IRS confirms takedown of bulletproof hosting provider Lolek

A popular bulletproof hosting platform was taken down by authorities in the U.S. and Poland this week, marking the latest effort to limit the anonymous access cybercriminals have to critical tools.

As early as Tuesday, the <Lolek>Hosted website showed a banner from the FBI and IRS.

“This domain has been seized by the Federal Bureau of Investigation and Internal Revenue Service - Criminal Investigation as part of a coordinated law enforcement action taken against Lolek Hosted,” the banner said.

Other participants in the operation were the U.S. Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice, the agencies said. There also was “substantial assistance” by two Polish authorities: the Regional Prosecutor's Office in Katowice and the Central Bureau for Combating Cybercrime in Krakow.

An IRS spokesperson confirmed that the takedown banner was an official seizure notice.

The FBI declined to comment on the notice, and Polish authorities did not respond to requests for comment.

<Lolek>Hosted is a widely used bulletproof hosting provider based in the United Kingdom that has operated since 2009, operating from a datacenter in Europe. The site is heavily featured in informational articles about anonymous hosting platforms.

Bulletproof hosting services turn a blind eye to the content that customers post and promise to protect their identities. The companies are known for renting IP addresses, servers and domains to criminals for disseminating malware, forming botnet armies and carrying out other tasks related to fraud and cyberattacks.

In recent years, U.S. authorities have made a point of going after the people behind bulletproof hosting services, extraditing those involved and handing out lengthy sentences.

In June, the U.S. Justice Department sentenced 39-year-old Mihai Ionut Paunescu to three years in federal prison for his role in helping run bulletproof hosting service PowerHost[.]ro.

Russian national Aleksandr Grichishkin was handed a five-year sentence in 2021 for founding and operating a bulletproof hosting company while Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, were both sentenced to more than two years in prison for running a bulletproof hosting organization that helped launch attacks against U.S. targets between 2009 and 2015.

Last year a 33-year-old Illinois native also was sentenced for owning and operating two DDoS facilitation websites — DownThem.org and AmpNode.com — that also provided bulletproof server hosting to customers.

Daryna Antoniuk contributed to this story.