If you are a NetNut customer, your proxies have likely stopped working — and there is a serious reason why. In early July 2026, the FBI seized NetNut, one of the largest residential proxy providers, as part of an international operation that authorities say targeted a botnet of roughly two million compromised consumer devices. This guide explains exactly what happened, what it means for anyone who was routing traffic through NetNut, and the best ethical, reliable NetNut alternative to migrate to today.
According to the FBI and reporting from KrebsOnSecurity, The Register, and others, the FBI seized hundreds of domains tied to NetNut in early July 2026. Visitors to NetNut's main domain are now met with an official law-enforcement seizure banner, credited to IRS Criminal Investigation alongside partners including Google, Lumen, and Shadowserver.
NetNut is operated by the publicly traded Israeli company Alarum Technologies (NASDAQ: ALAR). Investigators and security researchers have linked NetNut's network to the so-called "Popa" botnet — a collection of roughly two million consumer devices, from home routers to smart TVs, that were allegedly compromised by malware and turned into proxy exit nodes without their owners' knowledge or consent. Google's Threat Intelligence Group disabled the accounts and services the network used for command and control, and in a single week of June 2026 reported observing hundreds of distinct threat-actor clusters — including cybercriminal and state-sponsored espionage groups — using suspected NetNut exit nodes.
For its part, Alarum Technologies said it is aware of the action and stated it "will fully cooperate with law enforcement." The investigation is ongoing. But the practical reality for customers is immediate and simple: NetNut's infrastructure is seized, and it is not coming back.
The NetNut takedown is a wake-up call about how a residential proxy network sources its IP addresses. There are two ways to build a residential pool:
If a network is built the second way, every request a customer sent was routed through a victim's compromised device. That carries three serious risks that just became very real for NetNut users:
Do not simply swap one opaque network for another. After a takedown like this, the criteria that matter are:
SpyderProxy is built the opposite way to a botnet: our residential IPs come from ethically-sourced, opt-in networks, and our pool spans several independent proxy types rather than one seizable network. That means when you migrate, you get both a clean conscience and real resilience.
For a full feature-by-feature breakdown, see our SpyderProxy vs NetNut comparison.
There is no re-architecting involved — a residential proxy is a residential proxy. Sign up, generate your credentials in the dashboard, and point your code at the SpyderProxy endpoint:
import requests
# Swap your old NetNut endpoint for SpyderProxy
proxy = "http://USERNAME:[email protected]:12321"
proxies = {"http": proxy, "https": proxy}
r = requests.get("https://httpbin.org/ip", proxies=proxies, timeout=20)
print(r.json())
That is the whole migration for most setups: change the host, username, and password, and your scrapers, bots, and verification jobs keep running — on IPs that will not be seized out from under you.
Yes. In early July 2026 the FBI seized hundreds of NetNut domains as part of an operation targeting a large residential-proxy botnet, and the service is offline. Its main domain now displays a law-enforcement seizure notice.
According to the FBI and security researchers, NetNut's network was linked to the "Popa" botnet — roughly two million consumer devices allegedly compromised by malware and used as proxy exit nodes without their owners' consent. The action was carried out by the FBI with partners including Google and Lumen. NetNut's parent, Alarum Technologies, says it is cooperating with investigators.
No. The infrastructure is under law-enforcement control, the endpoints are down, and the network was tied to a criminal botnet. You should migrate to an ethically-sourced provider immediately and rotate any reused credentials.
The safest choice is an ethically-sourced, multi-network provider so you are not exposed to a single seizable pool. SpyderProxy offers opt-in residential, static residential (ISP), datacenter, and 4G/5G mobile proxies across 195+ countries, with migration that takes minutes.
Yes. SpyderProxy's residential IPs come from opt-in networks where users consent to and are compensated for sharing bandwidth — not from hijacked or malware-compromised devices.
Sign up, generate your proxy credentials in the dashboard, and change your endpoint host, username, and password to the SpyderProxy values. For most scrapers and bots that is a one-line change, and everything keeps running.
The NetNut seizure is the clearest reminder yet that how a residential proxy network is sourced is not a footnote — it is the difference between infrastructure you can rely on and infrastructure that can vanish overnight under an FBI banner. If you were a NetNut customer, do not wait: your proxies are gone, and the fix is a quick migration to an ethical, resilient network.
Switch off NetNut today. Start with SpyderProxy residential proxies from $1.75/GB — ethically sourced, spread across multiple independent networks, in 195+ countries, and online right now.