This is an investigation that for months had the code name “OS-OP-002”, the main objective of the investigation was the website smutty and to know who the people were linked to the administration of the website.

smutty is a website used by thousands of pedophiles for the distribution of illegal content related to child exploitation. Pedophiles feel safe because there is complete complicity on the part of the website owner.

smutty was founded by Sathia Francesco Musso from Italy in 2012 and is currently operated by a shell company from the Seychelles islands that is connected to other shell companies in other tax havens.

This is not something that is hidden in some dark part of the website, this pedophile network is visible to everyone and posts related to illegal pornography appear at the beginning of “smutty”. This is not something new, according to records.

These illegal activities were so blatantly visible to all that reddit users began to complain about images of children posted by pedophiles using smutty. Users often asked for help in reporting the website to the FBI and NCMEC.

Other users went to the website after these posts and were shocked wondering how “is that on the clear web?” or “How has this been under the radar?” Others already had experience trying to report the website and claimed to be ignored by the owners

A user claimed that the button to report images was completely ignored (and he will not be the first person to claim this), this user seems to have felt so repulsed that he preferred to add the website to a blacklist so as to never see it again.

A 17-year-old user made a post on Reddit claiming that a user named “lolilove” was distributing child pornography of 7-year-old boys on smutty. This user is still active to this day and is followed by more than 340 pedophiles… yes… repulsive

Another user made a post where he explained that he spent more than 4 days trying to combat child exploitation and pedophile users. The user was mentally and psychologically affected by what he saw in smutty.

This user was a victim of anxiety attacks in addition to starting to eat less because of the illegal activities of these sexual predators who target children

There are many other posts on BanFamaleHateSusbs about this, many people have been exposing the illegal activities happening on “smutty” for a long time and this includes people outside of BanFamaleHateSubs (subreddit)

Another subreddit that tried to fight this was “r/teenagers,” a subreddit where they are mostly underage. Basically, this problem got to the point that the children asked for help to fight Child Sexual Abuse Material (CSAM) in smutty.

An underage user asked other children for help in reporting this issue to the FBI. Other children between 13 and 17 years old reacted very worried and surprised and even one with a crying emoji presumably because of what he saw on the website

Reddit users were not the only ones to report this, in a site webmaster forum called gfy.com (GoFuckYourself) activities related to child exploitation on smutty were also mentioned by different users at the beginning of 2020.

a user named “Diomed” made a post on the forum complaining that there was no moderation on smutty and said that there were many “NN models” (dark web child modeling agencies) and compared illegal activities to 4chan.

Another user in the same thread responds by stating that there is child pornography published by former users and mentions that pedophile accounts are not suspended even though other accounts related to Bestiality are supposedly suspended.

Like BanFamaleHateSubs, members of gfy recommended reporting smutty site to cybertip, which is the well-known CSAM and child sex trafficking online reporting form provided by the NCMEC (National Center for Missing & Exploited Children).

There were many advertisers on the website from its founded until now among which is exoclick but in recent years the ad provider was “Adsession” which redirected to Stripchat and also to another website called “Clips4Sale”

The user named “Diomed” in another comment named someone with a nickname “snake” and asked other members of the porn industry if they did business with him. This anon nicknamed “snake” is actually an Italian named “Sathia” (Founder)

A few days after the post denouncing this on GYF, the creator of smutty cleaned the website of illegal content. The user claims that the victims were between the ages of 7 and 12 and the images appeared at the index page of smutty.

The user mentions that the report post button is totally ignored by the admins (yes, this user too) and that 50% of the posts involve children. He also claims that they don’t care about illegal activities until someone complains loudly.

A month later, the user made a new angry post at the “smutty” admin stating that smutty was worse than ever and that the website was now even more flooded with child pornography than before. He claimed that the entire site was now “full of CP”

In that post the email address “[email protected]” is mentioned and how this user “constantly” sent reports of abuse related to Child Sexual Abuse Material (CSAM) since again the report images button was completely ignored.

As I mentioned before, all of this was visible to everyone while the owners of the website were probably profiting monetarily from the illegal content since many ads appeared at the same time as these images were displayed. All this is very repulsive

on a forum called jackinchat, a user mentioned that “smutty” was rumored to be the next “COPP”, in short, that COPP members moved to smutty. I had heard this repeated before by reddit users who notified me.

sexual predators who are members of CumOnPrintedPics are going to smutty because it is a more “discreet” website to carry out illegal activities unlike COPP where anti-pedophilia activists and authorities know what happens there.

