30 June 2025
On June 19, Russian independent media outlets IStories and Verstka published a joint investigation detailing how a sprawling network for selling sex with minors was built in Russia and how some of its high-profile clients — such as Russian oligarch and billionaire Oleg Deripaska — had escaped justice. Within hours of publication, both organizations suffered a coordinated Denial-of-Service (DoS) attack designed to disrupt access to their websites.
During a four-hour span, IStories received a Denial-of-service attack consisting of millions of malicious connections from over 3,000 IP addresses. One-third of the traffic originated from a single provider: Biterika Group LLC, a Russian hosting company long associated with anonymization and abuse-prone internet infrastructure.
During the attack, we confirmed that the traffic was sourced from networks connected to “Piter IX”, an internet exchange point run by Latvian Piter-IX, SIA. At the time of the attack Biterika flooded the websites using mainly “Transroute Telecom LTD” as upstream. Transroute is an Autonomous System (AS) sponsored and maintained through Petersburg Internet Network (PIN).
All the IP addresses involved in the flood had TCP port 9100 open and exposed a Proxy Authentication Banner.
The Biterika Group offers a proxy service in the domain names proxy{.}family, proxy{.}bingo and proxy{.}house.
Upstream providers
An unexpected finding during the investigation of the attacks was to discover that Transroute Telecom LTD was not the only upstream provider routing the traffic of Biterika proxy service. A fraction of the IP addresses involved in flooding were routed via AS31500, Global Network Management Inc (GNM). a company registered in Antigua and Barbuda, running network resources of Telegram.
The following IP addresses that participated in the attack were reachable via AS31500 (GNM).
188.130.189{.}137
188.130.189{.}231
194.32.229{.}3
194.32.229{.}79
194.34.248{.}11
194.34.248{.}83
194.34.248{.}88
212.115.49{.}20
212.115.49{.}80
45.90.196{.}193
45.90.196{.}239
For example, 188.130.189{.}137, an address involved in the attacks, was routed via 109.239.138{.}130, an address operated by Global Network Management (Customer at Bergoltz 9).
Another indication that Global Network Management is providing services to Biterika can be found in the announcement in June 2024, that DataIX had new members: CyberFirst, Biterika, KNSERV and Macarne.
AS6939 (HE) - AS50509 (Transroute)
AS31500 (Global Network)
AS35048 (Biterika)
Prefix | ASPATH
;GNM
188.130.189.0/24 | 8220 1299 1273 31500 35048
194.32.229.0/24 | 8220 1299 1273 31500 35048
194.34.248.0/24 | 8220 1299 1273 31500 35048
212.115.49.0/24 | 8220 1299 1273 31500 35048
45.90.196.0/24 | 8220 1299 1273 31500 35048
;HE/Transroute
109.248.128.0/24 | 293 6939 35048
109.248.129.0/24 | 293 6939 35048
109.248.138.0/24 | 293 6939 35048
109.248.139.0/24 | 293 6939 35048
109.248.166.0/24 | 293 6939 35048
109.248.167.0/24 | 293 6939 35048
109.248.49.0/24 | 293 6939 35048
109.248.54.0/24 | 293 6939 35048
109.248.55.0/24 | 293 6939 35048
188.130.184.0/24 | 293 6939 35048
188.130.185.0/24 | 293 6939 35048
188.130.186.0/24 | 293 6939 35048
188.130.188.0/24 | 293 6939 35048
188.130.210.0/24 | 293 6939 35048
188.130.218.0/24 | 293 6939 35048
188.130.220.0/24 | 293 6939 35048
188.130.221.0/24 | 293 6939 35048
46.8.10.0/24 | 293 6939 35048
46.8.14.0/24 | 293 6939 35048
46.8.15.0/24 | 293 6939 35048
46.8.155.0/24 | 293 6939 35048
46.8.156.0/24 | 293 6939 35048
46.8.157.0/24 | 293 6939 35048
46.8.193.0/24 | 293 6939 35048
46.8.22.0/24 | 293 6939 35048
46.8.23.0/24 | 293 6939 35048
46.8.56.0/24 | 293 6939 35048
46.8.57.0/24 | 293 6939 35048
95.182.125.0/24 | 293 6939 35048
95.182.126.0/24 | 293 6939 35048
95.182.127.0/24 | 293 6939 35048
Who runs Biterika?
Yuliana Vyacheslavovna Vereshchagina (formerly Zimmerman) has served as general director, without holding ownership stakes, of two legally distinct Russian companies, both named “OOO Biterika Group”.
