-
The FBI, Google, Lumen, and industry partners disrupted infrastructure linked to the NetNut residential proxy network.
-
A cybersecurity researcher claims authorities accidentally seized a legitimate NetNut production domain during the operation.
-
Officials have not confirmed the reported mistake, although the wider cybercrime crackdown remains verified.

A major cybercrime operation led by the FBI has reportedly disrupted a legitimate NetNut domain alongside criminal infrastructure. Google, Lumen, and several industry partners supported the coordinated enforcement effort. The operation targeted infrastructure that investigators believe cybercriminals exploited to spread malware and conceal malicious online activity.
The seizure is part of a broader FBI crackdown on dark web criminal infrastructure. The agency recently seized a dark web domain tied to a $28 million bank account hijacking scheme.
The reported mistake surfaced shortly after Google announced the successful disruption of parts of NetNut’s residential proxy network. According to Reuters, investigators launched the operation to dismantle infrastructure that attackers allegedly used to distribute malware, disguise attack origins, and route malicious traffic through residential internet connections.
Cybersecurity researchers claimed one seized domain belonged to NetNut’s legitimate residential proxy service. According to the researcher, the production domain remains offline after authorities execute the seizure. The claim suggests investigators may have unintentionally targeted an active business service instead of criminal infrastructure.
Researcher Raises Questions Over Domain Seizure
Pirat_Nation shared the allegation after reviewing seizure notices and publicly available domain registration records. The researcher argued that one affected domain supported legitimate NetNut operations rather than services directly involved in criminal activity.
Neither the FBI nor Google has publicly addressed the reported mistake. NetNut’s parent company, Alarum Technologies, confirmed that federal authorities seized several company domains during the operation. However, the company did not specifically verify whether investigators mistakenly included a legitimate production domain.
According to Reuters, Alarum said it continues cooperating with authorities while assessing the impact of the enforcement action. The company has not released additional technical details explaining which domains investigators targeted or why they became part of the operation.
At this stage, Pirat_Nation remains the only public source claiming that investigators mistakenly seized a legitimate domain. No independent evidence has confirmed the allegation. Until officials respond, the reported error remains unverified despite widespread discussion across the cybersecurity community.
Residential Proxy Networks Face Growing Scrutiny
Residential proxy services allow internet traffic to appear as though it comes from ordinary home internet connections. Businesses often rely on these networks for legitimate activities, including web data collection, advertising verification, and market research.
However, security researchers have repeatedly warned that cybercriminals abuse residential proxy networks to avoid detection. These services can hide attackers’ real locations while making malicious traffic appear trustworthy to victims and security tools.
Google said the operation significantly reduced the availability of residential proxy devices associated with NetNut. The company added that disrupting those devices limits criminals’ ability to anonymously route malicious traffic through residential internet addresses.
Reuters also reported that federal investigators examined possible links between NetNut’s infrastructure and criminal activity for more than a year. Earlier Bloomberg reporting indicated authorities investigated whether operators connected to the Popa botnet abused parts of the company’s infrastructure. The investigation reportedly involved multiple government agencies alongside private cybersecurity partners.
Investigation Continues as Domain Remains Offline
The reported production domain identified by Pirat_Nation remained inaccessible when this report was published. Authorities have not indicated whether they intend to restore access or whether they intentionally included the domain during the operation.
If investigators eventually confirm the reported mistake, the incident would highlight a recurring challenge during large cybercrime takedowns. Domain seizures often cripple malicious infrastructure within minutes. However, shared technical resources can sometimes expose legitimate services to unintended disruption.
For now, the broader operation against infrastructure allegedly abused by cybercriminals remains confirmed. The reported mistaken seizure does not. Until the FBI, Google, or Alarum provides further clarification, Pirat_Nation’s findings remain an unverified allegation rather than an established fact.