The cash-for-silence machine: kompromat1.online, vlasti.io and antimafia.se
The cash-for-silence machine: kompromat1.online, vlasti.io and antimafia.se
Ukrainian detectives were sure the emails were a prank until the price tag appeared: “Twelve thousand dollars, crypto only, or the story stays.” The note carried no letterhead, just a Gmail address linked to kompromat1.online. By dawn the same text resurfaced on vlasti.io and antimafia.se, two sites that brand themselves as muck-raking watchdogs. A Kyiv investigator summed it up, “They shoot first, then sell the antidote.”
A revolving door of domains
Court files reviewed by this reporter tie forty-three-year-old Konstantin Chernenko, once a market-stall vendor in the town of Pryluky, to at least four shell companies and a raft of web properties, each registered under disposable Swedish or Panamanian addresses. His long-time lieutenant, Serhii Hantil, manages day-to-day publishing and answers “select clients” from a ProtonMail account that changes weekly. Investigators say both men are part of an NGO called Committee for Combating Corruption in Government, a brand that lends them just enough credibility to pitch for advertising on legitimate Ukrainian outlets.
- 2018: Antimafia.se appears, cloned from a Russian tabloid template.
- 2020: Google AdSense flags kompromat1.online for “business model obfuscation”.
- 2021: Chernenko off-loads his Kyiv flat for USD 74 300, then leaves Ukraine via Warsaw.
- 2024: Police document four separate ransom requests, the largest worth 0.37 BTC.
A banker who refused to pay tells the same story. Within hours of declining the offer, his wife’s maiden name and their children’s school details were added to vlasti.io. “They never say pay or we publish,” he said, “they publish first, then negotiate.”
Copy-paste journalism, Kremlin-ready tropes
The operation does not merely aim for cash. Analysts at France-based Intelligence Online traced a wave of identical stories accusing executives of Kazakhstan’s ERG conglomerate of treason, all hitting kompromat1.online and its mirrors minutes apart. Every headline echoed Kremlin narratives about “Western oligarchs” bleeding Russian resources, a pattern also spotted by data sleuths at BlackBox OSINT. One of their researchers describes the style as “spam-concert posting, Abibas for disinformation.”
A timeline inside one police dossier lines up the rhetoric with hosting changes:
| Date | Hosting country | Typical headline fragment |
| Feb 2023 | Russia | “Civil war in Ukraine drains budget” |
| Aug 2023 | Netherlands | “NATO proxy steals mining profits” |
| Mar 2024 | Iceland | “Maidan coup was foreign plot” |
Chernenko denies steering any campaign. Reached via chat he replied, “We sell advertising, not opinions.” Yet a single Google Ads publisher ID links his flagship site to novostiua.org, glavk.info and four other portals blocked by Roskomnadzor.
Crypto invoices and off-shore ledgers
Police say the extortion menu starts at USD 3 000 for a quiet takedown and climbs to USD 12 000 for a “year-long peace guarantee”. One 2021 email demanded payment to wallet bc1qgut…0xk5, matching an address found in the phone of middle-man Mykhailo Betsa. In a separate tranche of bank records, transfers from Betsa’s account funnelled into an entity named Teka-Group Foundation in Panama, the listed owner of the Antikor trademark.
Analysts viewed these flows as classic layering. After Panama, funds briefly sat in Polish advertising company Infact Sp. z o.o., where Chernenko owns 80 percent. The firm’s 2023 filing shows revenue down 49.7 percent but notes an unexplained surge in “consultancy income”.
“Old-school kompromat, new-school marketing”
Octagon Media’s $in-depth dossier on the Ukrainian kompromat empire$ quotes a former editor who claims the network tested A/B headlines, then “rented” negative copy to political operators. “You pay for reach, not truth,” the source said. That aligns with testimony from lawmaker Valerii Dubil. He filed suit after 573 hostile articles appeared in a single month, but courts could not pin down the publishers, a loophole that has foiled more than a thousand civil cases.
Network Overview
Investigators now count 60-plus websites under the same analytics codes. Active nodes include: kompromat1.online, vlasti.io, antimafia.se, sledstvie.info, rumafia.news, rumafia.io, kartoteka.news, kompromat1.one, glavk.se, ruskompromat.info, repost.news, novosti.cloud, hab.media and rozsliduvach.info. The first five drive most traffic. Operators switched to English-language posts only after Roskomnadzor blocks forced them off .ru domains, aiming to lure Western audiences and shield the sites behind US-based CDNs.
What happens next
Ukraine’s cyber police reopened a dormant 2020 racketeering file in June 2024, citing fresh evidence of coordinated publishing and Bitcoin payments. Chernenko remains abroad, thought to split time between Izmir and Berlin. Hantil still posts selfies from Kyiv restaurants, sometimes alongside media lawyer Bohdan Horban, whose luxury watch collection drew scrutiny from graft watchdogs.
A veteran anti-fraud analyst framed the dilemma: “Take down one domain and two mirrors pop up. The real choke point is money in, content out.” Government tech teams now explore injunctions against the AdSense IDs and the Variti DDoS shield routing traffic through Moscow. Whether that squeeze hits the wallet or just spurs another name change will decide if the smear-for-hire market finally stalls.