Pedophilia and child exploitation:

The majority of Internet users say that there are pedophiles and child exploitation in smutty. Even minors on Reddit have complained about this. So now we will investigate smutty and what the public walls of the website hide.

The first thing we notice when we enter the website are publications related to child sexualization and child exploitation. The images were uploaded by users with thousands of views on the profile, even one has almost a million views.

so yes, everything they say on Reddit and other internet websites about smutty is true. And this is the tip of a very large iceberg and this is just the beginning. So we will continue to investigate the activities of the users.

These pedophiles do not hide at all, they do everything in plain sight and have hundreds of followers and thousands of views. For example, these 5 accounts registered on “smutty” have profile photos with children.

Investigating the iceberg we realized how the pedophile networks that use this website work. The most “least terrific” content is non-consensual pornography and smutty deepfakes, this illegal content is high on the iceberg.

Investigating a little more we can see that a little further down the iceberg there is child pornography. The victims of child exploitation in this case range from 12 to 17 years old. Pedophiles refer to this with the hashtags #leak #young.

The administrators allegedly seem to have zero moderation when it comes to the child exploitation of girls between 12 and 17 years old. Pedophiles who upload this type of CSAM seem to never get suspended, even when the pedophiles use titles like “CP”.

Level 3 of the iceberg made my head ache and I even thought about stopping researching. Level 3 involves child pornography and child sex trafficking. Victims of child trafficking are forced to create child exploitation material

These victims are victims of child sex trafficking by pedophile networks that own different clandestine child pornography studios. These pedophile networks then sell the illegal content on the dark web to other pedophiles.

analyzing the members of this pedophile network and their interactions, I discovered an entire network of users who make reference to pedophilia. Even pedophiles have profile photos of children and victims of child exploitation

The posts on gfy were from early 2020, these screenshots are from 2024 exactly 4 years later and surprisingly the same. the website was flooded with CSAM even though the admins clearly knew that the website had been used by pedophiles.

Pedophiles also upload posts in which sexual predators and pedophile rings force children to make video calls on different messaging apps with pedophile clients of these criminal networks. The victims are mostly 3-17 years old.

There is a lot of illegal content related to child sex trafficking. Pedophiles upload child abuse content from child modeling studios. These are illegal studios where victims of child sex trafficking are forced to record.

another piece of illegal content related to human trafficking is cybersex trafficking. pedophile rings force children to make calls with pedophiles or record themselves in order to sell to pedophiles. most victims are under 10 years old

In the TV series Mr Robot, a reference to this is made in Season 4, Chapter 1 called “401 Unauthorized“. Eliot (the hacker) hacks a pedophile lawyer who was a client of these pedophile rings and had had video calls with a victim.

Child pornography studios are located in remote parts of the planet, looking at the images we can observe very expensive objects, HD cameras, Green and White Screens and very expensive houses. Everything is extremely professional.

This means that sexual predators have a lot of funding and a lot of money involved. Even in one of the photos it appears to be the exterior of a mansion in some unknown part of the world. one of the photos has more than 40 likes and 1k views

These child exploitation recording studios even have their own logos. These logos are used as a watermark so that the members of these pedophile networks know where the victims of child exploitation come from.

The most distributed illegal content on this website has to do with these illegal studies of child sex trafficking. The members of the pedophile network hosted on this website have an obsession with this victim of child sex trafficking

For example, 10 hours ago, a user uploaded a photo with 2 victims of child sex trafficking who are in some forest somewhere in this world and the other censored image shows child exploitation material of these children.

These posts related to victims of child sex trafficking have been uploaded to smutty for weeks and even months and are not removed by the website’s administrators. The website allegedly appears to be some sort of pedophile-free zone.

Reddit and GFY users were right. It seems that the smutty admin does almost nothing against this to the point that many pedophile users have photos of children and hundreds of followers and the profiles are still active

The website admin only deletes posts when pedophiles upload images and gifs of child rape or images of missing children, but he does not suspend the accounts of these users and these users are allowed to upload new posts.

