DDoS-for-Hire Services Targeted in Global Crackdown, Admins Arrested, Domains Seized

• A global operation took down several platforms offering Distributed Denial of Service attacks to users for a fee.
• The arrested administrators ran six DDoS-for-hire platforms – Cfxapi, Cfxsecurity, Neostress, Jetstress, Quickdown, and Zapcut.
• Authorities in the Netherlands set up fake booter sites to warn users seeking out DDoS-for-hire services.

Authorities in Poland have dealt a significant blow to the illicit market for Distributed Denial of Service (DDoS)-for-hire platforms as part of a global crackdown operation, which resulted in the arrest of a few administrators and the seizure of domains. 

The arrests in Poland were part of a coordinated international law enforcement initiative, involving agencies across four countries under the Europol-led Operation PowerOFF.  

The Central Cybercrime Bureau in Poland arrested four individuals who allegedly administered a network of services facilitating thousands of coordinated cyberattacks globally.  

The suspects ran six DDoS-for-hire platforms, including Cfxapi, Cfxsecurity, Neostress, Jetstress, Quickdown, and Zapcut, which were operational between 2022 and 2025. These platforms allowed users to launch high-volume attacks against websites and servers for fees starting as low as €10.  

With user-friendly interfaces, these services enabled even non-technical individuals to initiate cyberattacks simply by inputting a target IP address and selecting attack parameters such as duration and type. Victims have included schools, governmental institutions, businesses, and gaming platforms.  

Dutch authorities contributed critical data from fake booter sites designed to warn users seeking out DDoS-for-hire services in the Netherlands, while the U.S. Department of Justice and FBI seized nine domains associated with the illegal platforms, as part of their ongoing crackdown on commercialized DDoS services.

The Federal Criminal Police Office (Bundeskriminalamt) provided intelligence leading to the identification and apprehension of one suspect.

Stresser and booter services are promoted under the guise of legitimate stress-testing tools. However, the vast majority of their usage is intended for malicious purposes, flooding target servers with fake traffic to render them inaccessible through DDoS attacks.  

Unlike traditional botnets, these platforms use industrialized infrastructures, automating attacks with centralized coordination and billing. Transactions are frequently anonymized using cryptocurrencies, making traceability harder for law enforcement.  

By pursuing administrators and users alike, law enforcement aims to dismantle the infrastructure enabling these illegal services.