Authorities have dismantled a significant criminal infrastructure after seizing thousands of servers from a rogue hosting company used to fuel widespread cyberattacks. The East Netherlands cybercrime team conducted a major operation on November 12, 2025, taking down approximately 250 physical servers located in data centers across The Hague and Zoetermeer. These physical machines powered a vast network of virtual servers that facilitated various illegal online activities, making this one of the largest infrastructure takedowns targeting bulletproof hosting services.
The seized hosting company operated under the guise of legitimacy, offering complete anonymity to its users and marketing itself as “bulletproof hosting.” It explicitly stated it would not cooperate with law enforcement agencies, promising protection for its criminal clientele. However, this extensive investigation revealed the company’s infrastructure was instrumental in facilitating cybercrimes across multiple jurisdictions, exposing its true nature as a criminal enterprise dedicated solely to illegal purposes.
The Rogue Hosting Company’s Extensive Role in Cybercriminal Operations
According to police analysts, the rogue hosting company had been implicated in over 80 criminal investigations both domestically and internationally since 2022. It continued to facilitate illegal operations until the moment of seizure, persistently supporting a diverse range of cybercriminal activities across different threat landscapes and attack vectors. This persistent involvement underscores the critical nature of such infrastructure in enabling persistent and widespread cyber threats.
The criminal infrastructure served as a critical enabler for a wide array of cybercriminal activities. Threat actors regularly rented digital space from the company to launch ransomware attacks, deploy sophisticated botnets designed to compromise thousands of systems, execute extensive phishing campaigns targeting both organizations and individuals, and distribute child exploitation material. Essentially, this hosting service provided the essential digital foundation that allowed these malicious actors to conduct their operations with a perceived sense of immunity.
The operational scope of the seized infrastructure was substantial, housing numerous criminal websites, command-and-control servers for malware, phishing infrastructure, and various other illicit services. The immediate seizure of both physical and virtual servers effectively disrupted these ongoing criminal operations and prevented the launch of new attacks leveraging this particular infrastructure. The impact of this takedown will likely be felt across various cybercriminal communities that relied on its services.
Following the seizure, authorities have initiated the crucial process of analyzing the vast amounts of data recovered from the servers. The primary objectives of this ongoing analysis include identifying additional criminal networks, individual threat actors, and notifying victims who may require assistance or information. Law enforcement agencies are diligently working to identify all users of the hosting service and trace the complete extent of criminal activities that were conducted through this illicit infrastructure.
This significant law enforcement operation highlights the critical importance of targeting the underlying infrastructure that empowers cybercriminal operations at scale. By dismantling the resources these criminals rely upon, authorities aim to disrupt their operations and reduce their capacity for future malicious activities. The continued investigation is expected to yield further insights into the global network of cybercrime facilitated by such bulletproof hosting providers.