As you can see in this video, the owner of smutty removed illegal content related to Child Sexual Abuse Material (CSAM) of children under the age of 10, but did not suspend the pedophile’s account. He just deleted the posts.

This user who uploaded images of child rape has more than 100 followers on the website and he dedicated himself to doing this in a loop. As the video shows, the user was not suspended even though the admin knew what he was doing.

A pedophile user with over 681 followers and a profile picture of a girl no older than 9 had uploaded 3 images of 3 different child sex trafficking victims. All of this was seen by the admin and he only removed the images from the website.

With this we already know that the website administrator is complicit in this, he saw these illegal activities and even this user with more than 600 followers with a profile photo of a little girl and did not suspend the profile.

The smutty admin viewed the account of a pedophile who distributed more than 1.6 thousand images of child abuse with the word “C P” and deleted the profile description and more than 500 photos related to child sex trafficking.

The website administrator is complicit in all this, this has been evident for a long time but this confirms it. Website administrators do not suspend pedophiles’ accounts even though they upload photos of sexual abuse of children

Another example of this is this user with more than 1.2k followers and who registered on February 13, 2021, this user was dedicated to the distribution of images of children’s modeling agencies of the dark web or “NN Models”.

The administrator saw this and, as on previous occasions, deleted the posts but did not suspend the sexual predator’s account. She registered more than 3 years ago and gained more than 1.2 thousand followers by distributing CSAM and “NN Models”

Looking at the records of the NCMEC (National Center for Missing and Exploited Children), we note that the website was mentioned twice in different public documents that publish a list of websites and hosting providers that at some point hosted CSAM.

Between 2021 and 2022, NCMEC submitted more than 80 requests to remove child sexual abuse material (CSAM) from the smutty. but unfortunately this figure is not even a quarter of what is distributed in a single day on this website.

In the last video a user named “adinteran” is mentioned, this user registered on February 27, 2024 and I recorded the video on February 28. In just 1 day the criminal had time to upload 1,647 images and videos of child pornography.

These 3 images in relation to child sex trafficking and child pornography studio were uploaded 3 hours ago (at the time I write this). If this is uploaded in just 3 hours, in 1 or 2 years there are well over 80 CSAM images.

The website has a monetization system so that users with many visits earn money. The owners of the website supposedly pay the users of the website, if this is so it would mean that the admins would finance these illegal activities.

The monetization system is connected to a domain named “notsmutty.com” that is currently suspended. A user named “Adamino” with an inactive, old account and 100k visits earned 0.01 a dollar.

A user with more than 1.6M visits and 1.2k followers on this website is dedicated to uploading child porn, revenge porn and “lolicon”. In each image he writes a link that redirects to a portal similar to Patreon.

The hashtags used by the pedophile are mostly #teen, #abused, #schoolgirl, #young and others. boosty’s profile his name is “Little Addiction” referring to children. He has 7 monthly subscribers who pay 7 dollars per month.

Another user named “Cumbi” has a profile picture of “Pedobear” next to a sign that says he is within 3 kilometers. The image of “pedobear” is used by pedophiles to refer to pedophiles. The photo means “pedophile at about 3km”.

The pedophile has 1.1 million views, 6,000 posts and 701 followers. The sexual predators at smutty do not hide or be discreet, there is a whole network of pedophiles here in the light of day.

This pedophile network is very large, it is hosted on smutty, these pedophiles usually have profile photos of children and victims of child exploitation, hundreds of followers and the admin of the website does not care about this.

Looking at the accounts that liked these posts and the accounts related to these accounts, we noticed that many of these accounts have a lot of followers and profile picture photos of children and victims of child exploitation.

As you can see in the collage of accounts, 4 of these accounts do not have any posts but 3 of them exceed 200 followers and 1 of them 80 followers. And you may ask, why is this? The reason is obvious and was mentioned above.

Many of these users with profile photos of children have 0 posts or few posts and many followers. As we mentioned before, this is the fingerprint of the admin deleting posts but not the accounts of sexual predators.

