216.73.217.22

Disrupting the World's Largest Residential Proxy Network

· Published 29/01/2026 03:42 · Modified 29/01/2026 07:34

Export JSON

Essential information

Published
29/01/2026 03:42
Modified
29/01/2026 07:34
Tags
2026-01-29 aisuru android protection badbox2.0 botnets ip addresses kimwolf legal action network disruption residential proxy sdks threat actors
Related entities
2 vulnerabilities (cve), 6 observables, 1 intrusion sets (apt), 3 malware, 24 others

Description

Google and partners took action to disrupt the IPIDEA proxy network, believed to be one of the largest networks globally. The operation involved to take down control domains, sharing technical intelligence on IPIDEA software development kits, and implementing protections for Android users. IPIDEA's network enabled various malicious activities by routing traffic through residential , making it difficult to detect and block. The network was built using embedded in applications, often without user knowledge. Google's analysis revealed connections between multiple proxy brands and controlled by the same actors. The disruption aimed to degrade IPIDEA's operations and protect consumers from security risks associated with residential proxies.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (2)

CVE-2025-55182 KEV
10.0 Critical

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …

Attack vector
Network
Published
05/12/2025
Modified
29/05/2026
Analyzed
CVE-2025-8088 KEV
8.8 High

RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …

Attack vector
Network
Published
12/08/2025
Modified
27/05/2026

Observables (6)

  • aef34f14456358db91840c416e55acc7d10185ff2beb362ea24697d7cdad321f
  • 59cbdecfc01eba859d12fbeb48f96fe3fe841ac1aafa6bd38eff92f0dcfd4554
  • 01ac6012d4316b68bb3165ee451f2fcc494e4e37011a73b8cf2680de3364fcf4
  • b0726bdd53083968870d0b147b72dad422d6d04f27cd52a7891d038ee83aef5b
  • ba9b1f4cc2c7f4aeda7a1280bbc901671f4ec3edaa17f1db676e17651e9bff5f
  • 2d1891b6d0c158ad7280f0f30f3c9d913960a793c6abcda249f9c76e13014e45

Intrusion sets (APT) (1)

  • IPIDEA
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 29/01/2026 08:34 · Modified 29/01/2026 08:34

Malware (3)

  • Kimwolf
    Family
    Published 29/01/2026 03:42 · Modified 29/01/2026 03:42
  • BadBox2.0
    Family
    Published 29/01/2026 03:42 · Modified 29/01/2026 03:42
  • Aisuru
    Family
    Published 29/01/2026 03:42 · Modified 29/01/2026 03:42

Others (24)

  • Canada
  • aa86a52a98162b7d.com
  • 8b21a945159f23b740c836eb50953818.com
  • 8f00b204e9800998.com
  • willmam.com
  • a7b37115ce3cc2eb.com
  • packetsdk.xyz
  • 7x2k9n4p1q0r5s8t3v6w0y2z4u7b9.com
  • 31d58c226fc5a0aa976e13ca9ecebcc8.com
  • bdrv7wlbszfotkqf.uk
  • b5e9a2d7f4c8e3b1a0d6f2e9c5b8a7d.com
  • hexsdk.com
  • a8d3b9e1f5c7024d6e0b7a2c9f1d83e5.com
  • v46wd6uramzkmeeo.in
  • af4760df2c08896a9638e26e7dd20aae.com
  • cfe47df26c8eaf0a7c136b50c703e173.com
  • 3k7m1n9p4q2r6s8t0v5w2x4y6z8u9.com
  • e4f8c1b9a2d7e3f6c0b5a8d9e2f1c4d.com
  • 0aa0cf0637d66c0d.com
  • 6b86b273ff34fce1.online
  • 00857cca77b615c369f48ead5f8eb7f3.com
  • 442fe7151fb1e9b5.com
  • packetsdk.io
  • packetsdk.net

External references