Brian Krebs has written an excellent article on his blog, krebsonsecurity.com:
“Gateline.net Was Key Rogue Pharma Processor”
It’s an article in a serie about the “Pharma War” between to Russian spammers, Pavel Vrublevsky and Igor Gusev.
The focus in his latest article is, as the title says, the payment processor for both, Gateline.net and the people involved.
I’ll float on Krebs’ research, add some relatively old stuff and compare that with existing info from today about Gateline. Which will show their ugly past.
And maybe what their business is today, who knows? I don’t.
I’ll also make attempts to identify a couple of guys in his article.
But it has to be later, I am seriously hit by what I think is called “writers block”.
April 23, 2012
Building bit by bit, a little addition today.
I don’t know when or if more will come
I checked a few pieces of information based on Krebs’ article.
One little piece is relatively easy to have a look at, the information in the domain registration for gateline.net as of today:
Administrative Contact, Technical Contact: France, Kellee firstname.lastname@example.org Onelya Ltd. 21-1 Novy Arbat Moscow 119019 RU +7 495 3630953
The domain was created 01-may-2002.
Please note a couple of details:
“France, Kellee”“ and “21-1 Novy Arbat”
My nosewings started vibrating, but I could not put my finger on exact why.
A few quick searches and I found a few small pieces of info, about 10 years old.
Now let’s compare todays info about Gateline and Onelya to what made my nose wings go crazy.
This is the registration info for a couple of other domains, ufs-online.org and paymentway.net, as it was shown in november 2002.
Registrant: GARDINER INDUSTRIES INC. 12260 Willow Grove Road Bldg. #2 Camden, DE 19934 US Domain Name: UFS-ONLINE.ORG Administrative Contact: Kellee, France email@example.com 12260 Willow Grove Road Bldg. #2 Camden, DE 19934 US +1 917 523-44-79 Technical Contact: Labor, Alex firstname.lastname@example.org Ministeer 48/2 Sverdlovsk, SR 113326 RU +73432 126718 Fax: +73432 126718
And a shorter version of the registration info for paymentway.net:
Registrant: France, Kellee (HNWKZNXJHD) 12260 Willow Grove Road Bldg. #2 Camden, DE 19934 US Domain Name: PAYMENTWAY.NET Administrative Contact: France, Kellee (COHLMRHLXI) email@example.com 12260 Willow Grove Road Bldg. #2 Camden, DE 19934 US 123654987 123 123 1234
We again have the same name as in the info for gateline.net, “France, Kellee”.
The email address for the “technical contact” is also somewhat interesting, I may come back to that later.
So what about the domains “ufs-online.org” and “paymentway.net”?
What was they used for?
As Gateline in 2012, ufs-online.org and paymentway.net was also a part in a payment process back in 2002.
But not for spammers selling illegal drugs.
No, it was for spammers and criminals abusing little girls.
A quote from one of those sites back in 2002:
“ELITE UNDERAGE ARCHIVE” – Huge Collection.
This kind of sites were often organized with “portal” sites which again served links further to sites where pictures and/or movies of sexually abused children were sold.
Now back to “ufs-online.org” and let’s have a look at another little pesky detail about the domain:
ufs-online.org 1 SOA server: ns1.ufs-online.org email: firstname.lastname@example.org
Note: email: email@example.com
To be continued (when I get around to do so)