A 17-year-old user on reddit asked for help in combating illegal activities on the website and mentions that there are Child Sexual Abuse Material (CSAM) of 7-year-olds. The user mentions a pedophile named “Lolilove” in smutty

10 months after the user was exposed on reddit he is still active, with a photo of ALF and more than 300 followers, but as happened in other cases he has only 2 posts. Admins do this with users who get a lot of attention

The creator of smutty doesn’t care if someone distributes child sexual abuse material (CSAM) or engages in illegal activities or if a user is a pedophile, what matters to him is whether he gets in trouble because of a user.

Among the more than 300 followers of “Lolilover” there are already mentioned profiles and some new ones with photos of children or victims of child porn. one of these users uses a profile photo of a victim of child sex trafficking.

The user has more than 135 followers, 0 posts and a profile picture of a child exploitation victim no older than 5 years old who was forced by members of a pedophile ring to be in front of a camera to later be seen by pedophiles.

A victim of child sex trafficking forced by a pedophile ring to record child pornography and then the child pornography is sold on the dark web until it reaches a smutty user and is put as a profile picture.

Pedophiles feel free to commit crimes against children and even publish profile photos of children and victims of child sexual exploitation because they do not get any punishment for doing this, because the admins are complicit.

In smutty it is normal to see sexual predators with profile photos of children, many of these images belong to children’s modeling agencies on the dark web, which means that these children are victims of child sex trafficking

For example, this user named “tobiray” who has more than 200 followers and his profile photo is an extremely small girl who was also a victim of trafficking. The other photo is of a little girl too and the user has more than 270 followers.

Many accounts with profile photos of children have something in common and that is that they have 0 posts or very few posts and have hundreds of followers. As we saw with other profiles, this is the admin’s fingerprint.

Basically the admin sees the posts that attract the most attention and allows them for a few weeks until they are deleted. This happened enough times in a loop for both of these users to have more than 200 followers.

Another example of this are these 2 users who have more than 500 followers and their profile photo has 2 images of victims of child sex trafficking. one of these users uses the word “children” in their username created on January 25, 2020.

In that process, the admin sees the profile photos of these users and doesn’t care at all. We can see this in the previous videos, such as with the user “bobby396” who had a profile photo of a girl and the admin didn’t care.

What other pedophiles do is use the profile picture of minors who use social networks. These 2 users who almost have 1k followers have photos of minors and the first created the account in 2018 and the second in 2012. (yes, 2012)

a very popular hashtag is one that uses the word “JailBait” which is used by pedophile rings and sexual predators to refer to children under 16 years of age. The hashtag has more than 4k followers and more than 5k posts uploaded

To my surprise, many of the sexual predators have users where they add a photo of themselves. I found these profiles by analyzing the likes of illegal posts and the likes of hashtags used for the distribution of Child Pornography.

These people have horrible faces and the idea of ​​these people or pedophiles masturbating while watching victims of child exploitation and even victims of child sex trafficking makes me want to vomit. It’s definitely very repulsive.

In the terms of use section, it is mentioned that the website is operated by TechSoft Limited. a shell company on the seychelles islands in the sea of ​​africa. This island is known for being a tax haven and for the number of shell companies.

when I went to Archive Today to look at past versions of the terms, I realized that NCMEC (The National Center for Missing & Exploited Children) had sent a request to Archive Today to block access to the archives of smutty

This is the case with smutty and others many sites full of illegal content. switching gears, the long-time hosting provider of smutty was NForce. A company linked to child porn that was investigated by the Dutch authorities.

on March 6 and 7, 2023 I sent an abuse report to this hosting provider and in response they temporarily suspended service to smutty and the website could not be accessed and then a few days later the website reappeared

NForce sent the abuse reports to the smutty admin and ordered him to delete posts with child porn and pedo accounts. He did so and deleted the posts and months later he changed hosting provider and the pedophile profiles reappeared.

It is no coincidence that the smutty administrator has chosen NForce, NForce is mentioned in the documents of the OHCHR (United Nations Organization) as the third company in the world with the most child exploitation material in the world.

• office of the United Nations High Commissioner for Human Rights

NForce was long known as a bulletproof hosting that was used by pedophile rings to house child pornography and NForce allegedly looked the other way. For this reason, NForce was investigated by Dutch authorities.

on the website of the government of the Netherlands an article was published about bulletproof hosting companies and NForce is mentioned for its relationship with Child Sexual Abuse Material (CSAM)

The article also mentions that the Dutch government wanted to legislate a law to impose fines on hosting providers who look the other way regarding child porn.

