Part 1 of 7
In continuation of the last submission, regarding the list of 20+ connected domains that spread fake news, I looked further into the characteristics of those domains and those submitters on Voat. I am not sure what to expect with this submission, other than presenting my findings and voice my opinions with the data I have collected at hand. You may notice that the archive dates are spread out across a whole week, that is because it was done in bits and pieces.
Notice that this data may be incomplete, as most of the 20+ domains were already offline or wiped, shortly after the last submission. Because of the number of domains involved, I made minimal effort to archive those sites. Lately, I had to resort to the timestamps from the search engine.
tl;dr: a collection of domains, controlled by a small group of users, could be used to spread fake news, bypass spam rule, or track and dox other users. Use vpn, tor, or anon proxies when possible, especially for high profile users.
Let's start by defining the metrics used to flag a domain, along with the submitters. A domain is flagged as suspicious, along with the users involved, if it exhibits one or a combination of the following characteristics:
- First submission to Voat being too close to domain's registration date: This strongly suggests that the submitter is directly or indirectly affiliated with the domain involved. This submitter either owns the domain or pushes the domain for its owner.
- Low traffic site recently been updated, closely followed by a submission to Voat: This suggests a weak but similar condition as #1.
- Site's wayback activity sparsely archived, with submission too close to the archived date: It suggests that the site showed some recent activity.
- Site's traffic history, followed too closely to the submission date: When a low traffic or barely active site made a submission on Voat, its traffic increases, followed by its decline back to zero or low traffic steady state.
- Multiple domains sharing the same set of IPs: Sharing IPs is common in shared hosting, but having those domains coincidentally showed up by a user or a small group of users, is not so common. This technique was probably used to circumvent Voat's spam rule, or possibly to disguise something else, such as repackaging of MSM news behind no-name domains.
Status of domains been investigated:
- Domain1 akniinfo.com, taken offline, short-lived.
- Domain2 cbinfo24.com, taken offline, short-lived.
- Domain3 coolinfo24.com, taken offline, short-lived.
- Domain4 cukam.com, taken offline, short-lived.
- Domain5 cvikas.com, taken offline, short-lived.
- Domain6 cvikasdrv.com, taken offline, short-lived.
- Domain7 dailyinfo24.info, re-purposed, but traffic continued.
- Domain8 fergieinfo.com, taken offline, short-lived.
- Domain9 lifeinfo24.net, taken offline, short-lived.
- Domain10 ludinfo24.com, taken offline, short-lived. First submission made 3 days after domain registration.
- Domain11: mminfo24.com, taken offline, short-lived.
- Domain12: policeglobal.com, still online on 2019-01-19.
- Domain13: scandallinfo.com, online but data wiped, short-lived. First submission made only 12 hours after domain registration, very interesting!
- Domain14: tapainfo.com, taken offline, short-lived. First submission made 4 days after domain registration.
- Domain15: thenyherald.com, taken offline, short-lived. First submission made only 2.5 days after domain registration.
- Domain16: tvrtinfo.com, taken offline, short-lived.
- Domain17: usapatriotsvoice.com, taken offline on 2019-01-21.
- Domain18: vtamedia.com, taken offline on 2019-01-21.
- Domain19: classic2017.info, taken offline.
- Domain20: ilovemyamerica.net, suspended.
- Domain21 libertyinfonews.com, still online, but short-lived. First submission to Voat, 8 days dated from site's earliest article.
This list came from previous submission, where the domains were flagged for sharing a subset of identical articles that contained fake news. These domains also showed very short user engagement, suggesting clickbait nature.
Suspects found, evaluated by timestamps associated with domain registration, wayback archives, and site's traffic profile: Kilroy_1962, RussianIvantheCrazy, GizaDog, Dailytacs, yurisrevenge, nogarbagetrashonly, theoldones, Russianbots, Mogumbo, Sw0rdofDamocles, mattsixteen24, and Kippering. I tried to minimize the number of suspects and usually only flagged the first submitter to the domain.
