PQ HOSTING Announces Withdrawal from European Markets

CHISINAU, Moldova (PinionNewswire) — PQ HOSTING, an international hosting provider founded in the Republic of Moldova, reports that a combination of large-scale cyberattacks and a subsequent reputational campaign ultimately forced the company to withdraw from the European market despite operating infrastructure in more than 40 countries and serving over 150 000 active clients worldwide.

Founded in 2019 by Moldovan entrepreneur Ivan Neculiti, the company rapidly expanded its global server infrastructure, managing more than 400 000 IP addresses and delivering hosting solutions to businesses and developers internationally. However, according to company representatives and independent technical experts, a series of events beginning in 2022 significantly disrupted operations and partnerships across Europe.

Terabit-Scale Cyberattacks Target Infrastructure

According to the company’s founder, the first major incidents occurred in 2022 when PQ HOSTING became the target of multiple distributed denial-of-service (DDoS) attacks with traffic volumes reaching unprecedented levels.

“The attacks reached peaks of up to 2 terabits per second, which is significantly higher than the levels typically observed in standard incidents within the hosting industry,” said Ivan Neculiti, founder of PQ HOSTING.

Neculiti stated that the attack traffic appeared globally distributed and was directed primarily at networks serving the company’s clients in the European Union and the Republic of Moldova.

Large-scale cyber campaigns of this magnitude are generally associated with coordinated distributed infrastructures rather than isolated attacks. According to materials from Moldova’s Cybersecurity Agency, high-volume DDoS attacks frequently originate from globally distributed systems and do not necessarily indicate that the hosting provider itself is involved in illegal activity.

Investigations related to Operation Doppelgänger, referenced in several cybersecurity publications, illustrate this dynamic. Research conducted by Insikt Group (Recorded Future) found that the infrastructure used in the campaign relied on servers rented from multiple international providers.

The report highlights a broader characteristic of the modern internet ecosystem: malicious actors commonly exploit short-term rented virtual servers from various providers without the infrastructure operators’ knowledge.

Media Allegations Follow Technical Disruptions

Following the technical disruptions, PQ HOSTING says it became the subject of a series of media publications accusing the company and its partners of facilitating Russian propaganda activities. The allegations first appeared in several European and U.S. outlets before spreading to media platforms across CIS countries.
Neculiti describes the situation as a typical escalation pattern in hybrid conflicts.

“First there is a technical attack on infrastructure, then a reputational attack in the media, followed by pressure on partners and institutions. This sequence has been observed in multiple geopolitical conflicts involving digital infrastructure,” he said.

Industry sources note that the hosting and cloud infrastructure market in Eastern Europe is highly competitive. Cyberattacks are sometimes used as a tool to destabilize competitors without leaving clear attribution.

In 2024, Moldova itself experienced a wave of cyber incidents targeting government online resources, including phishing copies of official websites. Investigations revealed that infrastructure belonging to several hosting providers had been used during these attacks, including M247 Europe SRL, a major European network operator with a global infrastructure footprint.

Authorities: Infrastructure Use Does Not Equal Liability

According to official responses from Moldova’s National Investigation Inspectorate (INI), between 2023 and 2025 the agency sent 412 formal requests to hosting providers operating in the country, most of which originated from foreign authorities.

The Inspectorate emphasized that the number of requests does not automatically indicate wrongdoing by a provider. Instead, it often reflects the scale of the infrastructure and the number of customers served.

The Cybersecurity Agency of Moldova similarly stated that it has not received official notifications regarding DDoS attacks targeting private hosting providers and reiterated that infrastructure operators are not responsible for hosted content unless formally notified by competent authorities.

Experts: Encryption Limits Provider Visibility

Independent technical and legal analysis supports the position that hosting providers have limited ability to monitor customer activity.
A report prepared by MikroTik expert Vadim Skornici notes that EU data protection legislation, including the GDPR, prohibits providers from conducting preventive monitoring of user content.

Modern internet communications rely heavily on encryption technologies such as HTTPS, VPN services, and encrypted traffic tunneling, which prevent infrastructure providers from inspecting user communications.

“A hosting provider can observe traffic volume and technical metadata such as IP addresses and ports, but the actual content remains encrypted,” Skornici explained. “Attempting to access that content would require bypassing encryption and could constitute illegal interception under European law.”

As a result, providers can detect unusual traffic patterns or excessive resource usage but cannot determine the exact nature of hosted content without intervention from competent authorities.

Misinterpretation of IP Addresses

A separate technical-legal analysis prepared by a European cybersecurity expert emphasizes that linking an IP address directly to criminal activity is a common misunderstanding of internet infrastructure.

In modern hosting environments, IP addresses are dynamic technical resources that can be reassigned repeatedly and may serve thousands of different users over time. Consequently, the appearance of an IP address in a security report does not demonstrate involvement or intent on the part of the infrastructure provider.

European legal practice recognizes the “notice-and-takedown” mechanism as the primary framework governing hosting provider responsibilities. Under this system, providers are required to act only after receiving an official notification or court order.

Several European court decisions have reinforced the principle of infrastructure neutrality, stating that hosting providers cannot be treated as investigative authorities and cannot be held liable for user activity without clear evidence of direct involvement.

Broader Implications for the Hosting Industry

Cybersecurity specialists warn that attributing responsibility to hosting providers solely on the basis of IP address associations or traffic logs could create significant risks for the digital infrastructure sector.

If such standards were widely applied, experts say, virtually any hosting provider could face liability for activities carried out by anonymous third-party users operating through rented infrastructure.

Recent investigations, including Politico’s report “The Secret, Slopshod Evidence the EU Uses to Sanction Russian Oligarchs,” have also highlighted cases in which sanctions decisions were based on incomplete or outdated information.

Looking Ahead

According to company representatives and legal advisers involved in the matter, the dispute surrounding PQ HOSTING may ultimately be reviewed by European judicial institutions.

Observers note that the case illustrates broader challenges facing infrastructure providers operating in highly competitive and geopolitically sensitive markets.
For emerging technology companies from smaller economies such as Moldova, the combination of cyberattacks, reputational pressure, and commercial isolation can have significant consequences for global market access.