IPIDEA
43.159.20.153:2333- SOCKS5HTTP
- DIRECT
www.ipidea.io
IPIDEA operates the largest known residential proxy network, referred to internally as HK_NETWORK. In January 2026, Google disrupted IPIDEA's operations through legal proceedings, domain takedowns, and enforcement actions targeting software development kits (SDKs).
IPIDEA acquires devices through multiple SDKs embedded in consumer applications, such as CastarSDK, EarnSDK, HexSDK, and PacketSDK. The network uses a two-tier command-and-control architecture: Tier 1 domains facilitate device enrollment, with over 5000+ Tier 2 IP-based servers coordinate proxy tasking globally.
IPIDEA manages several proxy brands that serve as front services, including 360 Proxy, 922 Proxy, ABC Proxy, Cherry Proxy, IP2World, Luna Proxy, PIA S5 Proxy, and PyProxy.
IPIDEA's infrastructure has been associated with the BadBox2.0, Aisuru, and Kimwolf botnets. According to Synthient's research, 67% of Android devices within IPIDEA's pool were unauthenticated, rendering them susceptible to remote code execution. The Kimwolf botnet exploited this vulnerability to compromise more than 2 million devices via DNS rebinding via IPIDEA's network. IPIDEA addressed the vulnerability on December 28, 2025, following Synthient's notification.
Observables
Network Observables
| Domain | Description |
|---|---|
| packetsdk[.]xyz | PacketSDK enrollment |
| packetsdk[.]net | PacketSDK enrollment |
| packetsdk[.]io | PacketSDK enrollment |
| hexsdk[.]com | HexSDK enrollment |
| castarsdk[.]com | CastarSDK enrollment |
IP Observables
| IP Address | ASN | Provider | Description |
|---|---|---|---|
| 43[.]102[.]2[.]0 | AS45102 | Alibaba Cloud (Singapore) Private Limited | IPIDEA Relay Server |
| 43[.]102[.]2[.]1 | AS45102 | Alibaba Cloud (Singapore) Private Limited | IPIDEA Relay Server |
| 43[.]102[.]2[.]2 | AS45102 | Alibaba Cloud (Singapore) Private Limited | IPIDEA Relay Server |
| 43[.]102[.]2[.]3 | AS45102 | Alibaba Cloud (Singapore) Private Limited | IPIDEA Relay Server |
| 43[.]102[.]2[.]4 | AS45102 | Alibaba Cloud (Singapore) Private Limited | IPIDEA Relay Server |
File Observables
| SHA-256 | Filename | Description |
|---|---|---|
aef34f14456358db91840c416e55acc7d10185ff2beb362ea24697d7cdad321f | PacketSDK.dll | PacketSDK Windows DLL |
b0726bdd53083968870d0b147b72dad422d6d04f27cd52a7891d038ee83aef5b | PacketSDK.apk | PacketSDK Android APK |
2d1891b6d0c158ad7280f0f30f3c9d913960a793c6abcda249f9c76e13014e45 | HexSDK.apk | HexSDK Android APK |
9479da1c597ffa05d262b6fcb2717ef775876ac14dc163a30f1e372b81a31c76 | PowerVPN (Premium)\_2.4 by ANiK555_enc.apk | PowerVPN trojanized app |
59cbdecfc01eba859d12fbeb48f96fe3fe841ac1aafa6bd38eff92f0dcfd4554 | RadishVPN.apk | RadishVPN trojanized app |
Top Countries
237 total- Brazil859,08012.3%
- India715,90110.3%
- Vietnam670,6889.6%
- United States379,1535.4%
- Saudi Arabia354,9945.1%
- Argentina272,1473.9%
- Egypt244,6433.5%
- Morocco234,4403.4%
- Mexico208,0623.0%
- Türkiye197,4162.8%
Ready to access the raw data?
Detect residential proxies and anonymized traffic.