Aeza has been sanctioned by US Treasury for Terrorism and Financial Intelligence together with UK's National Crime Agency
Aeza Group, headquartered in St. Petersburg, Russia, has provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, who have used the hosting service to target the U.S. defense industrial base and technology companies, among other victims globally. Infostealers are often used to harvest personal identifying information, passwords, and other sensitive credentials from compromised victims. These credentials are then often sold on darknet markets for profit, making infostealer operators a key piece of the cybercrime ecosystem.
Aeza Group has also hosted BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace for illicit drugs. Darknet drug marketplaces allow for the anonymous purchase and shipment of narcotics over the internet, making them a present and increasing contributor to drug trafficking to the United States and worldwide. According to Treasury’s Financial Crimes Enforcement Network (FinCEN) and its supplemental advisory on fentanyl, criminal organizations use darknet marketplaces to sell precursor chemicals and manufacturing equipment used for the synthesis of fentanyl and other synthetic opioids, as well as to traffic fentanyl and other narcotics into the United States.
OFAC is designating Aeza Group pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being responsible or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve causing a misappropriation of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.
Aeza International Ltd. is the United Kingdom branch of Aeza Group. Aeza Group uses Aeza International to lease IP addresses to cybercriminals, including Meduza infostealer operators.
Aeza Logistic LLC and Cloud Solutions LLC are Russia-based subsidiaries that are 100% owned by Aeza Group.
OFAC is designating Aeza International Ltd., Aeza Logistic LLC and Cloud Solutions LLC pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Aeza Group, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306.
-
Arsenii Aleksandrovich Penzev (Penzev) is the CEO and 33% owner of Aeza Group. Penzev has been involved in multiple bulletproof hosting and illicit drug marketplace businesses and has been arrested by Russian law enforcement for his placement of illicit drug marketplace Blacksprut onto Aeza Group infrastructure.
Yurii Meruzhanovich Bozoyan (Bozoyan) is the general director and 33% owner of Aeza Group. Bozoyan helped manage the finances of Aeza Group and was similarly arrested for his involvement in Blacksprut.
Vladimir Vyacheslavovich Gast (Gast) is the technical director for Aeza Group and works closely with Penzev and Bozoyan. Gast manages Aeza Group’s internal network and oversaw the technical details of placing Blacksprut on Aeza Group infrastructure.
Igor Anatolyevich Knyazev (Knyazev) is the 33% owner of Aeza Group and is managing the company during the absence of Penzev and Bozoyan.
OFAC is designating Penzev, Bozoyan, Gast, and Knyazev pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being or having been a leader, official, senior executive officer, or member of the board of directors of Aeza Group.
@treesmokah said:
Aeza has been sanctioned by US Treasury for Terrorism and Financial Intelligence together with UK's National Crime Agency
Aeza Group, headquartered in St. Petersburg, Russia, has provided BPH services to ransomware and malware groups such as the Meduza and Lumma infostealer operators, who have used the hosting service to target the U.S. defense industrial base and technology companies, among other victims globally. Infostealers are often used to harvest personal identifying information, passwords, and other sensitive credentials from compromised victims. These credentials are then often sold on darknet markets for profit, making infostealer operators a key piece of the cybercrime ecosystem.
Aeza Group has also hosted BianLian ransomware, RedLine infostealer panels, and BlackSprut, a Russian darknet marketplace for illicit drugs. Darknet drug marketplaces allow for the anonymous purchase and shipment of narcotics over the internet, making them a present and increasing contributor to drug trafficking to the United States and worldwide. According to Treasury’s Financial Crimes Enforcement Network (FinCEN) and its supplemental advisory on fentanyl, criminal organizations use darknet marketplaces to sell precursor chemicals and manufacturing equipment used for the synthesis of fentanyl and other synthetic opioids, as well as to traffic fentanyl and other narcotics into the United States.
OFAC is designating Aeza Group pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being responsible or complicit in, or having engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in part, outside the United States that are reasonably likely to result in, or have materially contributed to, a threat to the national security, foreign policy, or economic health or financial stability of the United States, and that have the purpose of or involve causing a misappropriation of funds or economic resources, intellectual property, proprietary or business confidential information, personal identifiers, or financial information for commercial or competitive advantage or private financial gain.
Aeza International Ltd. is the United Kingdom branch of Aeza Group. Aeza Group uses Aeza International to lease IP addresses to cybercriminals, including Meduza infostealer operators.
Aeza Logistic LLC and Cloud Solutions LLC are Russia-based subsidiaries that are 100% owned by Aeza Group.
OFAC is designating Aeza International Ltd., Aeza Logistic LLC and Cloud Solutions LLC pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being owned or controlled by, or having acted or purported to act for or on behalf of, directly or indirectly, Aeza Group, a person whose property and interests in property are blocked pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306.
-
Arsenii Aleksandrovich Penzev (Penzev) is the CEO and 33% owner of Aeza Group. Penzev has been involved in multiple bulletproof hosting and illicit drug marketplace businesses and has been arrested by Russian law enforcement for his placement of illicit drug marketplace Blacksprut onto Aeza Group infrastructure.
