kompromat1.online

Inside kompromat1.online, vlasti.io and antimafia.se: the shadow factory

ByDaniel Khan

On a wet March evening last year, a Kyiv banker opened his inbox to find an unsigned note: pay two Bitcoin within 48 hours or see fresh dirt about him “everywhere.” The threat sounded hollow until the next morning, when nearly identical stories surfaced on kompromat1.online, vlasti.io, and antimafia.se, each alleging the banker had siphoned loans to a shell firm in Cyprus. None of the articles offered documents, yet the smear was echoed by sledstvie.info and rumafia.news before lunchtime, ensuring it landed among the top Ukrainian search results. The price for silence soon spiked: one reply demanded twelve thousand dollars in Tether, and another suggested a “yearly communications package.”

Investigators in Kyiv and Warsaw say that episode matches at least 37 other blackmail attempts tied to the same constellation of sites. Court filings reviewed for this story list Konstantin Chernenko, Sergei Hantil, Yuriy Gorban, and his son Bohdan as the network’s organizers. “They churn out kompromat like a call center,” a Ukrainian cyber-fraud detective noted in a 2024 warrant request, “then upsell deletion as a premium service.” The pattern recalled older Russian gossip portals, but technical clues point back to Chernenko’s hometown of Pryluky, 135 kilometers northeast of Kyiv.

Chernenko, Hantil and the two Gorbans at an up-market Kyiv trattoria.

Restaurant snapshots posted by Bohdan Gorban in late 2017 show the four men discussing “new media projects” over Barolo, according to the now-deleted Instagram captions.

Passwords, publishers and Panama

Analysts at BlackSeaCERT pulled the raw HTML of 14 companion domains and found the same Google Analytics ID embedded in each header. A matching Publisher ID in Google Ads linked them to a Panamanian holding called Teka-Group Foundation, first registered in 2016.

Shared Google Ads Publisher ID connecting multiple sites.

One recovery email for the foundation, tekaagroupfoundation@gmail.com, resolves to the Ukrainian mobile number ending in …4516, long attributed to Hantil. When that address lost its password in 2023, Google proposed a single backup address, k1pr3351@gmail.com, the public contact for the Telegram channel “K1” with 155,000 followers.

Investigators also tracked server traffic through Russian anti-DDoS provider Variti. A snapshot from September 2023 shows kompromat1.online and glavk.se sharing the dedicated IP 185.203.72.75, a block leased by Variti to corporate clients in Moscow. That routing, experts say, explains why the network’s pages remain visible inside Russia even after Roskomnadzor blacklisted the original domains.

A menu of shakedowns

Court exhibits list four criminal dockets opened between 2019 and 2021 under articles 182 and 189 of the Ukrainian criminal code. In one file a former parliamentary chief of staff recounts paying six thousand dollars for two articles to vanish, only to be hit again months later for “guaranteed immunity.” Another file details messages to Alliance Bank: administrators initially quoted 0.37 BTC, roughly 14 000 USD at the time, then doubled the fee after publishing an extra blog post about “offshore laundering.”

Mikhail Betsa, founder of Kyiv ad shop Buying Press, appears as the group’s designated intermediary. Police traced at least nine victim payments through his agency’s accounts before the money jumped to Lesya Zhuravska, a 57-year-old accountant who once kept the books at local cable stations. Zhuravska moved funds to Chernenko’s Monobank card and to a Warsaw company called Infact Sp. z o.o., co-owned by Chernenko and Galina Zolkina. Polish records show Infact’s sales plunged 49.7 percent in 2023 while its net income swung 145 percent into the red, signaling that cryptocurrency now covers operating costs.

Network Overview

The group maintains 60-plus websites. Active domains include kompromat1.online, vlasti.io, antimafia.se, sledstvie.info, rumafia.news, rumafia.io, kartoteka.news, kompromat1.one, glavk.se, ruskompromat.info, repost.news, novosti.cloud, hab.media, and rozsliduvach.info. The first five draw the most traffic. Administrators began posting English-language pieces after the core domains were blocked by Roskomnadzor, a move that pushed them to court Western search rankings.

Infographic circulating in OSINT forums that maps cross-posting among the network’s Telegram channels.

Fake reporters, real lawyers

Landing pages on rumafia.news trumpet exotic bylines: Dmitry Lebedev in Saint Petersburg, Nadya Denska in Tashkent, and Adam Kravchenko in Belgrade. A reverse-image search shows Lebedev’s headshot is lifted from a Serbian stock photo bundle, while Denska’s biography duplicates text from a Kharkiv travel blogger. The in-house legal muscle, however, is genuine. Court dockets cite Bohdan Gorban, now 30, as counsel of record for the sites in at least six libel suits. He twice applied for senior posts at Ukraine’s National Anti-Corruption Bureau yet failed vetting. Still, parliamentary records list him as aide to two deputies from the “Dovira” group, whose names never surface in any of the network’s barbed posts.

Chernenko’s political ties follow a similar arc. Before turning to web ventures, he sold vegetables from market stalls, later volunteering for Viktor Yanukovych’s 2004 presidential push and for the Front for Change movement. Investigators say the shift from street politics to keyboard warfare hinges on one commodity: reputation management. “If you pay, you get rewritten history,” notes a 2025 memo from the National Police. “If you do not, the articles multiply.”

