Jump to content

IP Volume

Edit links
From Wikipedia, the free encyclopedia
IP Volume
FormerlyEcatel, Quasi Networks, Novogara
Founded2005
HeadquartersThe Hague, Netherlands (operational)
Seychelles (registered)

IP Volume (also known as Ecatel, Quasi Networks, and Novogara) is a hosting company associated with bulletproof hosting services. It has been subject to multiple law enforcement investigations and public scrutiny for hosting child sexual abuse material (CSAM), non-consensually shared explicit imagery (NCSEI), facilitating copyright infringement, and providing infrastructure for cybercrime.

History

[edit]

Originally founded as Ecatel in 2005 by two Dutch nationals, the company was registered in Kent, United Kingdom, with its operational headquarters located in The Hague, Netherlands.[1] Following a 2011 dispute with a data center in Alphen aan den Rijn where they rented servers, the founders established their own data center, DataOne, in Wormer.[2]

In 2010, the security firm HostExploit named Ecatel the "worst hosting company in the world".[3] Ecatel maintained a fourth-place ranking in 2012.[2]

During a campaign against online child abuse in 2012, the hacktivist collective Anonymous alleged that Ecatel hosted significant amounts of child pornography. Under the banner #OpEcatel, the group targeted the company with DDoS attacks.[4] That same year, at the request of cybersecurity firm FireEye, Dutch authorities seized two Ecatel servers identified as command-and-control hubs for the Grum botnet.[5]

In 2013, a judicial court in The Hague ruled that Ecatel close eighteen websites for selling counterfeit luxury goods.[6] Ecatel won a lawsuit in 2015 filed by the Premier League, which sought to have illegal streams taken offline. In 2018, this decision was reversed, and Ecatel was required to take the streams offline.[7]

Rebranding to Quasi Networks and IP Volume

[edit]

In December 2015, Ecatel's IP address blocks were transferred to Quasi Networks, registered in the Seychelles.[1] Ecatel was formally dissolved in 2017. In subsequent years, large blocks of IP addresses were transferred to IP Volume, also based in the Seychelles.[2] Despite the offshore registration, investigative reporting indicates the company continues to operate physically from the Netherlands.[8] Other shell companies using the same registration details have purchased services from IP Volume or its predecessors to obscure their operations.[2]

Ecatel was linked to the July 2015 data breach of Ashley Madison, a website facilitating extramarital affairs. One of the servers used to distribute stolen data was traced to Ecatel's infrastructure in Amsterdam.[9]

2019–Present Investigations

[edit]

In 2019, The New York Times identified IP Volume (then operating as Novogara) as being complicit in the distribution of child sexual abuse material.[10] A 2020 report by the Dutch Ministry of Justice and Security ranked IP Volume as the second-largest host of such material in the Netherlands, linked to 4,500 out of 175,000 verified reports. The ministry noted that unlike other providers who cooperated with authorities, IP Volume deliberately obstructed efforts to remove illicit content.[11]

The FIOD raided IP Volume's data center in September 2020. During the raid, hundreds of thousands of euros worth of Bitcoin, 70,000 euros in cash, five cars, and two tasers were seized.[2]

In 2021, IP Volume was linked to the theft and hijacking of millions of IPv4 addresses from South Africa.[2][12]

In 2025, security researchers from Intrinsec Cyber Threat Intelligence (CTI)[13] reported that IP Volume was observed as a source of massive brute‑force password‑spraying attacks targeting SSL, VPN, and RDP services. The attacks were linked to a cluster of abusive autonomous systems operating from Ukraine and the Seychelles, with rapid IPv4 prefix rotation used to evade blocklists.[14][15]

According to Google Transparency Report, websites using IP Volume were found to be responsible for 10 million reported cases of non-consensually shared explicit imagery (NCSEI) by the end of 2025.[16]

References

[edit]
  1. ^ a b Mursch, Troy (16 June 2017). "Quasi Networks responds as we witness the death of The Master Needler (80.82.65.66) for now". Bad Packets. Archived from the original on 12 April 2021. Retrieved 30 December 2025.
  2. ^ a b c d e f Houtekamer, Carola; Wassens, Rik (2 April 2021). "Het afvoerputje van het internet zit in een Noord-Hollands dorp" [The drain of the internet is in a North Holland village]. NRC Handelsblad (in Dutch). Archived from the original on 17 April 2021. Retrieved 30 December 2025.
  3. ^ Thompson, Bryn. "HostExploit's Top 50 Bad Internet Hosts & Networks Cybercrime Report Q1 2010 | HostExploit News". Host Exploit News. Archived from the original on 12 April 2010. Retrieved 30 December 2025.
  4. ^ "Anonymous valt Nederlandse hoster aan - Security.NL". www.security.nl (in Dutch). Archived from the original on 7 August 2023. Retrieved 30 December 2025.
  5. ^ "Grum: Inside The Takedown Of One Of The World's Biggest Spam Networks – TechCrunch". TechCrunch. Archived from the original on 11 April 2021. Retrieved 30 December 2025.
  6. ^ "Kortkolom economie". NRC (in Dutch). March 27, 2013. Archived from the original on August 7, 2023. Retrieved December 30, 2025.
  7. ^ "Hostingbedrijf Ecatel moet illegale streams Premier League staken". Emerce (in Dutch). Retrieved December 30, 2025.
  8. ^ Libbenga, Jan (28 September 2020). "Verdachte bulletproof hoster is oude bekende" [Suspected bulletproof hoster is an old acquaintance]. Emerce (in Dutch). Archived from the original on 22 April 2021. Retrieved 30 December 2025.
  9. ^ "Server gelekte data in Amsterdam" [Leaked data server in Amsterdam]. NRC (in Dutch). 24 August 2015. Archived from the original on 12 June 2021. Retrieved 30 December 2025.
  10. ^ Dance, Gabriel J.X. "Fighting the Good Fight Against Online Child Sexual Abuse". The New York Times. Archived from the original on 22 April 2021. Retrieved 30 December 2025.
  11. ^ Wassens, Rik (8 October 2020). "Overgrote deel kinderporno staat op servers van vier bedrijven" [Vast majority of child porn is on servers of four companies]. NRC (in Dutch). Archived from the original on 24 December 2021. Retrieved 30 December 2025.
  12. ^ Luke, Daniel (January 27, 2021). "4 million African web addresses have been stolen – Woolworths, Nedbank also hit". Business Insider South Africa. Archived from the original on 7 April 2021. Retrieved 30 December 2025.
  13. ^ Sardinha, David (August 29, 2025). "VAIZ, FDN3, TK-NET : Ukrainian Networks Driving Brute Force Attacks". Intrinsec. Archived from the original on January 2, 2026. Retrieved January 2, 2026.
  14. ^ Lakshmanan, Ravie (September 2, 2025). "Ukrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP Devices". The Hacker News. Archived from the original on 2026-01-02. Retrieved 2026-01-02.
  15. ^ Priya (September 2, 2025). "Massive Surge in SSL VPN and RDP Attacks". CyberPress. Archived from the original on January 2, 2026. Retrieved 30 December 2025.
  16. ^ Maugeri, Luca (December 28, 2025). "2025 Report: 10 Million Abusive URLs from SecuNET/CryptoServers". NCSEI Support Hub. Archived from the original on January 11, 2026. Retrieved January 10, 2025.
Retrieved from "https://en.wikipedia.org/w/index.php?title=IP_Volume&oldid=1332291820"