Yurii Meruzhanovich Bozoyan (Bozoyan) is the general director and 33% owner of Aeza Group. Bozoyan helped manage the finances of Aeza Group and was similarly arrested for his involvement in Blacksprut.
Vladimir Vyacheslavovich Gast (Gast) is the technical director for Aeza Group and works closely with Penzev and Bozoyan. Gast manages Aeza Group’s internal network and oversaw the technical details of placing Blacksprut on Aeza Group infrastructure.
Igor Anatolyevich Knyazev (Knyazev) is the 33% owner of Aeza Group and is managing the company during the absence of Penzev and Bozoyan.
OFAC is designating Penzev, Bozoyan, Gast, and Knyazev pursuant to E.O. 13694, as further amended by E.O. 14144 and E.O. 14306, for being or having been a leader, official, senior executive officer, or member of the board of directors of Aeza Group.
Looks like 124x /24 is about to disappear from their network, thanks to one of their LIR's which happens to be an American company.
Ace Data Centers to be specific - https://bgp.tools/rir-owner/us.acedatacenter
They have announced these subnets earlier today, fucking up connectivity for many of Aeza users.
Looks like they aren't announced by Ace anymore, I guess they are giving time to Aeza to migrate or something.
In other news, they got kicked out by Cloudflare too, both aeza.net and aeza.ru are offline.
Current "statement" from their Russian Telegram chat, posted by admin.
❤️ We highly recommend backing up your important data right now.
Also a strong request, first of all on behalf of other customers - if your data is only a panel, without potentially important commercial data, do not clog the channel nodes. So that those who have something important - can pump out what they need as soon as possible.
Please expect official comments soon.
UPD.1: tentatively: the sanctions concern only aeza.ru, and foreign servers purchased on it.
UPD.2: the issue concerns foreign locations on .net and .ru.
UPD.3: temporarily turned off the entrance to the chat room to exclude information attacks from ill-wishers.)
@treesmokah said:
Looks like 124x /24 is about to disappear from their network, thanks to one of their LIR's which happens to be an American company.
Ace Data Centers to be specific - https://bgp.tools/rir-owner/us.acedatacenter
They have announced these subnets earlier today, fucking up connectivity for many of Aeza users.
Looks like they aren't announced by Ace anymore, I guess they are giving time to Aeza to migrate or something.
In other news, they got kicked out by Cloudflare too, both aeza.net and aeza.ru are offline.
Current "statement" from their Russian Telegram chat, posted by admin.
❤️ We highly recommend backing up your important data right now.
Also a strong request, first of all on behalf of other customers - if your data is only a panel, without potentially important commercial data, do not clog the channel nodes. So that those who have something important - can pump out what they need as soon as possible.
Please expect official comments soon.
UPD.1: tentatively: the sanctions concern only aeza.ru, and foreign servers purchased on it.
UPD.2: the issue concerns foreign locations on .net and .ru.
UPD.3: temporarily turned off the entrance to the chat room to exclude information attacks from ill-wishers.)
Small update, aeza.net and aeza.ru are still gone, there is no indication from WHOIS that registry or registar is responsible for the suspension. Aeza team hasn't given any update as to why its still gone.
@treesmokah said:
Small update, aeza.net and aeza.ru are still gone, there is no indication from WHOIS that registry or registar is responsible for the suspension. Aeza team hasn't given any update as to why its still gone.
@treesmokah said:
Small update, aeza.net and aeza.ru are still gone, there is no indication from WHOIS that registry or registar is responsible for the suspension. Aeza team hasn't given any update as to why its still gone.
@treesmokah said:
Small update, aeza.net and aeza.ru are still gone, there is no indication from WHOIS that registry or registar is responsible for the suspension. Aeza team hasn't given any update as to why its still gone.
[IMPORTANT]: Change in the cost of SWE-PROMO
Dear customer!
Unfortunately, due to increased costs from our contractors, the monthly price for the SWE-PROMO tariff will change to €1.99 starting 07.28.2025.
As a bonus and a thank you for your continued support, server bandwidth for the SWE-PROMO tariff has now been boosted to 300 Mbps!
Lame, there are starting to be other options at this price point. Especially when its not DMCA ignored anymore.
Aeza's only competition(in my eyes) are other skid hosts from Lolzteam with Hetzner tunnels, its obviously not a serious provider.
Was good while it lasted, fortunately I have renewed it for a couple more months recently, will retire it when it runs out.
[IMPORTANT]: Change in the cost of SWE-PROMO
Dear customer!
Unfortunately, due to increased costs from our contractors, the monthly price for the SWE-PROMO tariff will change to €1.99 starting 07.28.2025.
As a bonus and a thank you for your continued support, server bandwidth for the SWE-PROMO tariff has now been boosted to 300 Mbps!
No email for me yet, but the panel does show the new price and 300Mbps port. My speed is still capped at 100Mbps though (yabs/speedtest).
Mine is paid up until July 2026, so I'll let it expire then.
Comments
Can it be novichok?
bro think he's navalny
Not only Navalny was poisoned with novichok. Novichok used by russian gov to deal with those who stops paying "nalog" or disobey.
My bad, i joked it only to navalny as he was openly opponent to the putin
But yeah as you said, many oligarch sudden collapse, fall from the apartment, suicide and plane crash etc.
I doubt it. He is alive, and I don't see a reason why Russian Govt would go after him this way.
He doesn't pose a threat to them.
Breaking news: Aeza no longer ignores DMCA
Fresh off their Telegram chat, https://t.me/aezachat/13258

