Autarchy of the Private Cave

Tiny bits of bioinformatics, [web-]programming etc

  • Related entries

    No related content found.

    Fake news imposter website

    1st December 2013

    One of the primary independent news websites in Ukraine is Українська Правда (The Ukrainian Truth).

    There exists, however, an imposter website, which blatantly edits news reports to discredit Ukrainian people disagreement with the recent actions of the president and the government.
    I call this website “imposter”, because they have the same name (but in Russian) as the above-mentioned original website, a similar domain name, and they also use exactly the same short-name (“УП”). Not a single serious news website would do so.
    They, however, only post news in Russian, while the original website is published in both Ukrainian and Russian (with blogs available in the language of the blog’s author). It is clear that the idea behind the fake news website ukrpravda.ua is to influence and manipulate the opinions of the Russian-speaking people unaware of the true nature of that imposter website.

    It should be of no surprise that domain name of the imposter is currently hosted by a Russian web-development company “rossiysky.net”:

    $ whois ukrpravda.ua
    % This is the Ukrainian Whois query server #I.
    % The Whois is subject to Terms of use
    % See https://hostmaster.ua/services/
    %

    % % .UA whois
    % Domain Record:
    % =============
    domain: ukrpravda.ua
    admin-c: IIK32-UANIC
    tech-c: UARR133-UANIC
    status: OK-UNTIL 20141008151510
    dom-public: NO
    license: 110961
    nserver: ns1.rossiysky.net
    nserver: ns2.rossiysky.net
    mnt-by: UARR133-UANIC (ua.parkovka)
    created: 0-UANIC 20121008151510
    changed: UARR133-UANIC 20131107145540
    source: UANIC

    % Administrative Contact:
    % ======================
    nic-handle: IIK32-UANIC
    remark: Whois privacy protection service
    remark: http://hostmaster.ua/priv.html
    e-mail: iik32-uanic@priv.uanic.ua
    mnt-by: NONE
    source: UANIC

    % Technical Contact:
    % =================
    nic-handle: UARR133-UANIC
    organization: CL “BTM GLOBAL GROUP”
    organization: ТОВ “БТМ ГЛОБАЛ ГРУП”
    organization: ООО “БТМ ГЛОБАЛ ГРУП”
    address: Not Available
    e-mail: info@parkovka.biz.ua
    org-id: N/A
    mnt-by: NONE
    changed: UARR133-UANIC 20100705153326
    source: UANIC

    Administrative contact of the domain is hidden using “privacy protection service”.
    Technical contact takes us to the “BTM Global Group” domain record (parkovka.biz.ua does not have a website attached to it, but has records pointing at the functional parkovka.ua, which lists exactly the same owner organization):

    $ whois parkovka.ua
    % This is the Ukrainian Whois query server #I.
    % The Whois is subject to Terms of use
    % See https://hostmaster.ua/services/
    %

    % % .UA whois
    % Domain Record:
    % =============
    domain: parkovka.ua
    admin-c: TBGG-UANIC
    tech-c: UARR133-UANIC
    status: OK-UNTIL 20140727121154
    dom-public: NO
    license: 141995
    nserver: ns1.vhost1-ua.parkovka.ua
    nserver: ns2.vhost1-ua.parkovka.ua
    mnt-by: UARR133-UANIC (ua.parkovka)
    created: 0-UANIC 20110727121154
    changed: UARR133-UANIC 20130627103250
    source: UANIC

    % Glue Record:
    % ===========
    nserver: ns1.vhost1-ua.parkovka.ua
    ip-addr: 176.111.63.115

    % Glue Record:
    % ===========
    nserver: ns2.vhost1-ua.parkovka.ua
    ip-addr: 176.111.63.115

    % Administrative Contact:
    % ======================
    nic-handle: TBGG-UANIC
    organization: ТОВ “БТМ ГЛОБАЛ ГРУП”
    address: каб. 216, вул. Орджонікідзе, ,, 67/1
    address: 50005 КРИВОЙ РОГ
    address: UA
    phone: +3 (044) -454-08-82
    e-mail: yastreb@profitmark.com.ua
    org-id: 37064520
    mnt-by: NONE
    changed: TBGG-UANIC 20110726164045
    source: UANIC

    % Technical Contact:
    % =================
    nic-handle: UARR133-UANIC
    organization: CL “BTM GLOBAL GROUP”
    organization: ТОВ “БТМ ГЛОБАЛ ГРУП”
    organization: ООО “БТМ ГЛОБАЛ ГРУП”
    address: Not Available
    e-mail: info@parkovka.biz.ua
    org-id: N/A
    mnt-by: NONE
    changed: UARR133-UANIC 20100705153326
    source: UANIC

    I have no idea how deeply affiliated this “technical” contact is with the fake website.

    Finally, the fake news website is currently hosted through – again – a Russian virtual hosting provider “maxiplace”.
    “maxiplace” hosts at least this specific server at the German dedicated servers provider Hetzner; I’ve removed Hetzner records from whois output, as they are not relevant to the case:

    $ nslookup ukrpravda.ua
    Name: ukrpravda.ua
    Address: 78.46.152.149

    $ whois 78.46.152.149
    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Note: this output has been filtered.
    % To receive output for a database update, use the “-B” flag.

    % Information related to ’78.46.152.144 – 78.46.152.159′

    inetnum: 78.46.152.144 – 78.46.152.159
    netname: XENHOMERU
    descr: xenhome.ru
    country: DE
    admin-c: AR8160-RIPE
    tech-c: AR8160-RIPE
    status: ASSIGNED PA
    mnt-by: HOS-GUN
    source: RIPE # Filtered

    person: Alexey Roshchin
    address: maxiplace.ru
    address: Komsomolskaya 6
    address: 114256 Moscow
    address: RUSSIAN FEDERATION
    phone: +79169223288
    nic-hdl: AR8160-RIPE
    mnt-by: HOS-GUN
    source: RIPE # Filtered

    Do not trust “random” websites you find on the internet – they may want to misinform you on purpose.

    Share

    Leave a Reply

    XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>