“`html

In May 2025, the European Union imposed monetary penalties on the proprietors of Stark Industries Solutions Ltd., a secure hosting provider that emerged a fortnight prior to Russia’s invasion of Ukraine and swiftly turned into a major hub for Kremlin-related cyber assaults and propaganda endeavors. However, recent discoveries indicate that these penalties have had minimal effect in preventing Stark from merely renaming itself and reallocating its assets to alternative corporate bodies overseen by its initial hosting operators.

Emerging just two weeks before the Russian invasion of Ukraine in 2022, Stark Industries Solutions became a frequent provider of extensive DDoS assaults, Russian-language proxy and VPN services, malware associated with Russian-backed hacking factions, and misinformation. ISPs like Stark are referred to as “bulletproof” providers when they develop a reputation for disregarding any abuse complaints or law enforcement inquiries regarding activities on their networks.

In May 2025, the European Union penalized one of Stark’s primary links to the broader Internet — Moldova-based PQ Hosting — along with the Moldovan owners of the company, Yuri and Ivan Neculiti. The EU Commission stated that the Neculiti siblings were connected to Russia’s hybrid warfare operations.

However, a recent study by Recorded Future reveals that just before the sanctions were publicized, Stark rebranded to the[.]hosting, under the control of the Dutch organization WorkTitans BV (AS209847) on June 24, 2025. Reportedly, the Neculiti siblings received advance notice approximately 12 days before the sanctions were disclosed, when Moldovan and EU media announced their anticipated inclusion in the sanctions framework.

In reaction, the Neculiti brothers transitioned much of Stark’s substantial address space and other assets to a new company in Moldova known as PQ Hosting Plus S.R.L., an entity allegedly linked to the Neculiti brothers through the reuse of a phone number from the original PQ Hosting.

“While the predominant portion of associated infrastructure is still linked to Stark Industries, these modifications likely signify an attempt to obscure ownership and maintain hosting services under new legal and network structures,” Recorded Future noted.

Neither the Recorded Future analysis nor the EU’s May 2025 sanctions mentioned another critical aspect of Stark’s network identified by KrebsOnSecurity in a May 2024 profile on the infamous bulletproof hoster: The Netherlands-based hosting provider MIRhosting.

MIRhosting is managed by 38-year-old Andrey Nesterenko, whose personal site states he is an accomplished concert pianist who began performing publicly at an early age. DomainTools indicates that mirhosting[.]com is registered to Mr. Nesterenko and Innovation IT Solutions Corp, which lists addresses in London and Nesterenko’s claimed hometown of Nizhny Novgorod, Russia.

According to the book Inside Cyber Warfare by Jeffrey Carr, Innovation IT Solutions Corp. was responsible for hosting StopGeorgia[.]ru, a hacktivist site for organizing cyberattacks against Georgia that surfaced concurrent with Russian forces’ invasion of the former Soviet republic in 2008. This conflict is regarded as the first war in which a notable cyber assault occurred simultaneously with actual military engagement.

Mr. Nesterenko did not respond to inquiries for comment. In May 2024, Mr. Nesterenko claimed he could not confirm whether StopGeorgia was ever a client because they did not maintain records from that period. However, he asserted that Stark Industries Solutions Inc. was merely one client among many and insisted MIRhosting had not received any actionable complaints regarding abuse on Stark.

Nevertheless, it seems that MIRhosting has once again become the new base of Stark Industries, and that employees of MIRhosting are overseeing both the[.]hosting and WorkTitans — the main beneficiaries of Stark’s resources.

A copy of the incorporation documents for WorkTitans BV acquired from the Dutch Chamber of Commerce indicates that WorkTitans also operates under the names Misfits Media and WT Hosting (given Stark’s historical ties to Russian disinformation sites, “Misfits Media” is somewhat explicit).

The incorporation document states the company was established in 2019 by a [email protected]. That email address corresponds to a LinkedIn profile for a Youssef Zinad, who indicates their personal sites are worktitans[.]nl and custom-solution[.]nl. The profile also links to a website (etripleasims dot nl) that LinkedIn currently flags as malicious. All these websites are or were hosted at MIRhosting.

Although Mr. Zinad’s LinkedIn profile does not mention any employment at MIRhosting, almost all his LinkedIn activity in the past year has involved reposting advertisements for MIRhosting’s offerings.

A Google search for Youssef Zinad unveils several startup-tracking websites that identify him as the founder of the[.]hosting, which censys.io reveals is hosted by PQ Hosting Plus S.R.L.

The document from the Dutch Chamber of Commerce states that WorkTitans’ sole shareholder is a company in Almere, Netherlands, named Fezzy B.V. Who manages Fezzy? The phone number listed in a Google search for Fezzy B.V. — 31651079755 — was also used to register a Facebook profile for a Youssef Zinad from the same area, according to the breach tracking service Constella Intelligence.

In a series of email exchanges leading up to KrebsOnSecurity’s May 2024 investigation on Stark, Mr. Nesterenko included Mr. Zinad in the conversation ([email protected]), referring to him as part of the company’s legal team. The Dutch website stagemarkt[.]nl lists Youssef Zinad as an official contact for MIRhosting’s offices in Almere. Mr. Zinad did not respond to inquiries for comment.

Considering all the above, it is challenging to contest the findings from Recorded Future regarding Stark’s rebranding, which concluded that “the EU’s sanctioning of Stark Industries was primarily ineffective, as associated infrastructure continued to function and services were swiftly reinstated under new branding, with no significant or enduring disruption.”

“`