Part 1 of 7
In continuation of the last submission, regarding the list of 20+ connected domains that spread fake news, I looked further into the characteristics of those domains and those submitters on Voat. I am not sure what to expect with this submission, other than presenting my findings and voice my opinions with the data I have collected at hand. You may notice that the archive dates are spread out across a whole week, that is because it was done in bits and pieces.
Notice that this data may be incomplete, as most of the 20+ domains were already offline or wiped, shortly after the last submission. Because of the number of domains involved, I made minimal effort to archive those sites. Lately, I had to resort to the timestamps from the search engine.
tl;dr: a collection of domains, controlled by a small group of users, could be used to spread fake news, bypass spam rule, or track and dox other users. Use vpn, tor, or anon proxies when possible, especially for high profile users.
Let's start by defining the metrics used to flag a domain, along with the submitters. A domain is flagged as suspicious, along with the users involved, if it exhibits one or a combination of the following characteristics:
- First submission to Voat being too close to domain's registration date: This strongly suggests that the submitter is directly or indirectly affiliated with the domain involved. This submitter either owns the domain or pushes the domain for its owner.
- Low traffic site recently been updated, closely followed by a submission to Voat: This suggests a weak but similar condition as #1.
- Site's wayback activity sparsely archived, with submission too close to the archived date: It suggests that the site showed some recent activity.
- Site's traffic history, followed too closely to the submission date: When a low traffic or barely active site made a submission on Voat, its traffic increases, followed by its decline back to zero or low traffic steady state.
- Multiple domains sharing the same set of IPs: Sharing IPs is common in shared hosting, but having those domains coincidentally showed up by a user or a small group of users, is not so common. This technique was probably used to circumvent Voat's spam rule, or possibly to disguise something else, such as repackaging of MSM news behind no-name domains.
Status of domains been investigated:
- Domain1 akniinfo.com, taken offline, short-lived.
- Domain2 cbinfo24.com, taken offline, short-lived.
- Domain3 coolinfo24.com, taken offline, short-lived.
- Domain4 cukam.com, taken offline, short-lived.
- Domain5 cvikas.com, taken offline, short-lived.
- Domain6 cvikasdrv.com, taken offline, short-lived.
- Domain7 dailyinfo24.info, re-purposed, but traffic continued.
- Domain8 fergieinfo.com, taken offline, short-lived.
- Domain9 lifeinfo24.net, taken offline, short-lived.
- Domain10 ludinfo24.com, taken offline, short-lived. First submission made 3 days after domain registration.
- Domain11: mminfo24.com, taken offline, short-lived.
- Domain12: policeglobal.com, still online on 2019-01-19.
- Domain13: scandallinfo.com, online but data wiped, short-lived. First submission made only 12 hours after domain registration, very interesting!
- Domain14: tapainfo.com, taken offline, short-lived. First submission made 4 days after domain registration.
- Domain15: thenyherald.com, taken offline, short-lived. First submission made only 2.5 days after domain registration.
- Domain16: tvrtinfo.com, taken offline, short-lived.
- Domain17: usapatriotsvoice.com, taken offline on 2019-01-21.
- Domain18: vtamedia.com, taken offline on 2019-01-21.
- Domain19: classic2017.info, taken offline.
- Domain20: ilovemyamerica.net, suspended.
- Domain21 libertyinfonews.com, still online, but short-lived. First submission to Voat, 8 days dated from site's earliest article.
This list came from previous submission, where the domains were flagged for sharing a subset of identical articles that contained fake news. These domains also showed very short user engagement, suggesting clickbait nature.
Suspects found, evaluated by timestamps associated with domain registration, wayback archives, and site's traffic profile: Kilroy_1962, RussianIvantheCrazy, GizaDog, Dailytacs, yurisrevenge, nogarbagetrashonly, theoldones, Russianbots, Mogumbo, Sw0rdofDamocles, mattsixteen24, and Kippering. I tried to minimize the number of suspects and usually only flagged the first submitter to the domain.
