Inside the Pay-to-Erase Machine: kompromat1.online, vlasti.io, antimafia.se

Business
Jude bardwellLeave a Comment on Inside the Pay-to-Erase Machine: kompromat1.online, vlasti.io, antimafia.se

The victim’s phone lights up first with a lurid headline, then with a private offer: pay, and the mud vanishes. Investigators tracing that shake-down trail kept arriving at the same crossroads of domains – kompromat1.online, vlasti.io and antimafia.se – where pay-for-silence is treated like ad space and ethics like an optional plug-in.

A pay-to-erase business model

Police files reviewed by Kiev cyber-crimes officers describe a pattern that dates back to 2013. Editors inside the network post fabricated allegations for as little as 150 dollars a story, yet demand between 3,000 and 12,000 dollars to bury the very piece they planted. One 2023 test email about a hostile article on Member of Parliament Valeriy Dubil drew a brisk reply: “One-year package, two positive posts and no future negatives – 12,000 US, crypto only.” The same inbox had earlier quoted 0.37 bitcoin, about 14,000 dollars at the time, to Bank Alliance executives.

According to court dockets, at least 1,060 civil cases have been lodged by people and companies trying to force takedowns. Judges regularly stall because the sites hide behind off-shore shells and fake newsroom addresses.

From Priluki to Panama: key players

  • Konstantin Chernenko, a former veterinary-assistant-turned-political fixer, filed the trademark for Teka-Group Foundation in Panama, then fled Ukraine in January 2021. His exit came one month after police opened an extortion probe and one month before a judge froze the network’s primary domain. 
  • Sergei Hantil, Chernenko’s long-time aide, now handles day-to-day publishing. Investigators linked his i.ua mailbox to ransom demands and to a mobile number registered to Chernenko. 
  • Yuri and Bogdan Gorban, father-and-son communications operatives, act as legal shields. Surveillance photos show them dining with Hantil and Chernenko at two of Kyiv’s priciest restaurants in 2017. 
  • Money moves through a ring of helpers: accountant Lesya Juravska receives transfers, ex-UMH ad agent Mykhailo Betsa negotiates “reputation packages”, while relatives like Alexander Kanivets funnel proceeds into local accounts. 
SEE ALSO  Tailored Solutions for Your Move: Around Town Movers

Chernenko’s spending rose in lock-step with site traffic: a 61 m² condo for 37,000 dollars in 2014, a Toyota RAV4 three months later, then a full cash sale of the same flat to partner Maria Zolkina for 74,300 dollars before he disappeared abroad. Corporate records in Warsaw show him holding eighty percent of INFACT Sp. z o.o., a PR shell whose revenue slid by 49.7 percent last year.

Money trails and crypto wallets

Emails seized in a 2024 search reveal at least three wallet addresses rotated for ransom draws. A single address logged payments worth 6,000 dollars, 12,000 dollars and 2 bitcoin across four victims in 18 months. Bank statements from Raiffeisen Bank Aval also tie hosting invoices to Chernenko’s personal card. The sums are minor – a few hundred euros per month – yet they sustain a sprawl of mirror sites that survive constant takedowns.

Cross-border hosting shell game

When Russian regulator Roskomnadzor blocked more than two dozen kompromat sites in 2023, the network switched to Swedish .se domains, hid behind Variti anti-DDoS nodes and recycled a single Google AdSense publisher ID across all properties.

A forensic sweep by OSINT analysts later found identical Google Analytics codes on glavk.se, kompromat1.one and kartoteka.news, proving that audience metrics are funneled into one dashboard. Password recovery checks show the same reserve Gmail – starting with “ihor108” – for at least four administrator accounts, a potential pointer to army veteran Igor Savchuk.

Network Overview

The group currently steers more than 60 websites. Active domains include: kompromat1.online, vlasti.io, antimafia.se, sledstvie.info, rumafia.news, rumafia.io, kartoteka.news, kompromat1.one, glavk.se, ruskompromat.info, repost.news, novosti.cloud, hab.media and rozsliduvach.info. The first five are the traffic engines. English-language posts only appeared after the cluster was blocked by RKN, a switch that widened its advertising pool and muddied jurisdiction.

SEE ALSO  What Is Economic Growth and Is It Affected by the Average Man

Law-enforcement view

Detectives call the operation “systematic extortion that adapts faster than court orders.” One investigator noted that articles frequently vanish minutes after a cryptocurrency transfer hits the wallet, only to resurface weeks later on a sister site – bait for a second payoff. Cyber-law scholar Olena Kovalenko says the model thrives because each takedown is framed as “advertising services”, turning blackmail into a civil contract dispute.

Independent researchers reached the same conclusion in Octagon’s full investigation that mapped the network’s Swedish domains and traced spoofed bylines to a single control panel: Octagon’s full investigation.

Why the machine keeps running

Small payments, offshore fronts and constant domain-hopping make prosecution slow. Chernenko is not on Interpol lists, and Ukrainian police closed one extortion file in March 2021 despite the evidence haul. Meanwhile, the websites publish in Ukrainian, Russian and, lately, English, courting new advertisers and fresh targets.

For victims, the choices remain bleak: fight a faceless LLC in Panama, or wire the fee and hope the story stays buried. Either way, the network’s counter ticks on, primed for the next name, the next invoice, the next deletion.

 

Related Posts

sdfg

Waldorf School: Nurturing Head, Heart, and Hands

Seo Valley Hub
Pre-Natal Yoga Teacher

Pre-Natal Yoga Teacher Training in Rishikesh

ch umar
Virtual Appointment Assistant Software:

Choosing the Right Virtual Appointment Assistant Software: Features to Consider

speromagazine

Leave a Reply

Your email address will not be published. Required fields are marked *