Are all residential proxy services criminal organizations?
Disclaimer: The conclusions within this report are based on analysis performed by hCaptcha. This document reflects our findings as of the date above and is published for informational and security awareness purposes.
This report provides an in-depth analysis of the residential proxy service industry, revealing a significant disconnect between its purported legitimate uses and actual observed traffic.
Based on analysis of tens of millions of IPs and many millions of requests, the hCaptcha Threat Analysis Group (hTAG) reveals an ecosystem that enables industrial-scale fraud and abuse while operating behind a veneer of legitimacy.
Residential proxy services sell access to pools of millions of IPs for their customers to avoid rate limits and web firewalls, and they are often effective.
As of August 2025, hCaptcha metrics show leading WAFs/CDNs detecting less than 10% of requests in some attacks using residential proxies. This is unsurprising: each IP may make only one malicious request per day, often interspersed with real traffic.