- Kilroy_1962
- RussianIvantheCrazy
- GizaDog
- Dailytacs
- yurisrevenge
- nogarbagetrashonly
- theoldones
- Russianbots
- Mogumbo
- Sw0rdofDamocles
- mattsixteen24
- Kippering
Looking further into the suspects, I dumped all of the domains from their submission histories. There were 900+ domains, first sorted by domain names, then by IP addresses. As it was too much work to look at them individually, I only picked those domains that seemed unusual, or domains that shared similar names and/or with the same set of IPs. Many of the domains that were picked showed very similar characteristics as the ones that were previously investigated. They were relatively new domains made it to Voat, with a spike in their traffic histories. Some were strikingly clear to see that they were pushed by specific user. In one specific case, three domains were cascaded together, af-mg.com forwarded to dc-chronicle.com, with dc-chronicle.com's data on thenarrativetimes.org. Very interesting to say the least!!
List of domains picked up from suspects' submissions, that showed very similar behaviour to those of 20+ domains. Initial submissions were usually posted to Voat between days to 3 weeks, after domain registration or before traffic spike.
- Domain22: americanews.network, offline, short-lived. First submission posted 10 days from domain registration.
- Domain23: amirror.link, offline with bad gateway. First submission 6 days from domain registration.
- Domain24: animeright.news, currently online, a shitpost website.
- Domain25.1: americafastnews.net, offline, no ssl. Appeared to be 1 of 4 domains sharing same backend, see data log at the end. First submissions posted to Voat within 2 to 3 weeks of domain registration.
- Domain25.2: conservativegeneration.net, offline, no ssl.
- Domain25.3: conservativemind.net, offline, no ssl.
- Domain25.4: topalertnews.com, offline, no ssl.
- Domain26.1: newsusatoday.co, offline, expired. First submission 5 days from site's traffic spike.
- Domain26.2 viraldailynews.co, offline, expired.
- Domain27.1: politicalbelief.site, offline. First submission 12 days from domain registration.
- Domain27.2: trumptroopers.com, offline. First submission 4 days from domain registration.
- Domain27.3: viralview.site, offline.
- Domain28: viralusfortrump.com, offline. First submission 4 days from domain registration.
- Domain29.1: loveconservative.site, offline. First submission 13 days from domain registration.
- Domain29.2: politicaltribes.site, offline.
- Domain30: freedom-daily.com, re-purposed. First submission 21 days from previous domain registration.
- Domain31.1: democratdossier.org, online. First submission between 1 week to 1 month.
- Domain31.2: truthseries.net, online, no ssl. First submission 13 days before traffic spike.
- Domain31.3: yellowvestmarch.com, online. First submission 15 days after domain registration.
- Domain32: nationonenews.com, offline. First submission 7 days after domain registration.
- Domain33: thenarrativetimes.org, online, connected to dc-chronicle.com, which itself was connected to af-mg.com. First submission 11 days before traffic peaked.
- Domain34: nationonenews.org, offline. First submission 1 fucking day after domain registration.
- Domain35.1: dc-chronicle.com, online, redirected from af-mg.com.
- Domain35.2: af-mg.com, connected to dc-chronicle.com.
- Domain36: dailycallernewsfoundation.org, online.
- Domain37: redstatenation.com, online. First submission 8 days after domain registration.
- Domain38: defiantamerica.com, online.
So it appears to me that there is likely a user or a small group of users, who are here to push contents, by hopping through disposable/burner domain names. Some of those domains pushed fake news, some pushed low quality contents or other bullshits. Some would circumvent spam rule with collection of domains at disposal. This is something that other goats can point out periodically. I am not too worried or concerned about that. But I am in a way concerned with its implications.