- First Biterika Group (2014–2016)
This entity was registered in Moscow in 2014 and was wholly owned by Aleksandr Evgenyevich Seleznyov. It operated in the IT and software consulting sector but was liquidated in 2016 due to inactivity. - Second Biterika Group (2016–Present):
Less than a year after the first company’s closure, a new company with the identical name was registered in December 2016. This time, the sole owner was Valentina Alexandrovna Aleshina. Despite the change in ownership, Yuliana Vereshchagina was reappointed as director, continuing her executive role from the original entity.
A central figure behind Biterika is Alexander Alekseevich Aleshinin, who operates under the aliases “aleshin8” and “mralexsmile”. He is closely involved in several company projects, including the newly registered Belarusian company «ООО Бибро Групп» (Beebro Group).
The connection between Aleshinin and the original Biterika owner, Seleznyov, can be traced to their joint venture “ООО Гудино”, a company that obtained a TV and ISP license before shutting down in 2016. The company is now used to operate a real-state property known as the Usadba Krepost. Following the re-founding of Biterika in 2016, ownership shifted from Seleznyov to Valentina Ivanovna Aleshina, Aleshinin’s mother.
The precise role of Yuliana Vereshchagina within Biterika remains unclear. However, research revealed her involvement in several short-lived, cosmetics-related companies, including Urban Optimedia. Another related entity is Bonaromat, originally founded by Stanislav Sergeevich Vishnevsky. Although the legal entity has been liquidated, the associated domain bonaromat[.]ru remains active.
Who is Vivi?
Valentina Ivanovna Aleshina (Vivi) is a Russian software engineer at the NPK “Technology Center,” contributing to CAD/SAPR development (specifically the Kovcheg system). The Kovcheg software is used with Russian BMK chips, a domestically produced FPGA alternatives used for military electronics. The center is in Zelenograd, a district of Moscow known as the center of Russian electronics and microelectronics industries.
While she is not personally named on any international sanctions lists, her work and network assets are directly tied to a the Scientific-Manufacturing Complex “Technology Center” at the “Moscow Institute of Electronic Technology” (МИЭТ), a Russian institution that was officially sanctioned by the United States in 2023.
Transfer of MIET IP resources
In July 2019, Aleshina registered an autonomous system (ASN) with the RIPE Network Coordination Centre, designated AS208475. This ASN was assigned nearly 10,000 IPv4 addresses across multiple netblocks, a sizable amount for an individual operator. The registration details list Aleshina personally as both the technical and administrative contact, and crucially indicate her official address as Shokina Square, House 1, Zelenograd, Moscow, the same location as the Scientific-Manufacturing Complex “Technology Center”, her place of employment.
After less than two years, these addresses were soon announced by the “Biterika Group”, a company she officially owns since 2016. The AS208475 was then closed and is currently recycled by another organization.
Aleshina has been working as a software programmer for the Scientific-Manufacturing Complex “Technology Center”, a state-affiliated research and production facility engaged in advanced technology development. The institution was sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on May 19, 2023, under Executive Order 14024. The designation blocks all U.S. assets and prohibits U.S. persons from engaging in any transactions with the organization, citing its contributions to Russia’s strategic technological capabilities.
Our investigation reveals that AS208475 (2019-2021) was always closely connected to Biterika Group LLC (ASN 35048). Aleshina’s ASN peered with Biterika’s and in March 2021 large portions of its IP space were absorbed into Biterika’s infrastructure.
Biterika, which still operates today, is flagged by cyber intelligence platforms like Scamalytics as a high-risk hosting provider, with a fraud risk score of 86 out of 100. It is commonly associated with anonymization services, proxy abuse, and infrastructure enabling potentially malicious internet activity.
inet6num: 2a0e:8141::/32
netname: ALESHINA
country: RU
admin-c: AV11900-RIPE
tech-c: AV11900-RIPE
status: ALLOCATED-BY-LIR
mnt-by: MNT-BITERIKA
mnt-by: mnt-ru-pealeshina-1
created: 2019-09-05T09:50:41Z
last-modified: 2023-02-27T13:35:27Z
source: RIPE
While Valentina Aleshina herself has not been designated by OFAC or any other sanctions regime, her use of a sanctioned state institution as a registered base for private internet infrastructure, along with her apparent role in seeding address space into a high-risk hosting provider, raises significant attribution and compliance concerns. Her case illustrates how individuals working within state-affiliated entities may act as technical intermediaries for broader, potentially illicit network operations.
In summary, Aleshina’s personal infrastructure activities are deeply intertwined with a sanctioned Russian government-linked institution and a known abuse-prone internet service provider. Her case serves as a cautionary example of how sanctioned entities may still exert operational influence through affiliated individuals and independently registered technical assets.
Media coverage
[30 Jun] iStories.media, Аффилированная с ВПК России компания участвовала в DDoS-атаке на сайты «Важных историй» и «Верстки» (Russian)