

Home router vendors could play their part and notify users exactly which device is connecting out and give them an option to isolate, etc.