Looking at the DNS history of the domain, we see that the website has been using NForce since April 14, 2016. This provider was providing service to smutty for almost 8 years, how much money did NForce make thanks to smutty?

Until a few months ago, NForce was still serving this website, but it moved to hosting provider Dataweb Global Group B.V., another hosting provider based in the Netherlands. Currently, child porn are hosted on the servers of this company.

Cloudflare sent me an email with contact information about the hosting provider. thanks to SecurityTrails we discovered the original IP address behind cloudflare thanks to a DNS leaks due to subdomains.

Dataweb Global is storing all of smutty’s illegal activities. currently this company is the one that provides infrastructure to Smutty and where child pornography, images of victims of child sex trafficking and images of children are stored.

Investigating the website’s administrators:

The domain smutty.com was created on January 26, 1999. exactly 25 years ago. the domain provider is EuroDNS, Many people believe that he was active for more than 25 years, but smutty actually started being active at the beginning of 2012

Going back to the current smutty owner’s research, in the post in gyf.com an email address named [email protected] is mentioned and how it was used by the admin in 2020 to respond to messages from email.

By analyzing the email address we can see in snusbase how there is a user in Taringa linked to this email. The user goes by the name “Troloyolo” and has the profile set as being located in Argentina (AR).

In the public data breach provided by snusbase we can see the password used in the Taringa account by cracking the password. On the other hand in smutty I found an account with the email alias of the smutty administrator

on the “Snake” account there are posts uploaded from 2012 to 2015, there are posts that are disturbing and reveal that the owner of the account has very shady fetishes related to sadomasochism.

The other posts published by “snake” are non-consensual pornography / revenge porn. Girls who are not porn actresses and have nothing to do with the porn industry were uploaded by “snake” on smutty

Snake also posted a video with his Vimeo account of the same name where he shows a tutorial on how to log in to smutty and how to upload content to the site

In the video, he logs in with another account with the email address “[email protected].” “Pazzi” is an Italian word where he could be the founder of smutty, (spoiler: yes, the founder of the website lives in Italy)

When the user “snake” is doing the tutorial to upload content, he goes to a place where many clearly underage teenagers are shown. The term #nonnude is famous among pedophiles as it refers to minors with clothes

This is very blatant. This image album was compiled from imgur.com of a section called “r/nonude” currently suspended by Imgur for being used by pedophiles.

So now we know that the current owner of smutty. in the past was involved in child sexualization and even recommended users to use a group of imgur.com currently suspended for being used by pedophiles.

Going back to the password collected from the user “Troloyolo” in Taringa, when we go to the login section on smutty and type “snake” and the access credentials of Taringa we find that they were the same access credentials.

This confirms that the password used by [email protected] in Taringa is exactly the same as the one used in the user “snake” in smutty But email is not the same, Snake’s email is [email protected]

The snake account is a privileged account and has some permissions such as the possibility to delete content uploaded by any user registered on smutty, for example we can try to delete post uploaded by a pedophile

This account has administrator privileges, when trying to delete a post it asks me if I really want to delete it but then nothing happens. Having control of this account asked me to log in even though I was logged in

This is probably because there is an admin panel and it is asking me to enter login credentials to access all admin permissions. The reason that the posts are not deleted is probably because I do not have the necessary permissions.

Now that we know the email address let’s investigate it, with the OSINT Industries tool we discovered that the Google account is called “S F”, the youtube channel calls itself “Sat_” and on skype it claims to live in italy.

The usernames used by the creator of smutty is “S F, Sat, Sathia, Sathio and Sathia Musso”. The profile picture on Google, YouTube and medium are in countryside or mountainous areas so it seems that he likes to be in nature.

He also has an account on Gravatar, Etsy, Github, Dropbox, AirBnB, Notion, and Fitbit. These accounts also use the same usernames mentioned above.

Thanks to the email checkers we noticed that he is registered on social networks, Uber, Apple and music and photo websites.

We can also see that it has more than 9 reviews on Google Maps, another account that gives us information about the creator of smutty is the Apple account that is linked to a phone number that ends in “85”.

we can note that the creator of smutty is an Apple user. In the video of the tutorial smutty he was using the Mac OS operating system and gmail is linked to Apple services. so “sathia” probably has an Apple phone.

