IPCola
proxy.hideiqxshlgvjk.com:5050- SOCKS5HTTP
- DIRECT
www.ipcola.com
IPCola is a high-risk, non-KYC proxy provider whose infrastructure overlaps with Gaganode bandwidth-monetization infrastructure. Synthient observed approximately 1.6M unique IPs over one week, with heavy concentration in India and Brazil.
Observed telemetry links IPCola gateway infrastructure to Gaganode-related command-and-relay hosts, including shared domain and IP relationships and SDK distribution infrastructure.
The associated SDK ecosystem supports remote tasking behavior, encrypted relay communications, and broad deployment across Android, desktop, and embedded environments, increasing abuse potential where installation provenance is unclear.
For full analysis and methodology, see the report: IPCola: A Tangled Mess.
Observables
Network Observables
| Domain | Behavior | Last Seen |
|---|---|---|
| gtxvdqvuweqs[.]com:5060 | Gaganode C2 Domain | 11/24/2025 |
| file[.]universe30[.]com | Gaganode distribution server | 11/24/2025 |
| api[.]package[.]coreservice[.]io | Gaganode distribution server | 11/24/2025 |
| assets[.]coreservice[.]io | Gaganode distribution server | 11/24/2025 |
| IP Address | ASN | Behavior | Last Seen |
|---|---|---|---|
| 18[.]167[.]173[.]120 | AS16509 | Gaganode Relay Server | 11/24/2025 |
| 43[.]198[.]102[.]230 | AS16509 | Gaganode Relay Server | 11/18/2025 |
| 43[.]198[.]154[.]133 | AS16509 | Gaganode Relay Server | 11/24/2025 |
| 95[.]40[.]49[.]100 | AS16509 | Gaganode Relay Server | 11/24/2025 |
| 18[.]167[.]69[.]253 | AS16509 | Gaganode Relay Server | 11/10/2025 |
File Observables
| SHA-256 | Filename | Description | Last Seen |
|---|---|---|---|
ccb4d03a05595a529ba16f32ad11f10d2f976f3a7fb2b57e38a9d6aea829fd67 | gaganode.desktop-0.0.1-win-x64.exe | Gaganode executable | 11/24/2025 |
8b35387ab989d7f965061cd1c81340ea371d90c2177c304a4a1c4d1236b35561 | gaganode.exe | Gaganode arm64 executable | 11/24/2025 |
997feb8cf90ee51c50b9445a8632a4ec37aff419b28cd1c5a3291f066fb960c8 | gaganode.exe | Gaganode amd64 executable | 11/24/2025 |
97d2d0dacafb9f92ac67492eb4a740e05bd5f8b13325a942fa127182bb6d9593 | gaganode.exe | Gaganode 386 executable | 11/24/2025 |
d95ac995812193f66a01541a57a1f6b962142ecdef704f147df1e3ac2e201b30 | gaganode | Gaganode mipsle executable | 11/24/2025 |
Top Countries
224 total- India350,96222.6%
- Brazil208,60213.4%
- Türkiye101,7936.6%
- Saudi Arabia99,1976.4%
- Philippines74,0114.8%
- Pakistan73,5694.7%
- Indonesia38,4732.5%
- Morocco29,5241.9%
- Vietnam27,8681.8%
- Uruguay26,3321.7%
Ready to access the raw data?
Detect residential proxies and anonymized traffic.