Why is your residential proxy getting detected?
Testing 9Proxy and Nsocks for nativeness
The nativeness of a proxy for anti-fraud systems is influenced by many parameters. Currently, the database of our nativeness checking service contains: 170 conditions and 2.5 million rules based on a matrix of these conditions, and each of them has its own weight in deciding who is in front of us: a residential proxy, a server proxy, a datacenter VPN, or a real native user.
When using a proxy, the provider may well give you a US IP address, but the DNS resolvers will be from Canada or even from Africa. But even if the resolvers turn out to be from the same state, there is no 100% guarantee that the anti-fraud system will recognize you as a native user. You need to test it every time.
Below, we will demonstrate the principles of anti-fraud systems in practice and prove with real cases that the correct DNS resolvers are still not a guarantee that your proxy will be recognized as native.
We logged in via proxy2web from 9proxy with the following proxy (the proxy is configured in ZloyRouter, and we are connected to the Raspberry Pi WiFi):

Now let's check its nativeness. We will copy the data and send a verification request to our nativeness server:

As we can see, the verdict is that we are a clean user.
In this article, we will show you 2 options for working with the dnsdetect.zl0y.team service: via an API request so that you understand the principles of its operation, and via a check on the website - the way 99% of users will use it.

How so? - where is the exposure?
Let's figure it out.
Why did the anti-fraud system return CLEAN?

The anti-fraud system makes a decision based on the coincidence of many factors (over 2.5 million rules). In our last test, all the stars of an ideal profile aligned:
- Residential IP: 9Proxy gave us the IP 74.88.235.62. This is a real residential address pool of the provider Optimum Online (Cablevision Systems).
- Perfect DNS match: In our dnscheck.tools output, the resolvers of the very same provider, Cablevision Systems Corp (167.206.148...), were present.
- Correct ECS: The ECS subnet 74.88.235.0/24 perfectly matched our IP.
- WebRTC magic: we sent a 100% matching webrtc_ip: "74.88.235.62".
- The remaining 2,499,996 rules also confirmed that the profile is as natural as possible.
Now let's test non-ideal profiles:
Experiment 1: Simulating disabled/blocked WebRTC
Regular antidetect browsers often simply disable WebRTC. For an anti-fraud system, a residential user without WebRTC is a huge red flag. We didn't change anything, except that we left WebRTC empty in the request to our nativeness service.
The situation has reversed. Blocking WebRTC instantly slapped us with a red Proxy flag.
![]()
Experiment 2: Simulating "dirty" DNS (what ZloyRouter protects against)
Imagine that you bought this residential IP from Optimum, but 9Proxy routed DNS queries through Cloudflare, Google, or datacenter servers (for example, DigitalOcean).
As a result, the anti-fraud system will see a discrepancy: the IP is residential, but the DNS comes from a server datacenter. The PROXY probability will immediately outweigh the rest.
The probability of proxy detection has grown even stronger.
Here is how it looks in the dnsdetect.zl0y.team service

Tests on real proxies
Testing 9Proxy
You might say: "these are all your guesses and synthetic tests". Okay - below we simply went through 10 proxies from 9proxy, and on the 4th try we were given these:
Attention: During testing, we intentionally did not use WunderDNS to show the classic setup without ZloyRouter.

We connected to the proxy, and judging by the primary parameters - everything seems fine.


We checked the DNS resolvers - they also look fine at first glance. The resolvers provided were local and from the same state.
We copy the page with the resolver test results and send it for testing to our DNS and IP nativeness checking service:
We get a Proxy probability of 65%. We see that ECS is missing - this happens in residential providers when there are no public DNS resolvers at all.

A logical desire arises: "Aha, now I will manually substitute a relevant ECS and everything will be fine". Let's try to trick the anti-fraud system and substitute an ECS from the same subnet:
It didn't work! - The Proxy probability percentage even increased slightly.
The same thing on the dnsdetect.zl0y.team website:

Let's test 1 more proxy, just to be sure.
Testing:
And we immediately get a proxy detection.
You can continue sorting through them and the situation will change. As they say, "it's a hit or miss".
Testing Nsocks
First, a short digression. In the Nsocks user dashboard, we had several previously purchased proxies that had not been used for a couple of weeks. We started by taking them
And tried to use them:
It didn't work out - they are all dead.
Let's go shopping! - buying fresh US proxies!
Test No. 1
By the way, this is an expensive proxy for $1...
At the initial proxy test stage, ZloyRouter informs us that it does not support UDP

Sad, but what if we get lucky?! - We collect the resolvers and run the test.

