Police Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network

Summary

A global law enforcement operation coordinated by Europol and German authorities dismantled a massive dark web cybercrime network consisting of over 373,000 onion domains operated by a single 35-year-old suspect in China. The network, known as "Alice with Violence CP," offered illegal content including child sexual abuse material (CSAM) and fraudulent cybercrime-as-a-service, generating €345,000+ from roughly 10,000 customers. Operation Alice (March 9-19, 2026) involved 23 countries, seized 100+ servers, and identified 440 platform users with 100+ cases under investigation.

Full text

Cyber Crime Dark WebPolice Shut Down 373,000 Dark Web Sites in Single-Operator CSAM Network Police shut down 373K dark web sites in a one-man CSAM and cybercrime network run by a 35-year-old man in China, with global probe ongoing. byWaqasMarch 23, 20262 minute read Seizure notice now visible on the seized dark web sites (Credit: Europol) A global law enforcement operation has shut down more than 373,000 dark web websites linked to a large cybercrime network, making it one of the biggest coordinated takedowns of its kind. These sites offered cybercrime-as-a-service (CaaS) and illegal content, including child sexual abuse material (CSAM). The operation, backed by Europol and led by German authorities, targeted a network built around a dark web platform known as “Alice with Violence CP.” The case began in 2021 as a routine investigation, but investigators soon uncovered a much larger network behind it. Authorities say one person was running more than 373,000 onion domains. The volume of sites allowed the network to flood the dark web with fake marketplaces. These pages advertised illegal content and cybercrime services but were set up to collect cryptocurrency from users without delivering anything. The takedown, known as “Operation Alice,” ran from March 9 to March 19, 2026, and involved agencies from 23 countries. Alongside the domain seizures, investigators took control of more than 100 servers and various electronic devices, disrupting much of the infrastructure behind the network. The investigation also exposed the customer side of the operation. Law enforcement identified around 440 individuals who had used the platform, with more than 100 cases still under investigation. Even though the services were fraudulent, attempting to purchase illegal material remains a criminal offense in many jurisdictions. Financially, the operation was low-cost for users but profitable overall. The suspect is believed to have earned over €345,000 from roughly 10,000 customers, offering “packages” priced between €17 and €215, all paid in cryptocurrency. From a technical view, the operator took advantage of the high number of websites, setting up hundreds of thousands of small, short-lived sites. This made tracking harder and created the impression of a much bigger operation. Equipment seized during the operation, alongside location data linked to suspected buyers (Credit: Europol) According to Europol’s press release published on March 20, 2026, an international arrest warrant has been issued for the main suspect, a 35-year-old man believed to be based in China. Authorities are continuing to track both users and any remaining infrastructure linked to the operation. Although the takedown removes a large volume of illicit activity from the dark web, it also shows how easily such networks can scale using automation, cryptocurrency, and anonymized hosting. Similar operations have shown that once one network is dismantled, others step in fast, often using the same tactics under new identities. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts MUST READ Europol Busts Major Online CSAM Racket in Western Balkans Researchers Track Identities of CSAM Users via Malware Logs Man Jailed for Running Dark Web CSAM Sites from Coffee Shop 79 Arrested as Dark Web’s Largest CSAM Network ‘Kidflix’ Busted Dark web data center seized for hosting CSAM in former NATO bunker CaaSChinaCSAMCyber CrimeCybersecurityDark Netdark webEuropolOperation Alice Leave a Reply Cancel reply View Comments (0) Related Posts Cyber Crime Leader of biggest online sextortion ring ‘Nth Room’ jailed for 40 years Cho Ju-Bin was accused of forcing at least 74 females, including 16 minors, into Virtual Enslavement on Nth Room to produce explicit content. byWaqas Cyber Crime Hacking News Man admits hacking former employer’s computer system for revenge In October 2017, Gavin Paul Prince, 37, chief executive of VeriLet, a tenant eligibility service, was accused of… byWaqas Cyber Crime FBI labels Syrian Electronic Army as terrorist organization Syrian Electronic Army, known as pro Bashar Ul Assad group has been labeled as a terrorist organization by… byWaqas Cyber Crime Ransomware attack forces animal porn collector to plead guilty to police A UK man has been charged this week with a non-custodial sentence, after a ransomware infection on his… byWaqas

Indicators of Compromise

• malware — Alice with Violence CP