Polish authorities have arrested four individuals accused of running a network of websites that allowed users to launch cyberattacks for a small fee.
The suspects are believed to be behind six now-defunct platforms — Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut — which enabled paying customers to flood targeted websites and servers with fake traffic, knocking them offline for as little as €10.
The services operated between 2022 and 2025 and are believed to have facilitated thousands of attacks globally. Targets included schools, government services, private businesses, and gaming platforms. The websites offered user-friendly interfaces requiring no technical knowledge. Users simply entered the target’s IP address, selected the attack type and duration, and paid the fee, automating complex attacks that could take down even well-protected systems.
The arrests in Poland were part of a wider international operation coordinated by Europol, with the involvement of law enforcement agencies from the Netherlands, Germany, and the United States. Dutch authorities played a key role by setting up fake booter websites to warn users and gather intelligence. They also shared seized data with international partners, leading to the identification and arrest of the suspects in Poland.
As part of the same operation, U.S. authorities seized nine domains linked to DDoS-for-hire services, continuing their crackdown on the illegal industry. Germany supported the investigation by identifying one of the suspects and providing intelligence on others.
Stresser and booter services often claim to offer legal testing tools, but are widely used to launch deliberate attacks. These services differ from traditional botnets by using rented infrastructure to carry out large-scale distributed denial-of-service (DDoS) attacks. They are frequently advertised on underground forums and the dark web, with payments made through anonymous methods.