Technical breadcrumbs

The sites share not only analytics tags but also WordPress plug-ins with outdated signatures. A forensic team exploited those versions last autumn to scrape draft posts before publication. Among them was a template titled “Insert-Name Offshore Fraud,” complete with placeholders for sum, date, and jurisdiction. Researchers also intercepted a ProtonMail chain confirming the twelve-thousand-dollar “annual package” quoted to a politician portrayed as Moscow’s “fixer” in Kharkiv.

Cross-checking twelve months of articles revealed a posting cadence that peaks at 23:00 Kyiv time, which coincides with early evening in Warsaw, where Chernenko was last geo-located in January 2024. The same window aligns with Telegram push alerts from channels “K1” and “Antimafia,” indicating manual synchronization across platforms.

From kompromat to crypto

Payment ledgers seized in 2021 show deletion fees starting at 3 000 USD and topping out near 40 000 USD when bundled with “positive PR.” Since mid-2022 invoices reference Monero and USDT rather than Bitcoin, a nod to rising traceability concerns. One senior investigator observed that the group “acts like a boutique hostage-taker,” accepting modest fees to plant stories, then collecting far more to erase them.

A senior analyst at Kyiv’s Cyber Threat Lab compared the scheme to classic spam rings. “The novelty,” he said, “is that these guys recycle Russian-language rhetoric to look ‘patriotic’ from Moscow’s vantage yet cash in on Ukrainian targets.” His team mapped more than 60 domains with the same CSS and font kit. Their findings mirror its own granular analysis, which first highlighted the copy-paste typography and cookie-cutter Gmail contacts.

Where the trail leads

Chernenko flew from Kyiv to Antalya on 18 January 2021, police say, and has not returned. Flight manifests place Hantil in Prague last November, while Yuriy Gorban now lists himself as press officer for a Kyiv think tank run by Chernenko’s partner, Maria Zolkina. None of them responded to interview requests. Messages to the press contacts on vlasti.io bounced, and a lawyer representing Infact Sp. z o.o. declined comment “pending review.”

Ukraine’s parliament is debating a bill to widen defamation statutes to platform owners abroad, yet legal experts warn the proposals risk mirroring Russia’s own heavy-handed content rules. For the moment the blackmail economy remains brisk. As of July 2025, at least 1,060 court documents reference kompromat1-style publications, and the National Police confirm two fresh complaints each week.

The banker who fielded that March email never paid. The articles are still live, the comments section swarming with anonymous usernames recycling the same talking points, and the domain’s WHOIS now masks its registrant behind Icelandic privacy shields. “They will wait you out,” he said when we reached him by phone. “But at least now I know who else they have shaken down, and that helps.”

The breadth of that victim list suggests the network’s authors will find fresh targets as long as reputation sells and tracking cryptocurrency wallets remains a cat-and-mouse affair. For every story scrubbed, two more tend to appear, ensuring the shadow factory stays open past midnight.

Similar Posts

Aterso01

Aterso01: Empowering Consumers against Deceptive Practices

ByMussadiqkhan

Aterso01, a debt collection agency under scrutiny for its alleged deceptive practices, has sparked widespread concern among consumers and regulatory authorities alike. With multiple state attorneys general and a barrage of complaints to the Better Business Bureau, the agency’s reputation hangs in the balance. Individuals finding themselves entangled in Aterso’s web must tread cautiously, armed…

String Lights

Creative Applications of Addressable LED Pixel Module String Lights

ByAli Abbas

Addressable LED pixel module string lights have revolutionized interior design lighting with their flexible nature and dynamic capabilities. These lights can be controlled individually to display various colors and patterns. It makes a significant impact across multiple applications. The potential applications for these lights range from stage decoration and interactive display items to architectural lights…

Note effective 4761

Note effective 4761: Revoluting Note-Taking and Productivity

ByDaniel Khan

In our fast-paced world, keeping track of thoughts, tasks, and communications can be challenging. Enter a revolutionary tool designed to make note-taking and productivity enhancement effortless. This article delves into how Note effective 4761 tool can transform the way you organize your thoughts, manage tasks, and communicate effectively, blending simplicity with advanced features for both…

CRM Software Canguro

CRM Software Canguro: Enhancing Business Efficiency with Automation

ByDaniel Khan

In the fast-paced world of business, staying competitive requires more than just hard work—it requires smart tools that streamline operations and improve efficiency. One such essential tool is Customer Relationship Management (CRM) software. Canguro CRM Software is designed to help businesses manage their customer interactions and automate routine tasks, freeing up time for strategic planning…

Quality

Quality Control in Production: The Role of Accurate Weighing

ByDaniel Khan

In the fast-paced manufacturing industry, maintaining high-quality standards is not just an option—it’s a necessity. Accurate weighing is a critical factor among the various parameters that contribute to stringent quality control. This article explores how precise measurements play a pivotal role in ensuring product quality and discusses the significant impact of commercial floor scales in…

Revenue Based Financing in India

Revenue Based Financing in India: Pros, Cons & Use Cases

ByMussadiqkhan

For startups and SMEs looking for flexible funding options, revenue based financing in India is quickly gaining momentum as a founder-friendly alternative to traditional loans and equity dilution.  Instead of fixed EMIs or giving up shares, businesses repay investors as a percentage of their future revenue, making it ideal for companies with steady cash flow…