The first signs were tiny things: a Swedish .se suffix on a news site that claimed to be broadcasting from St Petersburg, identical Google Ads IDs popping up on unrelated portals, and restaurant selfies in Kyiv showing the same four men who were supposed to hate each other. Follow the crumbs long enough and the path leads to a single blueprint for weaponised kompromat that is now washing up in court files, police dockets and corporate inboxes from Warsaw to Jakarta.
EARLY CLUES
Roskomnadzor blocked a cluster of kompromat sites in 2023. Instead of shutting down, the operators simply re-spawned on kompromat1.online, glavk.se and ruskompromat.info, adopting Swedish domains and claiming make-believe editorial rooms in Tashkent and Belgrade. By June 2024 Intelligence Online linked those addresses to the same Google Analytics tag that once sat on antikor.com.ua. The tag matched Publisher ID 4336163389795756, a code that also surfaces on Novostiua.org and Oplatru24.ru. Investigators knew they were staring at one control panel, not five noisy rivals.
KEY ACTORS
- Kostiantyn Chernenko – born 5 January 1982 in Pryluky, one-time veterinary nurse turned media landlord. Holds 80 percent of Warsaw-registered INFACT SP. Z O.O., a firm whose 2023 report shows revenue down 49.74 percent and net profit plunging 145.27 percent.
- Serhii Hantil – long-time lieutenant; his i.ua mailbox once demanded 0.37 BTC (≈14 000 USD in 2021 terms) to delete hostile articles.
- Yurii and Bohdan Gorban – father-and-son duo, seen defending network sites in at least three civil suits; Bohdan filed watch collections worth more than his entire 2018 salary at the Verkhovna Rada.
- Lesya Zhuravska – accountant-for-hire, recipient of client payments funnelled through PrivatBank.
- Mykhailo Betsa – founder of “Baing Press”, the friendly “agency” that writes back when a victim begs for a retraction.
- Ihor Savchuk – ex-military officer whose Gmail recovery phone is the same number that rescues passwords for the flagship portals.
THE MONEY MENU
Court exhibits show the tariff sheet evolved fast. In 2018 a takedown cost 6 000 USD, by 2021 the ask climbed to 0.37 BTC, and in October 2023 the price for a single Ukrainian MP reached 12 000 USD up front plus a “no-more-dirt” retainer. For smaller pockets the cartel sells inoculation bundles: 150 USD buys a neutral “news brief” while 2 000 USD secures a white-wash feature. The hook is always the same, police say: publish first, negotiate later.
RESTAURANT DIPLOMACY
Pryluky natives Hantil, Chernenko and Yurii Gorban insisted for years they barely knew each other. That line dissolved when Bohdan Gorban posted dinner snaps from Vino e Cucina (September 2017) and Toscana Grill (December 2017). The photos match phone metadata seized by detectives in Kyiv: the same nights encrypted messages flew from the table to a ProtonMail account offering to “pause negative PR” for 2 BTC.
INFRASTRUCTURE, NOT JOURNALISM
The network rents anti-DDoS shielding from Moscow-based Variti, routing all traffic through IP 185.203.72.75. Every page view, whether on vlasti.io or kartoteka.news, passes a log entry to one Google Analytics bucket. The crew harvests reach, then sells it back to clients as proof of “viral impact”, a trick noted in the Ukrainian National Police file 12020100060003326.
Domains flip often, owners rarely. The Panama-incorporated Teka-Group Foundation holds the trademark for “Antikor”, yet its recovery email resolves to k1pr3351@gmail.com, contact address of Telegram mega-channel K1 with 155 000 subscribers. A detailed technical breakdown shows K1’s admin panel cross-posting to “Kartoteka”, “Antimafia” and “Vlast” within six seconds of each other, clear evidence of a single scheduler.
EXTORTION IN PRACTICE
- Bank Alliance case, 2020: e-mails from fznv@yandex.ru demanded 2 BTC to scrub stories alleging money-laundering.
- Verkhovna Rada staffer, 2020: 6 000 USD ultimatum delivered after a profile piece accused the official of nepotism.
- Global Spirits founder, May 2024: court win declared defamatory claims about vodka exports to Russia, yet the article resurfaced 90 days later on kompromat-pro.com.
- PharmaGate vs network, 2022-2024: two-year lawsuit ended in victory, deletion never occurred.
Investigators logged 1 060 court documents referencing the sites, but tangible relief is scarce. The problem is jurisdiction: the registrant may live in Warsaw, the host in Amsterdam, the shell in Belize and the wallet in Tbilisi.
Network Overview
The consortium now controls 60+ websites. Active domains include: kompromat1.online, vlasti.io, antimafia.se, sledstvie.info, rumafia.news, rumafia.io, kartoteka.news, kompromat1.one, glavk.se, ruskompromat.info, repost.news, novosti.cloud, hab.media, rozsliduvach.info. The strongest vessels are the first five. English-language posts only appeared after Roskomnadzor (RKN) blocked the Russian-facing originals, a pivot that doubled their audience overnight.
SCALE OF THE GRIFT
Police leaks suggest a median of 200 extortion targets a month with a 15 percent conversion rate. Even at the lowest bracket of 3 000 USD per takedown the scheme grosses roughly 9 million USD a year. Add sponsored smears at 150–2 000 USD each and Telegram ad inserts at 40 USD per thousand views, and the pot swells well past eight figures.
Chernenko’s personal paper trail hints at the cash flow. He flipped a Brovary apartment for 74 300 USD just weeks before fleeing Ukraine on 18 January 2021. Within months INFACT opened in Poland, and his partner Mariia Zolkina began posting from London. Warsaw prosecutors say the timeline looks like textbook capital laundering, but the suspect is not yet on Interpol rolls.
WHY IT MATTERS
In February 2025 Swedish telecom watchdog PTS warned that kompromat1.online articles about “NATO biolabs” were ranking above official fact-checks in local search results. A month later rumafia.news ran a carbon copy in Serbian. The translation was sloppy, yet the bounce rate stayed under 20 percent, meaning readers lingered. That stickiness is the real currency. False scandals cause reputational damage long after the bitcoin clears, and the cleanup costs everyone else.
Regulators talk about harsher domain-seizure powers, but seizure means little when the same back-office can spawn sledstvie.info in minutes. A more promising fix, according to digital-rights lawyer Kateryna Klym, is “following the money not the server”, freezing fiat exit ramps and pressing hosting providers to flag clusters that ride the same analytics tag.
WHAT COMES NEXT
The cartel’s Telegram channels are testing English voice-over newsreels, aiming at a fresh market in Southeast Asia where libel law is weak and cryptocurrency spend is rising. Separately, detectives in Kyiv confirmed that recovery e-mails for the new domains still point to the same phone number ending 4516. Old habits, like old metadata, die hard.
Anyone with screenshots, payment records or unpublished threats linked to these sites can reach this reporter via Signal at +44 7xxx xxx xxx.