GOOGLE announced that it worked with other partners to disrupt IPIDEA, describing it as one of the world’s largest residential proxy networks, and that it took legal action to shutter dozens of domains used to control devices and proxy traffic.
As a result, IPIDEA’s website www.ipidea[.]io is no longer accessible, and Google says the operation involved brands such as Ipidea, 360 Proxy, 922 Proxy, ABC Proxy, Cherry Proxy, Door VPN, Galleon VPN, Radish VPN, Luna Proxy, PIA S5 Proxy, PY Proxy, Radish VPN and Tab Proxy, among others.
The GTIG chief analyst, John Hultquist, cautioned that residential proxy networks can support espionage and criminal activity, and Google noted that IPIDEA’s infrastructure had been used by more than 550 threat groups this month, spanning China, North Korea, Iran and Russia.
Google also highlighted that IPIDEA’s monetisation SDKs enabled apps to turn devices into proxy endpoints, with about 7,400 Tier Two servers identified, and that 3,075 Windows binaries and up to 600 Android apps were linked to Tier One C2 domains. The firm added that IPIDEA has connections to other malware campaigns and that it previously faced a July 2025 lawsuit in China over the BADBOX 2.0 botnet.