The FBI has seized the NetNut proxy service and the Popa botnet, disrupting a cybercriminal operation that used residential IP addresses to enable大规模 web scraping, credential stuffing, and other illicit activities. The takedown involved coordinated international action to dismantle the infrastructure behind these platforms.
Background
- NetNut was an Israeli "residential proxy" service that let customers route web traffic through ordinary people's home IP addresses — often without those users' informed consent. Law enforcement calls this a "botnet" (a network of compromised devices).
- The FBI seized NetNut's domain and infrastructure in July 2026, alleging the platform was used for credential stuffing, credit card fraud, and scraping protected data. This is the first major U.S. takedown of a residential proxy provider itself, not just its customers.
- Residential proxies operate in a legal gray area: companies like NetNut, Bright Data, and Oxylabs argue they are legitimate market-research tools. Critics say they are botnets-for-hire that trick users and enable cybercrime.
- The seizure signals the DOJ now views proxy operators as criminal co-conspirators, not neutral infrastructure providers — a shift that could reshape the multibillion-dollar web-scraping industry.
The FBI has seized hundreds of domains linked to NetNut, a residential proxy service owned by Israeli firm Alarum Technologies, following an investigation connecting NetNut to the Popa botnet—a network of at least two million compromised devices.
Researchers have linked the Android-based Popa botnet, which has compromised millions of TV boxes for advertising fraud and data scraping over four years, to NetNut, a residential proxy provider owned by the publicly-traded Israeli firm Alarum Technologies Ltd.