Cont to part 2: https://voat.co/v/ProtectVoat/3001782/16431060
view the rest of the comments →
kneo24 ago
I'm not sure if these are set up to track and dox users - I don't know. One thing that I think is clear, these sources exist to push narratives (whether they true or not). I suspect Voat has long had an issue of people using multiple accounts to form consensus on narratives. People would love to pretend that is somehow a Reddit only thing, but there is nothing in place to prevent it on Voat, and to be honest, quite a few NPC's here who will upvote anything that conforms to their narrative.
You might have a few false positives in this list, and you might not. I'm going to ping the faggots in question so they can explain themselves. Let's see how many get their panties twisted.
@Kilroy_1962 @RussianIvantheCrazy @GizaDog @Dailytacs @yurisrevenge
MadWorld ago
Thanks!
Some more users from previous submission who may be interested: @GoylentGreen, @theoldones, @Lazmat, @Peaceseeker, @SchwazaRifleCoffeeCo
kneo24 ago
You missed @Scrooblemeyer, who, if I remember correctly, refuses to check sources for accuracy.
MadWorld ago
Thanks!
SchwazaRifleCoffeeCo ago
Doxing is against voat rules.
MadWorld ago
Yes, doxxing is against Voat's rule. But it does not prevent other users from doing so.
kneo24 ago
It's funny how they're more or less using the, "this is a gun free zone!" logic.
theoldones ago
am i summoned as some accusation of being an accomplice in this?
MadWorld ago
Your username came up, when I was sorting through those fake news domains. Please see the part where the metrics were used to flag a domain and its submitters. Your name got hit at least twice. One particularly interesting hit was when you made the first submission within 12 hours after domain registration. The data for each domain starts at part 3 of 7.
theoldones ago
i aint an accomplice to anything and you can fuck off.
heygeorge ago
Part of me wonders if these links are boosted elsewhere in order to gain some organic upvotes. I’m curious how @theoldones found and submitted the link within 12 hours of the domain being registered. I have some pet theories, but I’d like to hear from theoldones and some others first.
theoldones ago
suck a running fucking car tailpipe.
heygeorge ago
It appears you don’t wish to answer as to how you came upon this. I find that a bit peculiar. And I don’t know why you are wishing ill on me when all I did was make a non-accusatory statement.
theoldones ago
if your fucking accusing me of some shit, just fucking say it. stop being fucking cryptic and sly
MadWorld ago
So instead of answering to @heygeorge's courteous inquiry, you resolved to cheap insult, asking him to suck a tailpipe? Instead of answering the question, you had to make two submissions [1] [2] and PM me with a reminder? All that walk around the circle is not necessary.
If you did not bother to look through the parts where you were flagged, let me point it out for you.
You made a submission from ludinfo24.com, 15 days after its domain registration. The first hit did not flag your username. That is why it was not in boldface text.
But Domain13 did flag you as a suspect:
You made the first submission to Voat, only 12 hours after the domain registration date! This fits the metric #1, used to flag the domain and its submitters (see part 1 of 7 in the main message body). Then the site's traffic spiked (metric #4). And shortly after my last submission, the data from that website was wiped clean. Coincidence??
After a usersname being flagged as a suspect, I would also include it further down the list, if the dates were closely related. This is also why your name was flagged again on Domain31.3.
Do you still not see why your name was flagged? Do you still want to call all this bullshit? I cannot state enough, that I do not have any sort of grudge against you! I only followed the data, and that is what it took me here.
And if this was not enough, I also have the histogram data of your activity on Voat. Unlike regular users, whose activity histograms will show a reasonable 6 to 10 hour break, your activity histogram is all over the place. This can mean either of two things, that either your account is shared or you do not have regular sleep cycles. I have not look deep enough into this data to make the distinction between the two.
At this point, it should be abundantly clear, that I only followed the data to come to this conclusion.
If you care to explain yourself, please do. I promise, I will come back here to check your update. Thanks!
@heygeorge
theoldones ago
should've used a fucking ping then, you idiot.
am i seriously being asked why i post information that seems interesting?
MadWorld ago
No need to ping you when I was directly replying to you.
As promised, I come back to check your update. A bit late, obviously, my medicine kept me drowsy.
