Conferences
Budapest, Hungary
08
July
Budapest, Hungary
08
July
Budapest, Hungary
08
July
Budapest, Hungary
08
July
08
July
Budapest, Hungary
08
July
08
July
Budapest, Hungary
08-10
July
Budapest, Hungary
09
July
09
July
09
July
09
July
09
July
Budapest, Hungary
09
July
09
July
Budapest, Hungary
09
July
Budapest, Hungary
09
July
Будапешт, Венгрия
09-10
July
10
July
14
July
Tbilisi, Georgia.
15
July
15
July
16
July
Limassol, Cyprus
23-24
July
Limassol, Cyprus
07
August
Saint Petersburg, Russia
12-13
August
25
August
Mexico City, Mexico
27-01
August -
September
Мехико, Мексика
31
August
Mexico City, Mexico
01-03
September
01
September
Mexico City, Mexico
01-03
September
Mexico City, Mexico
03
September
Cancún, Mexico
07-08
September
Rome, Italy
02-05
November
Rome, Italy
02
November
04
November
05
November
24-25
November
Bangkok, Thailand
30-02
November -
December
Bangkok, Thailand
09-10
December
Ta’ Qali, Malta
03-05
May
Ho Chi Minh City, Vietnam
14
June

NetNut Domains Seized by FBI Amid Investigation


The FBI has seized some of the domains associated with NetNut, a major residential proxy service linked to the Popa botnet.

Currently, visiting netnut.com opens an FBI seizure notice. The banner states that the domain was seized by the FBI as part of an operation targeting NetNut, its administrators, and subscribers. It also mentions the U.S. Department of Justice, the Internal Revenue Service, Google, Lumen, and Shadowserver.

At the same time, the service’s public website at netnut.io remains accessible for now. Therefore, this does not appear to be a complete shutdown of NetNut, but rather the seizure of part of its domain infrastructure. In the comments section of the KrebsOnSecurity article, Brian Krebs wrote that, according to his information, authorities are also working to seize the .io domain, but the process is taking longer. He also said that the internal infrastructure of Popa and the proxy network appears to be offline.

According to Google, NetNut is one of the world’s largest residential proxy networks. Google says that NetNut, also known as Popa, covered at least 2 million devices worldwide and used ordinary users’ devices, including Smart TVs and TV boxes/set-top boxes, to turn them into proxy nodes. The proxy code could be installed on devices through applications or pre-installed software.

These nodes could be used to conceal the true source of traffic. According to Google, during just one week in June 2026, it observed 316 threat actor groups using suspected NetNut exit nodes. These included both cybercriminal and espionage groups.

Google, together with the FBI, Lumen, and other partners, disabled related accounts and services used to manage the malicious infrastructure. Google also shared technical data with law enforcement agencies and researchers, while Android security systems began disabling applications containing embedded NetNut proxy code.

Google believes that the operation significantly disrupted the NetNut proxy network and reduced the available device pool by millions.

Alarum Technologies, NetNut’s parent company, confirmed that the FBI had seized several domains associated with NetNut. The company said it would cooperate with law enforcement and investigate potential abuse of its infrastructure.

KrebsOnSecurity reports that devices in such a network could be used for large-scale data scraping, ad traffic fraud, account takeover attempts, and other suspicious traffic.

NetNut positions itself as a provider of residential, mobile, static, and datacenter proxies. The company’s website also states that NetNut is a subsidiary of Alarum Technologies Ltd., whose shares are traded on NASDAQ under the ticker ALAR.


Like it? Share with your friends!
0 Comments
Affiliate - Our assessment
Verticals
Min. sum
Site
It’s an affiliate program of the eponymous online casino. A direct advertiser as of 2017. They work by RevShare (up to 50%) partnership strategy.
1,000 rubles/$20/€20 pay
фото
фото
фото
фото
фото
фото
фото
фото
фото
фото
фото
фото
фото
фото
Affiliate program in the gambling vertical, a direct advertiser. It accepts traffic from CIS. It cooperates on the CPA, RevShare, Hybrid, Fix, and Flat models.
€100 pay
фото
фото
фото
фото
фото
фото
фото
It’s our affiliate program with gambling and betting offers. We are currently in beta but we accept traffic.
$20 pay
фото
860
Go to offers
SpinBetter Partners is an affiliate program in the Gambling and Betting verticals and a direct advertiser of the SpinBetter project. The company has been operating since 2019. It co-operates on CPA, Hybrid, RevShare, Fix, and Fix + RevShare models. SpinBet accepts SEO, ASO, PPC, UAC, Facebook, social, stream, email, messaging apps, and other types of traffic, except motive, schemes, and fraud.
50 pay
фото
фото
фото
фото
фото
Traffic Cake is a direct advertiser offering iGaming vertical offers. Exclusive offers include VOX and Winnita. GEOs: Tier-1 and Tier-2. An authorized partner of well-known brands such as Vulkan Vegas, IceCasino, and Verde Casino. Works on CPA (up to €600), RevShare, and Hybrid models. Affiliates can earn up to 60% RevShare. Payments are made weekly with no delays. All major traffic sources are accepted.
€100 pay
фото
фото
Direct advertiser of popular European casino and sportsbook brands V.Vegas, ICE Casino, VERDE Casino, FS Casino, Fiery Play, Slotoro and Hit’N’Spin. Founded in 2016, they operate on CPA, RevShare, and Hybrid models, accepting traffic from over 35 countries. They provide all the necessary tools for success.
€100 pay
фото
фото
фото
фото
фото