The dark past of Gateline / Onelya

Brian Krebs has written an excellent article on his blog, krebsonsecurity.com:
“Gateline.net Was Key Rogue Pharma Processor”

It’s an article in a serie about the “Pharma War” between to Russian spammers, Pavel Vrublevsky and Igor Gusev.
The focus in his latest article is, as the title says, the payment processor for both, Gateline.net and the people involved.

I’ll float on Krebs’ research, add some relatively old stuff and compare that with existing info from today about Gateline. Which will show their ugly past.
And maybe what their business is today, who knows? I don’t.

I’ll also make attempts to identify a couple of guys in his article.

But it has to be later, I am seriously hit by what I think is called “writers block”.

April 23, 2012

Building bit by bit, a little addition today.
I don’t know when or if more will come

I checked a few pieces of information based on Krebs’ article.
One little piece is relatively easy to have a look at, the information in the domain registration for gateline.net as of today:

Administrative Contact, Technical Contact:
      France, Kellee		adm@onelya.ru
      Onelya Ltd.
      21-1 Novy Arbat
      Moscow 119019
      RU
      +7 495 3630953

The domain was created 01-may-2002.
Please note a couple of details:
“France, Kellee”“ and “21-1 Novy Arbat”

My nosewings started vibrating, but I could not put my finger on exact why.
A few quick searches and I found a few small pieces of info, about 10 years old.

Now let’s compare todays info about Gateline and Onelya to what made my nose wings go crazy.
This is the registration info for a couple of other domains, ufs-online.org and paymentway.net, as it was shown in november 2002.
First ufs-online.org:

Registrant:
 GARDINER INDUSTRIES INC.
 12260 Willow Grove Road Bldg. #2
 Camden, DE 19934
 US

 Domain Name: UFS-ONLINE.ORG

 Administrative Contact:
    Kellee, France  admin@ufs-online.co.uk
    12260 Willow Grove Road Bldg. #2
    Camden, DE 19934
    US
    +1 917 523-44-79

 Technical Contact:
    Labor, Alex  a1582_l@hotmail.com
    Ministeer 48/2
    Sverdlovsk, SR 113326
    RU
    +73432 126718
    Fax: +73432 126718

And a shorter version of the registration info for paymentway.net:

Registrant:
France, Kellee (HNWKZNXJHD)
   12260 Willow Grove Road Bldg. #2
   Camden, DE 19934
   US

   Domain Name: PAYMENTWAY.NET

   Administrative Contact:
      France, Kellee  (COHLMRHLXI)		admin@paymentway.net
      
      12260 Willow Grove Road Bldg. #2
      Camden, DE  19934
      US
      123654987 123 123 1234

We again have the same name as in the info for gateline.net, “France, Kellee”.
The email address for the “technical contact” is also somewhat interesting, I may come back to that later.

So what about the domains “ufs-online.org” and “paymentway.net”?
What was they used for?
As Gateline in 2012, ufs-online.org and paymentway.net was also a part in a payment process back in 2002.

But not for spammers selling illegal drugs.
No, it was for spammers and criminals abusing little girls.

A quote from one of those sites back in 2002:

“ELITE UNDERAGE ARCHIVE” – Huge Collection.

This kind of sites were often organized with “portal” sites which again served links further to sites where pictures and/or movies of sexually abused children were sold.

Now back to “ufs-online.org” and let’s have a look at another little pesky detail about the domain:

ufs-online.org 1 SOA
server: ns1.ufs-online.org
email: aw@cardbilling.net

Note: email: aw@cardbilling.net

To be continued (when I get around to do so)

Posted in 1. Tags: . Comments Off on The dark past of Gateline / Onelya