Not sure exactly how to reply back to you, since you kind of flooded my private inbox and pings. So I am going to let @SearchVoat's crosslink do its magic, to keep the comments in one place.
Your comments/pings:
Some of the notable PMs, first seemed annoying, then it was amusing:
So basically, the message you tried to get across was this:
So are you going to continue with sending me PMs? It makes you look more like a nigger, you do know this right? It makes you look childish and guilty. Instead of answering @heygeorge's question (What precipitated your posting of scandallinfo.com on December 15th? Where did you find the link?), you rant on and on, with more posts, giving more publicity to my submission. I just sat back to let you vent all that anger out of yourself. I hope you are calmer now... Though if not, feel free to spam my inbox, like an actual nigger. But be more creative please.
The data shows 3 coincidences connected to your username. First being exceptionally close to domain registration date, this usually only happens when the party involved has some intimate knowledge of that website. Next, it was followed by traffic spike, bearing resemblance to numerous other phony domains. And finally, this website's data was completely wiped. This set of coincidence was enough to flag you as suspect for further inclusion of other possible domains. Maybe you did not understand how bad this looked on you.
So you possibly got that link from another website. Your emotional response seemed genuine. I am going to note it as false positive for now. You are welcome to throw back feces at me; but please do try to provide reasonable proof to support your claim.
Thank you!
@kneo24 @sguevar
The magic of crosslink:
Rotteuxx ago
Like Triggly said, I didn't want to belittle your hard work, just trying to get her back on here instead of lurking all over the place :)
MadWorld ago
Thanks :-)
kneo24 ago
You are being purposely obtuse here at this point.
sguevar ago
I have tried to reason with him already. I give him the benefit of the doubt that he didn't intentionally tried harming voat with desinformation but he still fails to see that he did use suspicious links.
So I wouldn't bother in continuing the matter with him.
Now on your approach @MadWorld, I liked it very much thanks for the compilation of information.
MadWorld ago
I saw it in a couple of other threads, thank you for trying to explain it to him!! I tried to keep it objective when compiling the data. If you walk through the list, you can even see some names of good goats, though the threshold was not high enough to flag them.
sguevar ago
No problem, at least I could help him prove he really didn't know. Now it may be a LARP - good one I must add if he is or they are since you flagged his abnormal activity on Voat in a past comment I read. - but he does have the benefit of the doubt for his intentions.
I did check the research, quite exhaustive and well presented, I don't see how he couldn't understand the analysis but then again he did overreacted to the matter. One can always argue that one didn't know about it, which in his case seems fairly applicable (reasonable doubt) but wow it was tiring to explain.
Had to use the analogy of a involuntary manslaughter on this thread to give him a better picture: https://voat.co/v/BloodOfEurope/3003627/16469621/10#16469621
In the end he didn't reply back which either means he blocked me or that he understood.
MadWorld ago
I missed your involuntary manslaughter analogy, too many PMs and pings. Thanks again for trying to explain it to him :-). Much appreciated!!
kneo24 ago
One of two things going on at this point, bonafide shill, or someone who refuses to take a step back and calm down to assess the situation, which makes them nigger tier. I say this because I saw the conversations where multiple people took the effort to calmly discuss this with him. In the past, the obvious SCP farmers I (and others) have called out always react in this same manner.
sguevar ago
This > which makes them nigger tier
Cracked me up so much. Well even after his childish behavior he deserves the benefit of the doubt.
Let's see what he does with it.
kneo24 ago
Like you pointed out to him multiple times, his reaction to all of this has made others more suspicious.
sguevar ago
Yeah that is true
theoldones ago
https://voat.co/v/BloodOfEurope/3003627/16469537
well then take a final statement on the matter because i'm fucking done talking about it
heygeorge ago
Me:
You:
I am only curious. Very directly, this is what I am asking:
What precipitated your posting of scandallinfo.com on December 15th? Where did you find the link?
https://voat.co/v/BloodOfEurope/2913709/
MadWorld ago
It was not the only one, there were other domains that submitted contents to Voat, also with dates very close to the domain registration dates. This happened to too many domains, I do not think that it was a coincidence.
