The dark past of Gateline / Onelya

Brian Krebs has written an excellent article on his blog,
“ Was Key Rogue Pharma Processor”

It’s an article in a serie about the “Pharma War” between to Russian spammers, Pavel Vrublevsky and Igor Gusev.
The focus in his latest article is, as the title says, the payment processor for both, and the people involved.

I’ll float on Krebs’ research, add some relatively old stuff and compare that with existing info from today about Gateline. Which will show their ugly past.
And maybe what their business is today, who knows? I don’t.

I’ll also make attempts to identify a couple of guys in his article.

But it has to be later, I am seriously hit by what I think is called “writers block”.

April 23, 2012

Building bit by bit, a little addition today.
I don’t know when or if more will come

I checked a few pieces of information based on Krebs’ article.
One little piece is relatively easy to have a look at, the information in the domain registration for as of today:

Administrative Contact, Technical Contact:
      France, Kellee
      Onelya Ltd.
      21-1 Novy Arbat
      Moscow 119019
      +7 495 3630953

The domain was created 01-may-2002.
Please note a couple of details:
“France, Kellee”“ and “21-1 Novy Arbat”

My nosewings started vibrating, but I could not put my finger on exact why.
A few quick searches and I found a few small pieces of info, about 10 years old.

Now let’s compare todays info about Gateline and Onelya to what made my nose wings go crazy.
This is the registration info for a couple of other domains, and, as it was shown in november 2002.

 12260 Willow Grove Road Bldg. #2
 Camden, DE 19934

 Domain Name: UFS-ONLINE.ORG

 Administrative Contact:
    Kellee, France
    12260 Willow Grove Road Bldg. #2
    Camden, DE 19934
    +1 917 523-44-79

 Technical Contact:
    Labor, Alex
    Ministeer 48/2
    Sverdlovsk, SR 113326
    +73432 126718
    Fax: +73432 126718

And a shorter version of the registration info for

France, Kellee (HNWKZNXJHD)
   12260 Willow Grove Road Bldg. #2
   Camden, DE 19934

   Domain Name: PAYMENTWAY.NET

   Administrative Contact:
      France, Kellee  (COHLMRHLXI)
      12260 Willow Grove Road Bldg. #2
      Camden, DE  19934
      123654987 123 123 1234

We again have the same name as in the info for, “France, Kellee”.
The email address for the “technical contact” is also somewhat interesting, I may come back to that later.

So what about the domains “” and “”?
What was they used for?
As Gateline in 2012, and was also a part in a payment process back in 2002.

But not for spammers selling illegal drugs.
No, it was for spammers and criminals abusing little girls.

A quote from one of those sites back in 2002:


This kind of sites were often organized with “portal” sites which again served links further to sites where pictures and/or movies of sexually abused children were sold.

Now back to “” and let’s have a look at another little pesky detail about the domain: 1 SOA

Note: email:

To be continued (when I get around to do so)

Posted in 1. Tags: . Comments Off on The dark past of Gateline / Onelya

Oh, really?

This is a bit funny:

remarks:         This is Ideal-Solution and Hosting IP network
remarks:         ***************************************
remarks:         note for spamhause company of usa:
remarks:         stop follow this subnet, nothing bad here, you can contact us if need.
remarks:         ***************************************

I wonder if “spamhause company of usa” actually is meant to be
Everybody knows that Steve Linford is floating around in a houseboat somewhere in Britain, don’t we?
Well, we are perhaps almost equal in knowledge there, the russians and myself, regarding geography and the whereabouts of Spamhaus.
But I feel reasonably sure that they are not in the US.

And I also know that the netblock, “Ideal Solution Ltd”, mounted by WebAlta has a history of exploits, trojan and you can name whatever bad stuff you can imagine on the net. And 2× Not exactly angels.

At least they are better at hosting criminal activity than in geography.
Always good to feel you master something, whatever it is.

Posted in malware, bots. Tags: . Comments Off on Oh, really?