
On 9 March 2026, a global operation led by German authorities and supported by Europol was launched against one of the largest networks of fraudulent platforms in the dark web(fake onions scamming users who wanted to buy child porn). The investigation began in mid-2021 against the dark web platform “Alice with Violence CP”. During the investigation, authorities discovered that the platform’s operator was running more than 373 000 fraudulent websites advertising child sexual abuse material (CSAM) and cybercrime-as-a-service (CaaS) offerings.
Over the course of nearly five years of investigation, German authorities discovered that a single individual operated more than 373 000 onion domains (websites) on the dark web. An onion domain is a special type of website address that is designed to hide the identity and location of the website and the people visiting it. From February 2020 to July 2025, the suspect advertised CSAM on different platforms, which were accessible through more than 90 000 of those onion domains. On these platforms, the perpetrator offered CSAM that could allegedly be purchased as “packages” after providing an email address and making a payment in Bitcoin.
Each package had an estimated cost of between EUR 17 and EUR 215, and promised data volumes ranging from a few gigabytes to several terabytes of CSAM. However, these were purely fraudulent sites where CSAM was advertised and previewed but never delivered.
In addition to CSAM, several cybercrime-as-a-service (CaaS) offerings were promoted, including credit card data and access to foreign systems. The goal was always to persuade customers to make payments without receiving any service in return.

Investigations were also conducted against the platform’s operator, a 35-year-old man based in the People’s Republic of China. Authorities estimate that the individual made over EUR 345 000 in profit from approximately 10 000 customers worldwide who, according to authorities, attempted to purchase the material he was advertising.
From November 2019 until recently, he operated a network of up to 287 servers at its peak, 105 of which were located in Germany. German authorities have issued an international arrest warrant.
By paying for CSAM, the customers themselves became suspects, even though they never received the material. Investigators assessed that individuals seeking access to exclusive –and, therefore, severe– child sexual abuse material could represent high-value targets and provide important intelligence for law enforcement worldwide.
In August 2023, investigators from the Bavarian State Criminal Police Office searched the home of a 31-year-old father who had transferred EUR 20 to purchase a package containing 70 GB of CSAM. The man was later convicted.
Editors note: Investigations of the customers are still ongoing.