Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster
The Dutch Police (Politie) dismantled the ZServers/XHost bulletproof hosting operation after taking offline 127 servers used by the illegal platform.
Earlier this week, the authorities in the United States, Australia, and the United Kingdom, announced sanctions against the same bulletproof hosting provider for its involvement in cybercrime operations.
Specifically, the operators of Zservers were accused of facilitating LockBit ransomware attacks and supporting the cybercriminals efforts to launder illegally obtained money.
The hosting provider, operated by Russian nationals Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov, was also used to suppert botnet operations and to distribute malware.
Politie says that the Zservers service was knowingly backing these malicious activities and even advertised its lax policies to potential customers, making it clear that its infrastructure tolerated criminal acts.
"A bulletproof hoster is not just any shadowy company that ignores rules – it is the backbone of global cybercrime," states the Dutch police in today's announcement.
"Without these 'safe havens',many criminals would have nowhere to host their hacking tools, stolen data and fake websites."
Politie says that one of the seized servers hosted hack tools from Lockbit and also Conti ransomware, two of the most prolific and damaging ransomware-as-a-service operations.
The servers were located in the Paul van Vlissingenstraat colocation data centre in Amsterdam and cybercriminals could purchase services anonymously, by paying with cryptocurrency. At the moment, any websites hosted on the servers are no longer accessible.

All 127 seized servers will be investigated by specialists of the Cybercrime Team in Amsterdam, which may lead to more incriminating evidence and data that could point to other cybercriminal operations and the individuals running them.
However, this time, the action was limited to seizing computing equipment, and no arrests were made.
Mishin and Bolshakov, the administrators of Zservers, were sanctioned with asset freezes and travel banks but remain free, as no criminal charges have been announced against them yet.
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Medium.env Information Leak
InformationalCookie Poisoning
InformationalInformation Disclosure - Suspicious Comments in XML via WebSocket
InformationalInformation Disclosure - Sensitive Information in URL
InformationalBase64 Disclosure
InformationalRetrieved from Cache
MediumParameter Tampering
Free online web security scanner