Imunify360 continuously analyses the behaviour and known reputation of an IP of the visitor. A normal internet user won't get this form. If the IP is listed on a public blacklist, than the visitor has to prove it does not have intentions to abuse the server by filling in the recaptcha form. In some rare situations, plugins of websites send by default requests to the server that may be detected as malicious. If this happens often, please let us know so we can analyse the case.