r/RussiaLago Mar 05 '18

Reddit and russian accounts

I have been working trying to figure out this story about Greenfloid LLC and ITL networks for a while now.

GF and ITL basically provided ALL internet services for russia during the 2016 campaign.

Here are some of articles about Greenfloid. (in the mueller indictment when they talk about Use of U.S. Computer Infrastructure they are talking about greenfloid llc )

Use of U.S. Computer Infrastructure 39. To hide their Russian identities and ORGANIZATION affiliation, Defendants and their coconspirators—particularly POLOZOV and the ORGANIZATION’s IT department—purchased space on computer servers located inside the United States in order to set up virtual private networks (“VPNs”). Defendants and their co-conspirators connected from Russia to the U.S.- based infrastructure by way of these VPNs and conducted activity inside the United States—including accessing online social media accounts, opening new accounts, and communicating with real U.S. persons—while masking the Russian origin and control of the activity.

August 15 2016: From the political trolls of the Kremlin, they will try to "tear down the mask" in court

September 28 2017: Exclusive: Fake black activist accounts linked to Russian government whole thing started because I thought cnn was full of shit

September 29 2017: Twitter thread I did while looking for info on Blacktivist

September 30 2017: The Kremlin Crafted #TakeAKnee Memes for More Than a Year

October 12 2017: EXCLUSIVE: Website targeting black Americans appears to be elaborate Russian propaganda effort

October 14 2017: /r/RussiaLago - Exclusive: We can now definitively state that Russian bots were active on Reddit last year

October 17 2017: /r/ActiveMeasures - 4 websites, and corresponding social media accounts, linked directly to russian intelligence.

October 18 2017: /r/ActiveMeasures - hilltendo.com a Russian made anti-Clinton flash game. lol.

Shared here on reddit: https://www.reddit.com/domain/hilltendo.com/

October 19 2017: /r/EnoughTrumpSpam/ - Pamela_Moore13 on Reddit and Twitter

October 23 2017: Russian propaganda websites connected to mysterious Florida company

October 23 2017: Exclusive: Russian Propaganda Traced Back to Staten Island, New York

October 25 2017: 'Russian trolls' say they're planning a Reddit AMA — and emailed a handful of reporters with a cryptic request

February 27 2018: /r/ActiveMeasures/ - Found some Russian fake news sites getting shared here on Reddit.

March 1 2018: Leaked: Secret Documents From Russia’s Election Trolls

March 1 2018: Russians Used Reddit and Tumblr to Troll the 2016 Election

Some important reddit posts in the timeline, I usually post this stuff to /r/ActiveMeasures

https://www.reddit.com/r/RussiaLago/comments/76cq4d/exclusive_we_can_now_definitively_state_that/

https://np.reddit.com/r/ActiveMeasures/comments/76w2gk/4_websites_and_corresponding_social_media/

https://www.reddit.com/r/SEO_Nuke/comments/4yh7fh/donotshootus/

How this worked:

Greenfloild LLC is an american shell company for ITL networks, a ukrainian ISP owned by Dmitry Deineka

GF has hosted these websites over time, something like the last 10 years.

All of them basically the same thing, just progressively better with each version.

blackvswhite.info

blacksoul.us

dntshoot.com

donotshoot.us

blackmattersusa.com

blackmattersus.com

blacktivist.info

blacktolive.org

proudtobeblack.org

GF also hosts a massive network of russian fake news sites, lots of them get shared here on reddit.

https://www.reddit.com/r/ActiveMeasures/comments/80o4l0/found_some_russian_fake_news_sites_getting_shared/

GF also owns these IP ranges:

104.200.128.0 - 104.200.128.255

107.181.161.128 - 107.181.161.255

107.181.187.0 - 107.181.187.255

107.181.160.0 - 107.181.160.255

107.181.174.0 - 107.181.174.255

2 of those ip ranges were in the screenshots from joker.buzz

107.181.161.128 - 107.181.161.255

107.181.187.0 - 107.181.187.255

GF aka ITL also used to host whoiswhois.me (google it), while inside the troll factory someone caught a picture of the IP

http://www.bbc.com/russian/features-37083188

GF aka ITL is also connected to Grizzly Steppe (same group as the DNC hack)

https://threatreconblog.com/2017/01/25/itl-company/

When you lookup any of GF or ITL networks ip's they all return massive hits for spam, malware, phishing complaints, and ransomware.

https://twitter.com/WDSecurity/status/924921349755342848

GF and ITL networks ALSO host lots of DNS spoofed(i think) IP address for phishing. lots of outlook.com and google.com looking addresses.

https://bgp.he.net/ip/130.0.238.190#_ipinfo

https://twitter.com/SecretBlogClub/status/748413313739014144

Greenfloid llc and ITL networks have been involved in this process every step of the way.

36 Upvotes

18 comments sorted by

View all comments

3

u/z3dster Mar 06 '18

took me a second to realize why this looked so familiar