New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Incidents in which police seized whole or large part of a provider/datacenter.
I am seeking to catalog incidents in which police seized a whole or large part of a datacenter be that due to incompetence, malice.
Small confiscations of a server or two does not count only multiple racks belonging to the same provider count.
These are the ones that immediately come to my mind. Please add some more in the comments.
Host year country Reason
PRQ 2006 Sweden PRQ customer servers were taken due to one of them hosting TPB, police gained nothing due to everything having FDE.[1]
URDN 2015 Ukraine Special police take servers for ransom due to unpaid bribes.[4]
NiceVPS ~2024? Switzerland All of NiceVPS servers located in Switzerland were taken offline due to one of them hosting BF.[2]
URDN 2025 Ukraine Special police take servers for ransom due to unpaid bribes.[3]
1 - See TPB AFK documentary
2 - I am having a hard time finding source for this but I remember it. If someone else has a source to this posting it would be helpful.
3 - https://lowendtalk.com/discussion/202699/urdn
4 - https://lowendtalk.com/discussion/67199/urdn-is-dead/
Edit - Changed NiceVPS location from Netherlands to Switzerland.
Thanked by 1384_cz
Comments
Your links say that URDN had only 2 racks and 1 /24.
It's hard to call it a provider.
cyberbunker some years ago in germany?
You are right I broke my own requirements right off the bat :-/
Their BGP routes might not be in the routing table anymore but they are still in my heart
What is this?
BreachForum I believe it was the 2nd iteration which was hosted on NiceVPS.
This was Switzerland location actually.
Probably https://en.wikipedia.org/wiki/BreachForums
@Yuki_ @tentor Thank you! I was looking through acronyms to see if there was some slang or something that I wasn't familiar with
That could very well be the case since I found nothing talking about it so I am going purely of memory.
There are also other seizures like Operation Endgame (2024) or Operation Synergia III (2024-2025).
Some possibly relevant LET threads/LEB articles:
Feel free to review those and maybe add to your catalog.
DigitalOne is one I have not heard about seems to fit the criteria. Megaupload, Operation Endgame and Operation Synergia III are not related to a specific datacenter/provider being heavily impacted. CyberBunker is a interesting case but I think its opposite to the criteria of police incompetence. ZServers and NiceVPS has no relation to each other as far as I can tell. and the two URDN and PRQ incidents are covered already. Please review your AI output before posting it.
Thank you, I will review these :-)
I have purposely pasted the full list to put things in order, it is difficult to say whether the seizure of servers by the police was competent or not.
You wrote that there may also be DC and Operation Endgame (2024) and Operation Synergia III (2024-2025) seized multiple small DCs that are over 2 racks.
I can say that the URDN takeover wasn't a result of police incompetence or malice; many illegal criminals purchased their services (just look at the abuse reports for their IP addresses). There's also no evidence that the police demanded a bribe; it's as good as the fact that Calin had his crypto blocked by the bank...
ZServers, XHost, and NiceVPS are the same provider if I remember correctly from BreachForums.
And yes, I did a review before posting this AI shit.
Shoutout @aluy
past will never leave me
Maxided.
https://lowendtalk.com/discussion/144557/maxided-taken-down-for-hosting-malware-ops
https://www.bleepingcomputer.com/news/security/police-seize-servers-of-bulletproof-provider-known-for-hosting-malware-ops/
Yet another reason everyone should use FDE even for their VPSes, ideally with AMD SEV-SNP.
You're even on https://www.spamhaus.org/drop/asndrop.json!
(I'd take that as a badge of honor, because fuck Spamhaus)
There should be at least one country you wanna skip, too many incidents.
Speaking of this, is there any country which you want to actively use for cases like this (where there is a good track record and 0 raids) ?
There was this I think 21 people deployed thing in the world which someone claimed to be its own country and then had some servers there Yea Sealand and havenco.
Anything similar to this or countries which is privacy friendly in a similar context which haven't gotten raided?
@aluy were you put in jail?
🗣️🔥🔥🔥🔥🔥🔥🔥
no, all charges were dropped
So, it's just harassment?
Stay safe, my friend.
no, the story behind it is a bit complicated and i want to leave it behind me, i wasnt the nicest person myself that time
Uhh, okay
Have a nice day
After reviewing these most seem to be providers in which probably had it coming the the exception where innocent peoples servers were taken offline is the globe raid.
I understand.
Reading the URDN thread I got another impression, that most of the abuse reports were due to Tor exit nodes and not real abuse by customers.
True but Ukraine is a very corrupt country even more so in 2015 this is why their sucession into the EU has been slow. I think it holds
more merrit than Calins claim. AirVPN stopped operating server from there due to a similare situation. Maksim Yakubets got a tip off by
local authorities in Ukraine that the FBI was coming to kick down doors so he could get to Russian and escape law enforcement. With these
facts in mind I dont doubt for a second that URDN is lying.
I do not think this is the case, ZServers and XHost is the same and was dismanteled in 2025 and before that ZServers was hacked but
NiceVPS is still up and running and I am not aware of any link between it and the other two now defunt hosters please correct me if i am wrong.
Perhaps I was a bit unclear in my inital post, I am mainly seeking to put a name of a DC or Provider next to the incident date and location so even if what you are saying is true
is true, without being directly involved in the operation its hard to know what specific DC/provider was impacted. You see 1025 server taken down but this did not happen over night
mostlikely and was a couple servers from ovh here and a couple servers from hetzner there, in these cases we can be fairly certain that the siezures was justified.
Seems like a lot of crime but small seizure.