The same thing happens in 1 click when visiting the dnsdetect.zl0y.team checker website:
Verdict - an incomprehensible proxy, a mishmash of a proxy, vpn, and a clean user.
Test No. 2:
By the way, starting from the second test, we applied a stricter filter to get better ones:

Buying a new proxy.

Testing on the dnsdetect.zl0y.team checker website:
As we can see - a 3-day proxy with UDP support for 1 dollar yielded worse parameters than the first random one.
We are not giving up, but diving headlong into the "find a normal proxy" quest. A sporting interest emerges. Since 9proxy did not pay us for advertising, we want to find a normal one in nsocks too.
Test No. 3:
New test - new proxy
A fresh residential proxy from a cable provider for $1
Going to the website using this proxy:
In this test we have the IP 70.93.138.107. Again, everything looks perfect at first glance: WebRTC is set correctly, and the ECS subnet matches completely. But due to anomalies in the DNS resolvers (as many as 98 of them!), the algorithm confidently sounds the alarm: PROXY (82.6%).
Test No. 4:
The next one

Inserting it into ZloyRouter:

Collecting DNS resolvers:
Here you can see a predominance of resolvers from Google...
Sending it for checking:
During the process, we accidentally ran the proxy through the test a second time - the results were identical to the previous test, so these metrics are not random, but statistically reliable. The fact that the number of collected resolvers changed slightly (from 53 to 64 — a common occurrence when DNS balances the load), but the neural network produced an identical result down to the hundredths of a percent, proves that the model is deterministic.
"What the hell???" you might think - this must all be rigged!
But as you can see, the detection probabilities differ for all proxies, and when running the same proxy again, they are identical.
Test No. 5: That's it, the last one )
By the way, this proxy is not for $1, but for $0.80

Inserting it into ZloyRouter:
It detects that there is UDP support and detects the proxy via Latency test
We check ourselves by going to the dnsdetect.zl0y.team website:
An ordinary miracle - we see that the cleanliness indicators have grown significantly, and the proxy detection is just over 57% - the lowest result from the entire Nsocks test.
We are sure that by testing a couple more, we will easily find an ideal proxy in Nsocks as well.
Summing up: Proxies are a lottery
As you can see, buying even an expensive "residential" proxy does not guarantee you a clean profile. Providers mix pools, balance DNS through datacenters, and regular antidetect browsers only worsen the situation by blocking WebRTC, slapping a red flag on you for anti-fraud systems.
Finding the perfect proxy by blind brute-forcing is long, expensive, and dangerous for your accounts.
Stop guessing. Verify.
We have moved our detection algorithm from a closed API to a convenient public interface. Now you don't need to write scripts or look at console logs. A check takes 1 click and ~20 seconds.
👉 Check your proxy right now: dnsdetect.zl0y.team:
Go to the website with a proxy/VPN enabled and see how protection algorithms view you:
- Are you exposing your real IP via WebRTC?
- Do your DNS match the declared provider?
- And most importantly — what is your real nativeness percentage (Proxy / VPN / Clean).
🛡 How to make any proxy 100% "Clean"?
If you are tired of sorting through proxies in search of the perfect DNS and ECS match, we remind you: the intelligent DNS spoofing functionality (VDNS) and hardware blocking of UDP leaks are already built into ZloyRouter. The router will automatically pull the correct native DNS for your proxy, forcing anti-fraud systems to see you as the perfect residential user.
🏴☠️ Welcome to Zloy Party
Do you want to discuss such non-obvious mechanics of anti-fraud systems, but are tired of info-noise?
We know what many specialized chats look like today: thousands of messages about nothing, toxicity, scammers at every step, and a complete lack of useful information. Finding a grain of real knowledge there has become almost impossible.
That's why we created Zloy Party — a closed community for those who value their time, professionalism, and work for results.
What awaits you inside:
-
🚧 Strict audience filter: A symbolic paid entry ($5 per month) weeds out 99% of spammers, inadequate people, and seekers of the "magic money" button.
-
🤫 Insides and early access: Things we will never publish openly. Breakdown of WAF algorithms, new methods for fingerprint spoofing, and beta testing of our private tools.
-
🤝 Healthy networking: Only engineers, practitioners, and clients of the ZloyTeam ecosystem. Exchange of real experience, not dry theory.
-
👁🗨 Direct connection with the team: Direct contact with the ZloyRouter developers and prompt answers to your hardcore technical questions.
Stop wasting time on flooding. It's time to work.
🔗 Get a pass to the closed club (Zloy Party Pass)
📢 And you can follow the project's public news and open updates of our checker in the main channel: @ZloyTeamNews