SchwazaRifleCoffeeCo ago
You’re fucking retarded
MadWorld ago
Thanks, but please go on and point out the specifics.
SchwazaRifleCoffeeCo ago
That’s not how this works. If you think I am a shill, the burden of proof is on you kike.
MadWorld ago
My apology, I was not clear. You were pinged in because you showed interest from my last submission. Your name did not come up as one of those accounts involved. I hope it makes sense to you know.
theoldones ago
you fucking ping us, accuse of being massive shills, and dont think we'll be insulted by an accusation of this magnitude
MadWorld ago
His name did not come up as a suspect, I copy the usernames from my previous submission. Maybe you could care to explain it, instead of telling me to fuck off? I followed the data and did not pick your name, because I have some kind of grudge against you, for which I do not!
SchwazaRifleCoffeeCo ago
What? I have zero interest in you. Fucking idiot.
MadWorld ago
@ArtistiqueJewelry @Russianbots @Sw0rdofDamocles @MacMike See submission
kneo24 ago
ArtistiqueJewelry is an actual person, a whiny cunt really, who has their own bitchute channel or something like that, and shills their content to earn shekels here on Voat. And when I say "their content", they seem to find some spergy shit someone else said or did, put their own spin on it, and make a video.
MadWorld ago
@draaaak, @uvulectomy see submission. Thanks
draaaak ago
Interesting.. do you have a chart/list showing which users posted links to which domains, maybe sorted by time between registration and post?
MadWorld ago
The data is in this thread. It was too much to fit into submission body.
draaaak ago
Thanks, I've only been able to read through part 1 so far, I'll get though the next six parts tonight when I have more time.
MadWorld ago
The other parts are buried because of the votes, but you can see the entire thread here: https://voat.co/v/ProtectVoat/3001782/16431113/10
MadWorld ago
@totes_magotes, @lets_get_hyyerr, see submission.
lets_get_hyyerr ago
Very good post. some of these people I have on a separate investigation Ive been working on. Keep me updated please!
MadWorld ago
Looking forward to see what you have found on those upvotes.club accounts!
kneo24 ago
I'd be surprised if he found something we didn't already know, but I'm sure he's more than willing to take credit for already known information and pat himself on the back for it.
lets_get_hyyerr ago
why don't you @ me next time you talk shit so I can read what you wrote instead of being a (((rat))) and talking in silence
kneo24 ago
You have in the past told me I was a nobody, not important, and when I do typically @ you, you ignore it. It got to the point where it became a fruitless endeavor.
lets_get_hyyerr ago
Please feel free to link me the comments where I said that. I would love to see them.
Because you're very annoying. Case in point: the original reason I commented here
kneo24 ago
Here you go, you dumb cunt.
This is entirely the logic of a woman seeking attention. Why don't you stay in the kitchen there sweety and make everyone a sandwich. Oh, and bring us out a beer too.
lets_get_hyyerr ago
This entire response you've chosen to write out perfectly displays the reasons why I think you're very annoying. thank you for that
kneo24 ago
And yet you still crave my attention. Go ahead, tell me more, lady.
MadWorld ago
I think it is very difficult to find those upvotes.club accounts, without some kind of setup. Even then, it may still require admin looking into the voting records.
kneo24 ago
The only thing one can do is find a way to inflate some numbers on the account(s), sell it, and watch the account activity. That would be legitimate work.
MadWorld ago
Are you talking about some kind of sleeper account detection?
kneo24 ago
Well, if you wanted to track if the upvotes club website had any measure of efficiency here on Voat, that's how you would do it. You would get the large swaths of SCP and CCP, sell the account, and either watch the account manually or have something setup to do it for you. Or, you buy their services a few times to see what you get out of it.
In any case, money is being exchanged somewhere along the way.