Back to Blog
Research

Are all residential proxy services criminal organizations?

July 31, 2025

Share
An in-depth analysis of the residential proxy service industry, revealing a significant disconnect between its purported legitimate uses and actual observed traffic.

Our new report provides an in-depth analysis of the residential proxy service industry, revealing a significant disconnect between its purported legitimate uses and actual observed traffic.

Based on analysis of tens of millions of IPs and many millions of requests, the hCaptcha Threat Analysis Group (hTAG) reveals an ecosystem that enables industrial-scale fraud and abuse while operating behind a veneer of legitimacy.

The most popular Web Application Firewalls (WAFs) and CDNs struggle to combat these distributed attacks, often detecting less than 10% of malicious requests in some large-scale campaigns, based on our data. IP-based blocking is shown to be completely impractical.

Read on to learn exactly what the traffic mix is on these services, where they may really get their IPs, and how seemingly legitimate companies in this space try to shield themselves from liability for any crime they enable.

Subscribe to our newsletter

Stay up to date on the latest trends in cyber security. No spam, promise.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Back to blog