Silent Push Traffic Origin Data Combined with Residential Proxy Data…

Essential information

Published: 10/02/2026 09:09
Modified: 10/02/2026 10:16
Tags: 2026-02-10 geolocation spoofing residential proxies vpn
Related entities: 3 observables, 1 techniques (mitre), 61 others

Description

An investigation using Silent Push's Traffic Origin and residential proxy data revealed a suspicious Chinese VPN provider. The analysis focused on IP address 205.198.91.155, which showed unusual traffic from Russia, China, Myanmar, Iran, and Venezuela. This IP was linked to the domain lvcha.in, hosting a Chinese-language VPN. Further investigation uncovered nearly 50 related domains promoting the same VPN, suggesting attempts to bypass country-level firewalls. The VPN's infrastructure was found to use residential proxies and had connections to various high-risk countries. This case study demonstrates the importance of verifying physical and technical behaviors of connections to protect against fraud and state-sponsored actors using stolen identities and spoofed locations.

Related entities

Venezuela, Bolivarian Republic of
Japan
Kazakhstan
Georgia
Bangladesh
South Georgia and the South Sandwich Islands
Iran, Islamic Republic of
Myanmar
Russian Federation
China
Ukraine
Kyrgyzstan
lcvpn.cyou
lcpro.qpon
lvchaapp.cc
lcapp.bar
lcapp.cfd
lvchaapp.icu
loopvpn.org
lcvpn.bond
lcabc.icu
lcvpn.cc
lcapp.shop
lvchaapp.cyou
lcvpn.top
lcapp.qpon
catixs.com
lcapp.bond
lcpro.icu
lcvpn.cfd
lvcha.org
lvchavpn.bond
lvchaapp.vip
lcpro.cfd
lcvpn.sbs
lcvpn.shop
lvcha.in
lvchavpn.one
lcapp.cyou
lcpro.bond
lvchavpn.cfd
lvchaapp.bond
lcapp.my
lcpro.cyou
lcvpn.xyz
lvcha.sbs
lvcha.qpon
lcapi.shop
lcpro.shop
lvchaapp.pw
lcapp.xyz
lvchaapp.site
lcapp.sbs
lcpro.top
lcpro.cc
lcvpn.qpon
lcpro.vip
lcapp.icu
lvchaapp.store
lcpro.sbs
lcpro.bar