IPCola: A Tangled Mess
Essential information
- Published
- 02/12/2025 21:13
- Modified
- 21/12/2025 18:19
- Tags
- 2025-12-02 bandwidth monetization chinese tv boxes gaganode instaip iot ipcola nuochen technology popa proxy service remote code execution
- Related entities
- 18 observables, 9 techniques (mitre), 1 malware, 4 others
Description
IPCola, a new proxy service, claims to have millions of active IPs sourced from IoT, Desktop, and Mobile devices. Investigation reveals connections to Gaganode, a decentralized bandwidth monetization service with features resembling a botnet. Gaganode's SDK includes remote code execution capabilities, posing significant security risks. The service is widely distributed through various applications, including Chinese TV boxes and free software. IPCola is linked to InstaIP and NuoChen Technology, suggesting a complex network of proxy providers. The investigation exposes the intricate relationships between proxy providers and SDKs, highlighting the methods used to acquire unique IP pools.