Using the Domain Research Suite tool to view the WHOIS history database we can find that there is a domain named “howtobleep.com” linked to the Gmail email address. A lot of information can be found in the history of whois.

In the WHOIS information provided by the WHOIS history you see the phone number, email, location and first and last name. The domain is very old and has since ceased to provide service. all this provided by Sathia Musso.

Analyzing the number with OSINT Industries we found out that he has an account of Telegram, Whatsapp, Discord, Skype, Apple, Facebook, and others. The Apple account mentions “Snake’s” email address but is censored.

Sathia Musso is located in the town of San Mauro Torinese in Torino in Italy. Thanks to the information provided by Tutti Cap we can find the street where he lived in 2017. we find the coordinates of the location on Google Maps.

The phone number is linked to a WhatsApp account with a profile photo of a bicycle, this profile photo coincides with a profile photo from Instagram, Thrends and Bikeflip. Most of these accounts use the username “Sathia.Musso.”

on Instagram and Thrends he uses the nickname “sat” which are the first 3 characters of sathia. in an account with the same profile picture it is called sathia and he registered in the year 2023, it is a website that sells bikes.

The posts are about sales of 2 bikes and a bike wheel. The prices of the products range from 239 euros to 4,499 euros and as a fact again we see the location of Turin, Italy in relation to the Founder of smutty

At this point we already know that the founder of smutty likes to go out on a bike, has products related to bikes and is a person who likes to go out to natural places as you can see in the different profile photos of Sathia.

the phone number is linked to more than 9 domains in the WHOIS database. Sathia Musso is the owner of the domain “catly.com” and in the 2012 WHOIS records there is useful and new information about this case.

The WHOIS record mentions a new location and the name of a company called whatever SRL, a company registered in Italy, related to technology in Turin and owned by Sathia Musso. so now it has been proven that it is his real name.

whatever S.R.L was a company registered in Italy with headquarters in Turin, Torino. It is the closest thing to a company since there is not much information about this company. this company is no longer active.

According to the registration of the European Commission and European e-Justice portal, this company is no longer active and was liquidated, the registration number is “09964630017” and the EUID is ITRI.09964630017

the domain “catly.com” is a domain that is used to attract buyers for the domain, currently there are many projects called catly and for that reason Sathia bought the domain. The address [email protected] is mentioned on the website.

using the host.io tool we can see 2 domains that redirect to catly.com, one of those domains is called “yellowsnow.it”. in whois and the owner of the domain is Sathia Francesco Musso, the name is linked to the domain “sathia.it”.

Thanks to phonebook (Intelligence X) we find that the domain “sathia.it” is linked to an email address named “[email protected]” that is linked to social networking accounts and third -party services such as Apple or Google.

The Yellowsnow.it domain in the WHOIS records mentions the company “Yellow Snow S.R.L” in organization and searching the European Union records is a company registered in Italy and is no longer active.

The location of the company is in Piossasco, a city of Turin in Italy. According to the European E-Justice registration, the company registration number is “11107420017”, the EUID is “ITRI.11107420017” and it is a S.R.L.S.

going back to the email address, I will use the snusbase tool to view email-related data breaches. using snusbase I noticed that I had 2 Apollo accounts and a lot of useful information like a reference to smutty in one of the data breaches.

In an account the company is mentioned “Yellow Snow SRLS_1” together with the information of the account such as the country and telephone number. In the secondary account it is mentioned that Sathia’s company is “Smuty”.

The name “smuty” refers to smutty in Apollo.io records. Returning to data breach we can find this email address in Dezzer, Badoo and Zooks. Interestingly in Badoo he used the alias “sathio” as in Gravatar’s account.

The information of the account in Badoo seems doubtful, the name “Xxxx Yyyy” is strange and is not even a real name. In the information of date of birth it shows that the born in 1978-09-03. Now he would be 45 years and 5 months.

using snusbase again now we are going to make a reverse search for the password used by the creator of smutty for everything, the result of this is 3 email addresses that use the same password.

