July 31, 2025
Our new report provides an in-depth analysis of the residential proxy service industry, revealing a significant disconnect between its purported legitimate uses and actual observed traffic.
Based on analysis of tens of millions of IPs and many millions of requests, the hCaptcha Threat Analysis Group (hTAG) reveals an ecosystem that enables industrial-scale fraud and abuse while operating behind a veneer of legitimacy.
The most popular Web Application Firewalls (WAFs) and CDNs struggle to combat these distributed attacks, often detecting less than 10% of malicious requests in some large-scale campaigns, based on our data. IP-based blocking is shown to be completely impractical.
Read on to learn exactly what the traffic mix is on these services, where they may really get their IPs, and how seemingly legitimate companies in this space try to shield themselves from liability for any crime they enable.