Amsterdam police have dismantled the hosting provider ZServers/XHost, a platform that had been exploited as a hub for cybercriminal infrastructure. The operation, carried out on February 12, resulted in the seizure of 127 servers, which served as a foundation for hackers engaged in malware distribution, botnet management, and orchestrating cyberattacks.
The investigation, which spanned more than a year, uncovered that ZServers/XHost specialized in offering bulletproof hosting—an infrastructure designed to shield its clients from law enforcement scrutiny. According to police reports, the platform openly promoted anonymous hosting services for illicit content and facilitated cryptocurrency payments to obscure transaction trails.
Among the seized servers, investigators discovered tools linked to the Conti and LockBit ransomware groups. Authorities assert that ZServers/XHost not only provided these cybercriminals with technical resources but also actively shielded them from takedown efforts.
Unlike previous cases, where similar services were primarily targeted through legal means, law enforcement opted for direct action this time. The servers were physically taken offline, and all stored data was seized for forensic analysis. As a result, every resource hosted on the platform was rendered inaccessible.
No arrests have been made thus far, but the investigation remains ongoing. Authorities are meticulously examining confidential files found on the servers in an effort to identify both the owners and users of the illicit hosting service. The collected evidence is expected to lead investigators to the masterminds behind this criminal enterprise.
The physical dismantling of servers is an uncommon tactic in the fight against cybercrime. Typically, such platforms are merely taken down at the domain level—a measure that often proves ineffective, as they can rapidly relocate their infrastructure and resume operations. However, this case signals that law enforcement agencies are prepared to employ more aggressive countermeasures.
The issue of bulletproof hosting remains a pressing concern. These hosting services play a pivotal role in cybercriminal operations, granting malicious actors near-total anonymity. Without such infrastructure, launching large-scale malware attacks, botnet operations, and ransomware campaigns would be significantly more challenging. In response, Dutch authorities are advocating for stricter regulations, including mandatory customer identification for hosting providers.
Despite the success of this operation, the battle against cybercrime is far from over. Illicit hosting platforms continue to operate globally, and criminals relentlessly seek new methods to evade enforcement actions.
Related Posts:
- Telegram Banned in Amsterdam: Cybercrime Concerns Trigger Action
- Bulletproof Hosting: The Dark Infrastructure Behind Global Cybercrime
- Dutch police arrested 3 ransomware criminals, aged only 18-21, who made illegal profits of 2.5 million euros
- PROSPERO & Proton66: Unmasking the Bulletproof Hosting Connection
- US Treasury Sanctions Russian Bulletproof Hosting Provider Zservers for Supporting LockBit Ransomware Attacks