- Kilroy_1962
- RussianIvantheCrazy
- GizaDog
- Dailytacs
- yurisrevenge
- nogarbagetrashonly
- theoldones
- Russianbots
- Mogumbo
- Sw0rdofDamocles
- mattsixteen24
- Kippering
Looking further into the suspects, I dumped all of the domains from their submission histories. There were 900+ domains, first sorted by domain names, then by IP addresses. As it was too much work to look at them individually, I only picked those domains that seemed unusual, or domains that shared similar names and/or with the same set of IPs. Many of the domains that were picked showed very similar characteristics as the ones that were previously investigated. They were relatively new domains made it to Voat, with a spike in their traffic histories. Some were strikingly clear to see that they were pushed by specific user. In one specific case, three domains were cascaded together, af-mg.com forwarded to dc-chronicle.com, with dc-chronicle.com's data on thenarrativetimes.org. Very interesting to say the least!!
List of domains picked up from suspects' submissions, that showed very similar behaviour to those of 20+ domains. Initial submissions were usually posted to Voat between days to 3 weeks, after domain registration or before traffic spike.
- Domain22: americanews.network, offline, short-lived. First submission posted 10 days from domain registration.
- Domain23: amirror.link, offline with bad gateway. First submission 6 days from domain registration.
- Domain24: animeright.news, currently online, a shitpost website.
- Domain25.1: americafastnews.net, offline, no ssl. Appeared to be 1 of 4 domains sharing same backend, see data log at the end. First submissions posted to Voat within 2 to 3 weeks of domain registration.
- Domain25.2: conservativegeneration.net, offline, no ssl.
- Domain25.3: conservativemind.net, offline, no ssl.
- Domain25.4: topalertnews.com, offline, no ssl.
- Domain26.1: newsusatoday.co, offline, expired. First submission 5 days from site's traffic spike.
- Domain26.2 viraldailynews.co, offline, expired.
- Domain27.1: politicalbelief.site, offline. First submission 12 days from domain registration.
- Domain27.2: trumptroopers.com, offline. First submission 4 days from domain registration.
- Domain27.3: viralview.site, offline.
- Domain28: viralusfortrump.com, offline. First submission 4 days from domain registration.
- Domain29.1: loveconservative.site, offline. First submission 13 days from domain registration.
- Domain29.2: politicaltribes.site, offline.
- Domain30: freedom-daily.com, re-purposed. First submission 21 days from previous domain registration.
- Domain31.1: democratdossier.org, online. First submission between 1 week to 1 month.
- Domain31.2: truthseries.net, online, no ssl. First submission 13 days before traffic spike.
- Domain31.3: yellowvestmarch.com, online. First submission 15 days after domain registration.
- Domain32: nationonenews.com, offline. First submission 7 days after domain registration.
- Domain33: thenarrativetimes.org, online, connected to dc-chronicle.com, which itself was connected to af-mg.com. First submission 11 days before traffic peaked.
- Domain34: nationonenews.org, offline. First submission 1 fucking day after domain registration.
- Domain35.1: dc-chronicle.com, online, redirected from af-mg.com.
- Domain35.2: af-mg.com, connected to dc-chronicle.com.
- Domain36: dailycallernewsfoundation.org, online.
- Domain37: redstatenation.com, online. First submission 8 days after domain registration.
- Domain38: defiantamerica.com, online.
So it appears to me that there is likely a user or a small group of users, who are here to push contents, by hopping through disposable/burner domain names. Some of those domains pushed fake news, some pushed low quality contents or other bullshits. Some would circumvent spam rule with collection of domains at disposal. This is something that other goats can point out periodically. I am not too worried or concerned about that. But I am in a way concerned with its implications.
Cont to part 2: https://voat.co/v/ProtectVoat/3001782/16431060
view the rest of the comments →
MadWorld ago
Not really sure who to ping... @shadow332 @Rotteuxx @heygeorge @Mumbleberry @Cynabuns, you may be interested in this submission. Feel free to ping others.
shadow332 ago
Thanks for pinging, ever so often I'll post something and if someone points out it's wrong info, I will delete the post. I did this yesterday from -what I thought was great post- someone sent me and it was pointed out by a user that was some info or a pic from 2011, I said the truth, apologized, and deleted it. I only got back from work to see that this SchwazaRifleCoffeeCo with whom you had this friendly exchange here made about 20 alts, downvoted the thread and used th exact same obnoxious language accusing me of being a fag, idiot, jewish and shill. This is probably freshmeat/9-11 and friends.
