Best NetNut Alternatives: What Happened and What to Do

Alexander

July 09, 2026

General

Best NetNut Alternatives: What Happened and What to Do
Internet
Proxy server
Checker

NetNut is not in the best of times. Its proxy infrastructure, one of the largest, is allegedly associated with the “Popa,” a two-million-device botnet. In early July 2026, Google began shutting down its vast IP network, along with the FBI. Here, we’re going to explore the situation in greater depth and present a viable alternative to NetNut’s proxy network.

⚙️

For a quick solution: just visit CyberYozh’s catalog and select everything you need, from different proxy configurations to virtual cards and numbers

ℹ️

In this context, read more about ethical proxy sourcing and various approaches to run a stable, consent-based proxy network.

What’s happened with NetNut and why it’s down

Here's what's going on: the CyberYozh team is exploring the situation with NetNut proxies and figuring out what it means for proxy users worldwide.

NetNut’s alleged botnet misuse

Security researchers at Qurium, Synthient, Nokia Deepfield, and Spur published findings in June 2026 linking NetNut's commercial proxy gateway to a botnet tracked as "Popa."

This is a network of at least two million compromised consumer devices, including smart TVs and streaming boxes. Google's Threat Intelligence Group says its own intelligence aligns with these reports.

In a single week in June, it observed 316 distinct threat clusters, including cybercriminal and suspected espionage groups, routing traffic through suspected NetNut exit nodes.

Reporting from Krebs on Security and Reuters indicates devices were reportedly enrolled through hidden SDKs bundled into IPTV, streaming, and utility apps, with little or no explicit consent from device owners.

As a result, since July 2, 2026, NetNut’s website looks like below:

Banner showing NetNut website seized by FBI, Google, Lumen, and others

Alarum Technologies (NASDAQ: ALAR), NetNut's publicly traded parent company, has stated that it

takes this matter seriously and will fully cooperate with law enforcement to ensure any misuse of its infrastructure is thoroughly investigated.

It's worth stressing that these are allegations and findings from third-party researchers and government agencies, not a proven criminal conviction, but the volume and consistency of independent reporting is notable. 

Google’s shutdown and consequences for NetNut users

On July 2, 2026, Google, the FBI, the IRS Criminal Investigation division, and Lumen Technologies jointly acted against NetNut's infrastructure. As per Google’s report, the actions taken included:

  • Google disabled accounts and services tied to NetNut's alleged command-and-control operations

  • Google Play Protect was updated to flag and disable apps carrying the associated SDK code

  • The FBI and IRS seized netnut.com, sister brand proxyjet.io, and divinetworks.com (used for ISP/static residential proxy sourcing)

  • Technical intelligence was shared with law enforcement and industry partners to support broader enforcement

For everyday users of NetNut's service, the fallout has been immediate and disruptive
  1. Millions of IPs were reportedly stripped from the available pool, degrading network size and reliability

  2. Core domains were seized and replaced with federal seizure notices, disrupting account access and support

  3. Reputational damage may affect ongoing business operations and renewal decisions for enterprise clients

  4. Downstream resellers who whitelabeled NetNut's infrastructure are also exposed to the same disruption

To summarize: NetNut users need a reliable alternative with ethical proxy sourcing and clear abuse prevention.

What you need to know about NetNut and proxy alternatives

Before this disruption, NetNut marketed access to millions of residential IPs across a global user base of scrapers, marketers, and ad-verification companies, built substantially through third-party app SDKs rather than transparent, individually verified participation. 

This is exactly the structural weakness that ethical sourcing is meant to prevent.

For example, CyberYozh runs its residential and mobile pools on explicit, revocable participant consent rather than bundled SDK enrollment, giving users transparency over where their proxy IPs actually come from. 

The next section walks through exactly how that ethical sourcing model works in practice.

How CyberYozh assures its quality

CyberYozh doesn't make it up. Let's see how its proxy networks operate to avoid issues like those NetNut is now facing: no botnets and no unethically sourced IPs are present in its residential pool. Dedicated teams, powered by community support, continually investigate and remove any suspicious cases.

IP Checker for instant quality checkups

Every proxy is only as trustworthy as the IP behind it. That’s why CyberYozh built its own IP Checker tool that cross-references addresses against multiple anti-fraud databases.

It returns a composite:

  • fraud score

  • VPN/proxy/Tor flags

  • blacklist status

  • ASN type. 

Any IP scoring 50 or higher on the fraud scale is flagged as high risk and should be rejected before use. This same filtering logic can be applied in three practical ways:

  • Manually check any single IP before deploying it on a sensitive target

  • Automate IP quality filtering at scale through the CyberYozh API, rejecting flagged addresses before they reach a project

  • Use rotating residential proxies with IP filtering configured directly from the dashboard, so only clean, low-risk IPs are ever assigned

Ethical proxy sourcing workflows

CyberYozh builds its residential and mobile proxy pools through direct agreements with real ISPs, carriers, and individual participants who explicitly opt in, understand what data is shared, know their compensation, and can withdraw at any time. 

This stands in contrast to the SDK-bundling model implicated in the NetNut case, where consent was reportedly buried or absent entirely.

Dedicated abuse team of CyberYozh

‼️

If you have any information about the participation of our proxy network in any abuse, waste no time and write us at abuse@cyberyozh.com — each report will be reviewed with an average time of 45 minutes!

Beyond the automated IP quality filters, CyberYozh maintains a dedicated abuse team that actively monitors, investigates, and removes any IP or participant tied to suspicious or unauthorized activity, treating fast response as a core operational commitment rather than an afterthought.

Conclusion: Select CyberYozh and make sure your network is secured

The NetNut takedown is a reminder that not every proxy network is built the same way. CyberYozh's consent-based sourcing, IP quality filtering, and dedicated abuse team offer a transparent alternative for anyone seeking scraping, automation, or ad verification tools that won't put their business or conscience at risk.

So, don't wait any longer, and explore our proxy infrastructure right now.


FAQ about NetNut shutdown and CyberYozh’s alternative