alt.hn

7/2/2026 at 10:48:00 PM

FBI Seizes NetNut Proxy Platform, Popa Botnet

https://krebsonsecurity.com/2026/07/fbi-seizes-netnut-proxy-platform-popa-botnet/

by k1m

7/3/2026 at 11:52:28 AM

> most of the no-name TV streaming boxes for sale on the major e-commerce websites either come pre-installed with residential proxy software, or require the installation of proxy SDKs in order to use the device

> Even people without TV streaming boxes can find their smart TVs enrolled in residential proxy networks, just by installing one of thousands of apps available for download on Samsung and LG smart TVs. In a report released last month, the proxy tracking company Spur found 42 percent of apps available for download via the webOS operating system on LG smart TVs include SDKs that turn one’s television into an always-on residential proxy node. More than a quarter of the apps made for Samsung’s Tizen operating system had similar residential proxy components, Spur found.

Most interesting part of the article for me. I wonder if people with a streaming box run into tor-exit-node type problems.

by awakeasleep

7/4/2026 at 12:15:55 AM

> I wonder if people with a streaming box run into tor-exit-node type problems.

Some definitely do.

One of my family members had a mobile app installed that turned their device into a resi proxy, and I started to get super frequent CAPTCHAs, which I thought was odd. I found out what was happening when our IP got banned from Wikipedia with the reason "believed to be a residential proxy"

by KomoD

7/3/2026 at 1:01:46 AM

    The Federal Bureau of Investigation (FBI) said today it worked
    with industry partners to seize hundreds of domains associated
    with NetNut, a sprawling residential proxy service operated by
    the publicly-traded Israeli company 
    Alarum Technologies [NASDAQ: ALAR].

by WarOnPrivacy

7/2/2026 at 11:00:29 PM

> https://x.com/weezerOSINT/status/2072772333329416654

> They seized the wrong domain. Netnut is still up and running

> The domain FBI seized: https://netnut.com

> The real domain https://netnut.io

The backend infrastructure, for similar reasons, is probably still operational, even if it might have taken a hit.

by A_D_E_P_T

7/2/2026 at 11:30:03 PM

Google shows netnut.com[1] being the same thing, so not sure it's the wrong domain. Maybe not the main one. Brian Krebs' comment on this[2]:

> Pretty sure they're working on getting that domain too, but it's taking longer for some reason. Either way, they have dismantled the botnet's back end infrastructure, so for now it's not doing much.

[1] https://www.google.com/search?q=site%3Anetnut.com

[2] https://www.linkedin.com/posts/bkrebs_new-breaking-fbi-seize...

by k1m

7/3/2026 at 12:04:59 AM

WRT [1], you get a lot more results with https://www.google.com/search?q=site%3Anetnut.io

And if they didn't even grab the main domain that the service used, why so confident that they've totally dismantled the back end infrastructure?

by A_D_E_P_T

7/4/2026 at 12:21:13 AM

I don't know about "totally dismantled" but it definitely had some impact.

> As a result of these developments, the Company is currently experiencing disruptions to a portion of its services. If these disruptions continue for an extended period, they are likely to have a material adverse effect on the Company's operations, financial results and its ability to provide certain services to its customers.

https://www.globenewswire.com/news-release/2026/07/03/332182...

by KomoD

7/3/2026 at 12:21:54 AM

I personally have no insight into what they have or haven't dismantled. Just found the article interesting (had never heard of the company). Was responding to the "They seized the wrong domain" claim in the tweet you quoted. I read that and thought they disabled an unrelated domain, which doesn't appear to be the case. As for the main domain, no idea about that. Someone brought that up to the author of the piece, and the bit I quoted was his response. I have no more info beyond that.

by k1m

7/3/2026 at 5:58:58 AM

Are residential proxies illegal? Why is the FBI involved with civil actions?

by rendaw

7/3/2026 at 4:57:32 PM

It certainly should be when the end users are not doing it on purpose.

by msh

7/3/2026 at 6:19:41 AM

They seized netnut.com, but netnut.io is still online. Not sure how long that'll last though.

by meszmate

7/3/2026 at 4:54:33 AM

Disrupting a publicly-traded Israeli company? Heads will roll on Monday.

This will cause a disruption to all sorts of intelligence operations. The FBI didn’t get the memo apparently.

by iJohnDoe

7/3/2026 at 9:01:58 AM

Should've emailed procurement first

by chews

7/3/2026 at 1:47:40 AM

Google is pulling up the ladder for other internet crawlers for search engines and AI. It also hurts privacy and anonymity taking away an option to hide your IP without being an obvious VPN exit point.

by charcircuit

7/3/2026 at 4:58:29 PM

This was more like a fraud where they misled end users into running proxies.

by msh

7/3/2026 at 9:03:51 AM

Just annoyed that tencent and others are using alternate channels.

by chews