I don't know what their main agenda is but I know they often attack legit users. That's why he's very afraid of getting doxxed. They use the tactic of calling everyone a shill and a jew. So I wouldn't rely on them to help you out.
As far as this information goes, it's very telling. I will have a closer look at these accounts.
MadWorld ago
You own up to your mistake, that is an admirable attitude!! I like that in a person's character! I think it would also be helpful if you edit your submissions to let everyone know what mistake was made. It probably is more valuable, to clearly state the mistake/misinformation for future references. Say you made a submission but found out to be fake news or disinfo. If you edited the submission body, to clearly point out the issue, others would understand it. If a shill or disinfo agent tried to post a similar submission, for his own agenda, other users would be able to search previous submissions and dismantle the fake news. That is something worth considering.
XD He called me a kike in another thread. So there is that.
Did not know they use such tool to come up with new domain names. So I guess it is quite possible that the contents were just repackaging of MSM news.
shadow332 ago
You're right. I've deleted the posts because I don't want people reading it at all. Sometimes people just scan the info, or just the titles, or don't read the posts entirely and then think it's actual news. But what I can do now is edit the title (that wasn't possible before recently and was the main reason for me deleting it). But now I can add something like (FAKE NEWS) in the title and then add an edit in the description in the top before people continue reading. And like you said, this makes an entirely different post, it's one to point out fake news. I like it and since we have the edit title feature now, I will start doing that. Thanks for the advice!
I don't know but I wouldn't be surprised. You might want to have a look at things like this:
I made a post here where I happened to be reading a news article I thought would interesting to share on voat and noticed something fishy about the name, the person and the story. Like we talked about above, I made the post about how this is a fake story most likely generated entirely by AI. Here's a post I made about computer-generated people which would explain where fake news stories get their imaginary faces.
Here's another point to ponder: When I post material I think is interesting, if I have the time, I try to not just spam a story but make it a discussion post, so I post the article and then talk about what is being said in the article, adding my own opinion. A fake user or bot won't do such a thing. I think even a shill would not waste that much time pointing things like that out. I made an actual test of this by posting a story about a HOLOCAUSTTM victim, then I tested the waters by posting a shitload of points which shows this is plainly bullshit. I rebutted the claims the people who push the HOLOCAUSTTM make. Normally, in other forums where the JIDF is present, they spam a narrative with the same counterarguments and same vicious insulting, name-calling tactics. They are easy to spot. However, the few times I've tried this out, there is no real response to it. So there's that.
Your research is definitely on to something. If there are shills, bots, spammers, it will be in the form you have discovered. Accounts posting obscure websites with no personal commentary. Then you know you are not dealing with a genuine person.
EDIT: I want to add though that shills might be lurking in places I don't frequent, like the Q subs. We'd need to find out more from the others.
MadWorld ago
The one about AI generated fake news was quite amusing: https://voat.co/v/whatever/2994446.
In general, very well said!! In my opinion, you are one of those top researches on Voat. I enjoying your contents here, knowing that the materials presented are reliable. That extra effort you put into your submissions, is MUCH appreciated!! Thanks!
For the anon subverses, the most we can do is probably dumping those domain names to see if there are odd ones standing out from the rest. It would be easier if we could list the domain stats under https://voat.co/discover/domains. So that everyone could browse and evaluate without digging through a pool of usernames.
shadow332 ago
Hey thanks. I like to write in my free time but I'd never be good enough to write professionally!
Like I said, sometimes I don't have the time to fact check everything to the very end, but I appreciate when others point it out for me.
Yea, those anon subs, I have mixed feelings about them. But that's a good suggestion re checking any domain names that stand out. I wish you lots of luck on this endeavor. If you need any help I'm sure there are plenty of people here to give you advice and additional info. I'm interested to see more of what you uncover.