Best NetNut Alternatives: What Happened and What to Do

NetNut is not in the best of times. Its proxy infrastructure, one of the largest, is allegedly associated with the “Popa,” a two-million-device botnet. In early July 2026, Google began shutting down its vast IP network, along with the FBI. Here, we’re going to explore the situation in greater depth and present a viable alternative to NetNut’s proxy network.
For a quick solution: just visit CyberYozh’s catalog and select everything you need, from different proxy configurations to virtual cards and numbers
In this context, read more about ethical proxy sourcing and various approaches to run a stable, consent-based proxy network.
What’s happened with NetNut and why it’s down
Here's what's going on: the CyberYozh team is exploring the situation with NetNut proxies and figuring out what it means for proxy users worldwide.
NetNut’s alleged botnet misuse
Security researchers at Qurium, Synthient, Nokia Deepfield, and Spur published findings in June 2026 linking NetNut's commercial proxy gateway to a botnet tracked as "Popa."
This is a network of at least two million compromised consumer devices, including smart TVs and streaming boxes. Google's Threat Intelligence Group says its own intelligence aligns with these reports.
In a single week in June, it observed 316 distinct threat clusters, including cybercriminal and suspected espionage groups, routing traffic through suspected NetNut exit nodes.
Reporting from Krebs on Security and Reuters indicates devices were reportedly enrolled through hidden SDKs bundled into IPTV, streaming, and utility apps, with little or no explicit consent from device owners.
As a result, since July 2, 2026, NetNut’s website looks like below:

Alarum Technologies (NASDAQ: ALAR), NetNut's publicly traded parent company, has stated that it
takes this matter seriously and will fully cooperate with law enforcement to ensure any misuse of its infrastructure is thoroughly investigated.
It's worth stressing that these are allegations and findings from third-party researchers and government agencies, not a proven criminal conviction, but the volume and consistency of independent reporting is notable.
Google’s shutdown and consequences for NetNut users
On July 2, 2026, Google, the FBI, the IRS Criminal Investigation division, and Lumen Technologies jointly acted against NetNut's infrastructure. As per Google’s report, the actions taken included:
Google disabled accounts and services tied to NetNut's alleged command-and-control operations
Google Play Protect was updated to flag and disable apps carrying the associated SDK code
The FBI and IRS seized netnut.com, sister brand proxyjet.io, and divinetworks.com (used for ISP/static residential proxy sourcing)
Technical intelligence was shared with law enforcement and industry partners to support broader enforcement
For everyday users of NetNut's service, the fallout has been immediate and disruptive
Millions of IPs were reportedly stripped from the available pool, degrading network size and reliability
Core domains were seized and replaced with federal seizure notices, disrupting account access and support
Reputational damage may affect ongoing business operations and renewal decisions for enterprise clients
Downstream resellers who whitelabeled NetNut's infrastructure are also exposed to the same disruption
To summarize: NetNut users need a reliable alternative with ethical proxy sourcing and clear abuse prevention.
What you need to know about NetNut and proxy alternatives
Before this disruption, NetNut marketed access to millions of residential IPs across a global user base of scrapers, marketers, and ad-verification companies, built substantially through third-party app SDKs rather than transparent, individually verified participation.
This is exactly the structural weakness that ethical sourcing is meant to prevent.
For example, CyberYozh runs its residential and mobile pools on explicit, revocable participant consent rather than bundled SDK enrollment, giving users transparency over where their proxy IPs actually come from.
The next section walks through exactly how that ethical sourcing model works in practice.
How CyberYozh assures its quality
CyberYozh doesn't make it up. Let's see how its proxy networks operate to avoid issues like those NetNut is now facing: no botnets and no unethically sourced IPs are present in its residential pool. Dedicated teams, powered by community support, continually investigate and remove any suspicious cases.
IP Checker for instant quality checkups
Every proxy is only as trustworthy as the IP behind it. That’s why CyberYozh built its own IP Checker tool that cross-references addresses against multiple anti-fraud databases.
It returns a composite:
fraud score
VPN/proxy/Tor flags
blacklist status
ASN type.
Any IP scoring 50 or higher on the fraud scale is flagged as high risk and should be rejected before use. This same filtering logic can be applied in three practical ways:
Manually check any single IP before deploying it on a sensitive target
Automate IP quality filtering at scale through the CyberYozh API, rejecting flagged addresses before they reach a project
Use rotating residential proxies with IP filtering configured directly from the dashboard, so only clean, low-risk IPs are ever assigned
Ethical proxy sourcing workflows
CyberYozh builds its residential and mobile proxy pools through direct agreements with real ISPs, carriers, and individual participants who explicitly opt in, understand what data is shared, know their compensation, and can withdraw at any time.
This stands in contrast to the SDK-bundling model implicated in the NetNut case, where consent was reportedly buried or absent entirely.
Dedicated abuse team of CyberYozh
If you have any information about the participation of our proxy network in any abuse, waste no time and write us at abuse@cyberyozh.com — each report will be reviewed with an average time of 45 minutes!
Beyond the automated IP quality filters, CyberYozh maintains a dedicated abuse team that actively monitors, investigates, and removes any IP or participant tied to suspicious or unauthorized activity, treating fast response as a core operational commitment rather than an afterthought.
Conclusion: Select CyberYozh and make sure your network is secured
The NetNut takedown is a reminder that not every proxy network is built the same way. CyberYozh's consent-based sourcing, IP quality filtering, and dedicated abuse team offer a transparent alternative for anyone seeking scraping, automation, or ad verification tools that won't put their business or conscience at risk.
So, don't wait any longer, and explore our proxy infrastructure right now.