The email addresses are from Yahoo and Libero.it. These 2 email suppliers are used by sathia.Musso to create accounts on the Internet. In 2009, he created a Twitter account named “@porn_reviews” where he shared links to porn images.

with the email address [email protected], he registered 3 times on Badoo, in these 3 accounts, they look like disposable badoo accounts used by the founder of smutty for unknown and suspicious reasons.

None of the Badoo accounts used with the address of email [email protected] has a real information from the account owner. All are disposable accounts and with names invented as “Dead Beef” or “Carogno”.

The birth dates of 2 accounts coinside with the Badoo account registered with the Gmail supplier but there is an account named “Ssdddddd…” that has another date of birth never mentioned above. The date of birth is 1992-02-01.

These disposable accounts activities in Badoo are suspicious. It is not the first appointment app where Sathia this register since in addition to Badoo has 2 accounts in Zoosk. It is possible that the reasons for this are malicious.

going back to the archive.org records and the “howtobleep.com” domain, we found that the website was all about questions and answers about things related to sexuality and porn. Also the login is very similar to the current one in smutty.

The website was active from 2010 to 2012. Looking at the DNS history of the domain with SecurityTrails we find that the website hosting provider in those years was NFOrce Entertainment B.V as well as smutty

this is much more evident when looking at the DNS history of the “catly.com” domain. Not only does it deal with the same hosting provider, it also deals with 3 hosting providers used by smutty and also matches the IP addresses.

this means that these 2 were on the same servers, not only on 3 different hosting providers but they also used the same IP addresses on different hosting providers 2 times. which confirms that they were on the same server.

Looking at the DNS records of sathia musso’s “urrl.com” domain, it is also mentioned as the NForce hosting provider in the DNS history. Looking at the history of MX records across all 3 domains, we found that they sync a lot.

The MX history of these 3 domains shows us the different email providers used by these 3 domains. 7 years ago, all 3 domains were moved to Google Workspace. then “catly.com” and “urrl.com” moved to Cloudflare

smutty is the only one of these domains that is currently still using Google Workspace. The probable reason is that it is necessary for the admin to have an email provider to answer and receive emails related to smutty.

there are currently more than 4 active email addresses in Google Workspace, the email address used by the website administrator is “[email protected]”. By signing up for Google Workspace he has a Google account.

“Snake” (Sathia Musso) Google account is called “Snake Snake” and according to Castrickclues, the last time he accepted Google’s terms and conditions was on February 4, 2024. He is also linked to a Twitter account named @smutty_com

returning to the social networks of Sathia Musso, Founder of smutty and other websites, we find that she has a private account on Instagram. In February 2024, I could not access the account because it was private, which was bad news.

That’s why we came up with an operation with an instagram account owned by the OSINTGuardian team. We enter information in the account so that it accepts the follow-up request. And it worked 🙂

We had seen this face before in the accounts linked to Sathia Musso’s phone and gmail number. This is his life, he appears to have a normal life while on the internet he founded a website that until 2024 was flooded with child pornography

From the photos on Instagram of Sathia Francesco Musso we can know that she likes to travel to different parts of Italy and other countries in the European Union. She likes bikes and photos. In her normal life she has a group of 5 friends

The founder of smutty also has a girlfriend, as we showed before. He had a child with this woman in 2021. They seem like a happy couple and I don’t know if the girlfriend knows that he founded a website flooded with illegal pornography

Sathia Musso also likes to ride a motorcycle in different rural and mountainous areas of Italy, this activity is usually done with friends and sometimes with his girlfriend, which makes me wonder how he gets the money if he doesn’t upload photos at work

the most obvious answer is that Sathia Musso registered 2 technology and internet related companies to link these companies with domains/websites. So Sathia’s way of making money is by creating projects on the Internet.

From 2009 to 2024, the pedophile created many projects on the Internet, of which is a website founded in 2010 called “howtobleep.com” and ended in 2012. In 2012 he created “smutty” which is the reason for this investigation.

Since 2012, the website “smutty” is his the most famous website he created. He has been in charge of keeping the fact that he is the founder of smutty.com a secret, this is the reason why the website had WHOIS Privacy from day 0.

Sathia Musso knew that no one in his personal life was going to know about smutty, so that’s probably why he took free rein to post videos referencing pedophile content. I’m referring to content named “non-nude” or “NN”.