Minimum $10 crypto payments too.
Some more interesting rumors from Russia
But the rumors may be true.
You can use "google translate"
https://m.repost.news/news/83959-bozojan_rabotavchij_s_fishingovymi_sajtami_stal_svjazan_s_chvk_vagner_i_obvinen_v_dezinformatsii
Aeza has been sanctioned by US Treasury for Terrorism and Financial Intelligence together with UK's National Crime Agency
-
https://home.treasury.gov/news/press-releases/sb0185 (archive)
Nice
Am I about to get sanctioned for sending a couple dollars to some sketchy AF Russians?
Yeape yer on the list!!!!
Free Hosting at YetiNode | MicroNode| Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Your honour I swear I didn't know it was overprovisioned!
Looks like 124x /24 is about to disappear from their network, thanks to one of their LIR's which happens to be an American company.
Ace Data Centers to be specific - https://bgp.tools/rir-owner/us.acedatacenter
They have announced these subnets earlier today, fucking up connectivity for many of Aeza users.
Looks like they aren't announced by Ace anymore, I guess they are giving time to Aeza to migrate or something.
In other news, they got kicked out by Cloudflare too, both aeza.net and aeza.ru are offline.

Current "statement" from their Russian Telegram chat, posted by admin.
https://t.me/aezachat_ru/1083519 (archive)
And the shitpile starts to crumble!!
Free Hosting at YetiNode | MicroNode| Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
It depends.
For the right price, I can make things go away.
I accept both cash and credit cards.
Let me know if you need the address to send the credit card.
Posting credit cards to people sure sounds like a legit soviet invention lol
Aeza is moving all the prefixes to their shell in Serbia, "Smart Digital Ideas DOO"

https://apps.db.ripe.net/db-web-ui/query?searchtext=ORG-TA1914-RIPE (archive)
They claim to specialize in VOIP

https://smartdi.rs/ (archive)
And its gone.

https://bgp.tools/rir-owner/us.acedatacenter
Serbia… Well, at least they have connections.
Small update, aeza.net and aeza.ru are still gone, there is no indication from WHOIS that registry or registar is responsible for the suspension. Aeza team hasn't given any update as to why its still gone.
They have setup "mirrors" for their login pages that you can use to access the panel
https://my-aeza.net/
https://my-aeza.ru/
Source: https://t.me/aezahost_ru/857 (archive)
These guys aren't dead yet?
Free Hosting at YetiNode | MicroNode| Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
I guess once you're cooked any additional $ coming in is a free $...there is no incentive not to keep limping along
Guess not glad I don't operate like that
Free Hosting at YetiNode | MicroNode| Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Lame, there are starting to be other options at this price point. Especially when its not DMCA ignored anymore.
Aeza's only competition(in my eyes) are other skid hosts from Lolzteam with Hetzner tunnels, its obviously not a serious provider.
Was good while it lasted, fortunately I have renewed it for a couple more months recently, will retire it when it runs out.
BF-11 deal still remains €1.09/m (or €11.72/yr)
still a way worse deal, but in Vienna
No email for me yet, but the panel does show the new price and 300Mbps port. My speed is still capped at 100Mbps though (yabs/speedtest).
Mine is paid up until July 2026, so I'll let it expire then.
Sanction evasion in plain sight, Aeza is back on Ace Data Centers, under a new shell company Hypercore Ltd (AS211522)

https://bgp.tools/rir-owner/us.acedatacenter
Several of their other subnets were also moved to this ASN and haven't been renamed yet. This asn is 100% being utilized by Aeza.

UK company is registered on a Polish individual Patryk Drozda, I'm yet to find out how deeply he is related to Aeza.
https://find-and-update.company-information.service.gov.uk/company/16558658/officers
Aeza.net is up
Amadex • Hosting Forums • Wie ist meine IP-Adresse? • AS215325
Yup, forgot to write about that. Aeza.ru is also up.
They are both now on StromWall, but their "dirty" ASN almost exclusively occupied by pharma, casinos and shit like that

It used to be anycasted globally, but now it appears to be Russia-only. They have "legitimate" Russian one too.