Introduction
On September 4th 2023, the user "ipmakers" posted a thread on the Proxies for Sale section of BlackHatWorld. This thread promoted the launch of ipcola[.]com, a new proxy service claiming to have millions of active IPs.
Fig 1. BlackhatWorld thread promoting IPCola
With most threads on the platform being made by resellers, this thread would stand out with an interesting message:
"We do not provide free trial as IPCola poccess grand new proxies generated from worldwide massive IoT, Desktop and Mobile devices."
Which raises the question: "How exactly are these IP addresses sourced?"
Investigating IPCola
IPCola is a non-KYC proxy provider, allowing anyone to sign up on the platform, deposit crypto, and already start using the proxies without restriction.
Fig 2. IPCola dashboard and the crypto only topup system.
Like most platforms, IPCola allows users to purchase residential, datacenter, and ISP proxies, each with its own drawbacks and advantages.
Residential Rotating - Used by clients that need a vast pool of IPs, and when IP quality matters. Use cases include credential stuffing, large-scale account registration, and web scraping.
ISP Proxies - Purchased through IP brokers such as IPXO or LogicWeb where the upstream is a residential network. Typically used for social media or scalper bots that require a static IP address.
![Fig 3. Host 43[.]198[.]58[.]153 and its relations](https://cdn.sanity.io/images/8hf8zboo/production/2f9adbfe6961a67df0a8b574afd13b843f32c81a-1999x773.png?w=1200&auto=format)
