On July 2, 2026, Google announced action against the NetNut residential proxy network (also known as Popa), in coordination with the FBI and Lumen. The company says it disabled accounts and services tied to malware command-and-control operations, and shared technical intelligence with law enforcement and industry partners.
According to Google, the action removed millions of devices from the operator's available pool. Reuters, via Zonebourse, covers the operation.
If NetNut sat in your stack for web scraping, price monitoring, or OSINT collection, now is the time to assess the impact on your pipelines and plan a migration.
Context
NetNut sold rotating residential, ISP, mobile, and datacenter proxies. A subsidiary of Alarum Technologies (Israel, founded 2017), it was used by teams that paired an IP pool with their own scraping code.
Residential proxy networks have legitimate uses, but they are also regularly abused to hide malicious traffic. That tension explains why major platforms keep tightening enforcement, and why a proxy network can vanish overnight and take your pipeline with it.
Likely impact on your stack
Without assuming anything about your specific use case, teams on NetNut typically see the following in this kind of situation:
- Higher error rates and timeouts
- Instability on routes still active
- Increased blocking on target sites, as network IPs get flagged
Even for compliant use, maintaining the proxy + anti-bot layer yourself gets expensive when the provider collapses.
What the investigation highlights
Researchers documented the link between Popa and NetNut. One summarized the industry takeaway:
If you take short cuts building your proxy network, there are criminal consequences. Huge shout out to all of the researchers that linked Popa to Netnut and the criminal conspiracy to build a large residential proxy pool. All proxy providers should be careful with their SDK and where it might land.
For data teams, the practical lesson: outsourcing collection to an API that handles proxies, fingerprinting, and anti-bot internally reduces your exposure to a third-party IP pool.
How to migrate
1. Inventory your use cases
| Use case | Underlying need |
|---|---|
| E-commerce scraping | Structured data, anti-bot handling |
| SERP monitoring | Indexed pages, geo context |
| JavaScript sites | Full DOM rendering |
| Protected sites (Cloudflare, DataDome…) | Reliable unblocking |
Often the goal is not "a residential pool" per se, but reliable access to data.
2. Pick the right Piloterr mode
Piloterr does not sell proxies. We offer managed scraping APIs. Three products cover most cases:
| Product | When to use it |
|---|---|
| Scraper APIs (400+ endpoints) | Ready-made structured data (Amazon, LinkedIn, SERP, e-commerce…) |
| Website Rendering | JavaScript pages, selector waits, rendered HTML |
| Website WebUnlocker | Hardened anti-bot targets (Cloudflare, DataDome, PerimeterX…) |
Proxies, IP rotation, and bypass are handled on Piloterr's side. You do not buy or configure a proxy gateway.
To choose between Crawler, Rendering, and WebUnlocker, see our comparison guide.
3. Replace the proxy with an API call
Before: HTTP request + NetNut proxy + custom parsing.
After: dedicated endpoint or rendering, depending on the site.
Structured endpoint (e.g. e-commerce product):
import requests
response = requests.get(
"https://api.piloterr.com/v2/lidl/product",
headers={"x-api-key": "YOUR-API-KEY"},
params={"query": "100397447", "region": "fr"},
timeout=30,
)
data = response.json()
Generic JavaScript page:
import requests
response = requests.get(
"https://api.piloterr.com/v2/website/rendering",
headers={"x-api-key": "YOUR-API-KEY"},
params={"query": "https://example.com/page", "wait_in_seconds": 10},
timeout=60,
)
html = response.text
Protected site: use WebUnlocker (allowlisted domain).
In summary
- Google's action permanently degrades the NetNut network: plan the migration now.
- If you scraped via DIY proxies, consider a Scraper API, JS rendering, or WebUnlocker instead of shopping for another proxy vendor.
- Fewer moving parts, less risk that a compromised IP pool takes down prod.
Questions? Contact us or browse the API library.