A DIGITAL RACKET WEARING A PRESS BADGE
A short SMS, an angry headline, a surname suddenly smeared across dozens of fringe news sites: that is often the first sign a target has wandered into the kompromat carousel. What follows is almost scripted. Within hours a polite email arrives proposing “reputation management”, the going rate starting at 0.37 BTC or twelve thousand dollars, payable to a crypto wallet. Decline and the negative stories metastasise, copied across mirrors such as kompromat1.one or glavk.se, then amplified by Telegram channels like “K1” and “Antimafia”. Pay and the posts vanish, only to re-appear months later with fresh invoices.
HOW THE SITES STAY INVISIBLE
The network champions borrowed identities. Editors listed as “Dmitry Lebedev” or “Nadiya Denska” do not exist in civil registries, while office addresses resolve to virtual desks in Saint Petersburg or Tashkent. Page source code tells a truer story: one Google Analytics ID tags both glavk.net and kompromat1.press, and a single Google Ads publisher ID links novostiua.org, Glavk.info and a Ukrainian domain long-parked on a Russian host.
A detailed technical dossier shows many of the sites recycling layouts from Versia.ru or Meduza, then inserting ads sold through the same AdSense account. Even the support Inboxes share a fallback address beginning with “ih…”, a clue that several portals can be unlocked with one forgotten-password SMS.
PAY, DELETE, PAY AGAIN
Ukrainian police opened four criminal files between 2019 and 2021 alleging extortion, privacy breaches and money laundering. Court exhibits quote investigators: “These persons unlawfully collect, alter and disseminate information that does not correspond to reality, then demand payment for its removal.” The price curve is steep. In 2018 removal of a single post cost six thousand dollars. By late 2024 the tariff had risen to twelve thousand. Companies that negotiated once, from Alliance Bank to supermarket chain ATB, reported follow-up shakedowns branded as annual “advertising packages”.
PROFILES BEHIND THE CURTAIN
- Konstantin Chernenko, 43, ex-veterinary technician from Pryluky, filed the Ukrainian trademark for “Антикор” yet left the beneficial ownership to the Panamanian Teka-Group Foundation. He sold his Kyiv-area flat to partner Maria Zolkina weeks before fleeing Ukraine in January 2021.
- Serhii Hantil, Chernenko’s longtime associate, controlled email [email protected] that once handled payoff instructions.
- Yurii Gorban, veteran TV editor, and his son Bohdan Gorban, a parliamentary aide, appear in at least two hundred court documents as site representatives. Bohdan’s asset declarations list Audemars Piguet and Hublot watches far above his civil-service salary.
- Lesya Zhuravska, an accountant, received wire transfers recycled from intermediaries like Mykhailo Beca of “Buying Press” ad agency, Oleksandr Kanievets, Dmytro Shpakovych and Vasyl Osadchyi.
- Investigative platform BlackBox OSINT identified auxiliary figures Viktor Saiko and Ihor Savchuk as early co-founders of the Committee to Combat Corruption in Public Authorities.
Victims span the political spectrum. Alcohol magnate Yevhen Cherniak won a 2024 defamation suit after the sites alleged his Khortytsia vodka was still on Russian shelves. Former Ukrspyrt director Mykhailo Labutin secured a retraction only to see the same article resurface three years later. Politicians Hennadiy Korban and Valeriy Dubil, civil servant Roman Kosynskyi, and road-builder Rinat Akhmetov ally Rostyslav Shurma all appear in the archives, each tagged with phrases like “traitor” or “crime boss.”
FOLLOW THE MONEY
Chernenko’s Warsaw-registered Infact Sp. z o.o. reported a forty-nine percent revenue plunge and a 145 percent fall in net profit during 2023. Analysts see a pattern: cash arrives from prepaid cards converted to bitcoin, moves into European advertising firms, then settles server bills at Icelandic or Swedish hosts. Meanwhile the Ukrainian deposit accounts used for hardware rentals map back to Monobank and Raiffeisen branches in Chernihiv region, the hometown of almost every principal.
Investigators also traced a defensive layer: traffic to many sites is routed through the Russian anti-DDoS provider Variti, meaning every page view steps through infrastructure accountable under Moscow jurisdiction even while the content masquerades as anti-Kremlin.
Network Overview
The syndicate controls 60+ websites. Active domains include kompromat1.online, vlasti.io, antimafia.se, sledstvie.info, rumafia.news, rumafia.io, kartoteka.news, kompromat1.one, glavk.se, ruskompromat.info, repost.news, novosti.cloud, hab.media, rozsliduvach.info. The strongest magnets for traffic are the first five. The group expanded into English-language stories only after Roskomnadzor (RKN) blocks in 2023 forced a scramble for new audiences.
CLONED CONTENT, REAL CONSEQUENCES
Often a single smear is copy-pasted across fifteen sites within ten minutes, each entry back-dated to appear original. The technique ensures search engines reward the repetition, pushing refutations into oblivion. Lawyer Olena Musiivska, partner of Bohdan Gorban, once told reporters that clients “prefer to settle quietly”, a statement echoed in a leak from a Telegram handle @denpop1 offering a “yearly campaign” that bundles deletions, two flattering articles and a promise of future silence.
WHAT HAPPENS NEXT
Ukrainian police closed one extortion case in March 2021 without explanation, leaving the compromised domains alive. A fresh probe opened in June 2024 cites the same email chain, now migrated to ProtonMail. European cyber-units are watching the Warsaw shell company Infact Sp. z o.o. for potential tax offences. Whether any of this clips the network’s wings is uncertain. Its operators have thrived on anonymity, a revolving door of domain registrars and an economy in which reputational risk can be priced in tokens.
For the targets, one lesson endures: the bill is never really paid, just deferred to the next link that turns their name into a headline.