Find notable cyber news and cases, enriched with sources, timelines, and signals.

FBI seizure of NetNut proxy domains

Law Enforcement
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The FBI seized NetNut domains in a law-enforcement takedown of proxy infrastructure abused for cybercrime, disrupting a network that routed malicious traffic through residential IP addresses. The move targeted infrastructure linked to the Popa botnet and a residential proxy service used for password spraying, credential stuffing, advertising fraud, and sensitive data scraping. The seizure also prompted Alarum Technologies to say it would cooperate with investigators as the misuse of its infrastructure was reviewed.

Related Happenings

FBI seizes NetNut and Popa botnet domains

Law Enforcement
H score34 First: 02.07.2026 22:27 Last: 02.07.2026 22:27 Sources 1

About this happening: The **FBI** seized **hundreds of domains** tied to **NetNut** and the **Popa botnet**, disrupting infrastructure used for **abusive traffic** and **account-takeover activity**. Th...

Foreign-run botnets relaying traffic through infected Canadian devices

Malware Activity
H score22 First: 22.06.2026 12:11 Last: 22.06.2026 12:11 Sources 1

About this happening: The public ruling confirms **two foreign-run botnets** used **infected Canadian devices** as traffic relays, a setup that can conceal probing of **critical infrastructure, governm...

Popa botnet forcing consumer TV boxes to relay traffic

Malware Activity
H score76 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

How related: At the heart of the NetNut residential proxy service was the Popa botnet, an engineered stealth communications layer.

About this happening: **Popa** is an **Android-based botnet** that turns **consumer TV boxes** and related devices into relay infrastructure, maintaining encrypted connectivity and opening tunnels on d...

Latest development: 03.07.2026 12:35

Google disabled NetNut accounts used for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing compromised SDKs while FBI legal actions and domain seizures targeted NetNut infrastructure. The coordinated disruption was described as degrading NetNut’s proxy network and shrinking the pool of devices available to the operator.

Vo1d botnet campaign targeting unofficial Android-based TV boxes

Campaign
H score88 First: 18.06.2026 20:37 Last: 18.06.2026 20:37 Sources 1

How related: At the heart of the NetNut residential proxy service was the Popa botnet, an engineered stealth communications layer.

About this happening: **NetNut** used the **Popa botnet** and deceptive SDKs on **off-brand Android-based smart TVs**, streaming media boxes, and unofficial apps to turn home connections into **residen...

Latest development: 03.07.2026 12:35

Google disabled all Google accounts used by NetNut for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing the compromised SDKs. The FBI’s seizure banner appeared on netnut.com while netnut.io briefly remained accessible, and Google said the coordinated actions caused significant degradation to NetNut’s proxy network and business operations.

FBI takedown of Outsider Enterprise phishing service

Law Enforcement
H score63 First: 14.06.2026 17:36 Last: 14.06.2026 17:36 Sources 1

About this happening: The **FBI** and partners **dismantled** **Outsider Enterprise**, a **phishing-as-a-service** operation tied to **thousands of phishing websites** and large-scale credential theft....

Timeline

  1. 03.07.2026 12:35 2 articles · 6d ago

    FBI seizes NetNut domains and Google disables NetNut accounts

    Legal Policy Action Update

    The FBI seized domains associated with NetNut, prompting Alarum Technologies to say it would cooperate with law enforcement on the misuse of its infrastructure. Google said it disabled all Google accounts used by NetNut for malware command-and-control, updated Google Play Protect to warn Android users, and disabled apps containing compromised SDKs, while noting that the coordinated actions significantly degraded NetNut’s proxy network and business operations.

    Show sources