The operation in the Netherlands concluded with the large-scale seizure of servers that had long served as a backbone for shadow hosting. A team from the eastern part of the country undertook the task of exposing a platform that, for several years, had offered a convenient refuge for malicious actors. According to police reports, the structure operated discreetly, yet had surfaced in numerous cases involving digital crime and continued to support underground activity until the moment of intervention.
The provider advertised its services as fully anonymous and claimed complete immunity from cooperation with oversight bodies. Such a reputation attracted those seeking an environment beyond the bounds of lawful conduct. While hosting services vary, this particular platform explicitly offered server capacity for illicit operations.
Through these resources, ransomware attacks were launched, botnets were controlled, fraudulent messages were distributed, and prohibited content was disseminated. The infrastructure provided a comfortable base from which covert operations could be maintained under the promise of opacity.
During the operation on 12 November, approximately 250 machines located in major data centres in The Hague and Zoetermeer were seized. These servers supported thousands of virtual systems, which ceased functioning immediately after the hardware was disconnected. This not only enables investigators to examine traces of all operations routed through the hosting network, but also prevents the platform from being used for further unlawful activity.
The police team stresses that halting the ongoing operations was the primary objective, as it reduces the risk of new victims and disrupts the operational chains of criminal groups.
The next phase focuses on analysing the vast collection of data gathered after the equipment was seized. This task has become a priority, given the volume of material and its significance for understanding the full scale of the activity and identifying the individuals involved.