Pedophiles distribute images with “non-nude” titles referring to children under the age of 18, between 2009 and 2015 this became popular among pedophiles who distributed images of children in clothes. Basically child sexualization

In this case, the creator of smutty not only looked at this content, he promoted a currently suspended section of Imgur where children were sexualized to set an example in a tutorial on how to upload images to smutty

10 years later there is a pedophile network on the website with thousands of consumers of child pornography, this is not a surprise when a few months after the creation of the website he published that, now that we know the context.

This is not a surprise when 10 years earlier the creator of the website promoted child sexualization and recommended new users to upload pedophile content to the website. in short, corruption in every sense.

10 years later there is corruption of the administrators who only delete the posts of pedophiles who are very blatant but do not suspend the accounts of these pedophiles, regardless of whether they have profile pictures of children or not.

Going back to the account named “Snake”, the website administrator has private conversations with different users registered on smutty. In these messages we can see information that may be useful. Almost all chats are in this image.

According to a conversation between Sathia Musso and a user named “Johndoe”, the website in 2012 was in its beta state. This user appears to be one of the first users and was informed that “Snake” was the administrator of the website.

The other 2 conversations show us that different users were communicating with the website creator to fix bugs on the website and recommend new features. These 2 users have millions of views on the profile currently.

The moment I started reading all the private messages sent and received by “Snake” I realized that Snake had other accounts besides “Snake”. We assume that its creation mission was for website testing.

When I started to suspect this, the first thing I did was try to log in with the same password as “Snake” but with other email addresses previously mentioned in this research. The first account was related to the domain “sathia.it”

When I discovered this, I started analyzing the conversations, collected email addresses and possible usernames linked to the administrator and managed to find many accounts owned by Sathia Francesco Musso.

Doing this, I found more than 12 accounts owned by the creator of smutty. All accounts have the same login credentials and all accounts appear to be created in the same year but different months.

When I started reading conversations from different accounts, I noticed that the owner of smutty was sending messages to himself. In one message, he said “you are a bitch, aren’t you” and he replied “me???”…

I imagine that he never thought that anyone but him would see these conversations, in these conversations and others with other accounts the founder of smutty talks to himself, the conversations are strange.

Sathia Musso has used the account named “adamino” a lot and I found many more strange conversations where he talks to himself and insults himself.

Between the user “juve10” and “adamino” messages such as “fffffffffffffffuck me” were exchanged and he responds to himself. Also the same exchanged messages with the account “snake” and 2 other accounts owned by sathia

Thanks to the conversations of user “adamino” we realized that many users knew that “snake” and “adamino” were the account of the creator of smutty. The smutty admin used to use these accounts to moderate and upload photos.

moderation? Yes, but not illegal content related to children or revenge porn. It seems that a user complained that another user had an “offensive” photo and the admin sent a message to that user to remove their profile picture

On the account named “Adamino” the admin of the website uploaded different posts regarding non-consensual pornography, suspicious posts and other reprehensible sadomasochistic posts.

On that account, he felt untouchable enough to post hashtags like #teen and in another photo the hashtag #nonnude.” The term “nonnude”, as we saw above, is closely related to pedophilia and child sexualization.

as we pointed out, Sathia Musso is a mentally disturbed, perverted and pedophile who became so psychologically ill because of pornography that she founded a website where currently they only talk about CSAM and revenge porn.

The smutty admin used more than 6 accounts where he masturbated while watching content uploaded to smutty by other users. The public profile information shows the fetishes he was looking for.

among the fetishes that he liked and that appear recommended in his obscene account, some #shady ones can be observed, such as the fetish with hugs and the fetish with non-consensual porn of illegal “upskirt” activity.

When we did this research of the smutty creator fetishes, we discovered more accounts used by the admin. One of those accounts is called “pisj” with more than 295 followers, 1k posts and with the same description as “snake”

Seeing that this account had the same description as the main account of the founder of smutty I went to the login section to check if the login credentials of the other accounts were the same and yes, they were the same credentials.

The account was registered on May 19, 2016 with the email address [email protected] like some other Admin accounts, are linked to an email address with the domain of the website that the owner manages.

In this account we noticed that the owner of smutty uploaded photos with Hashtags such as #teen and follows this same Hashtags and among others such as #girlfriend, #selfie and #amateur and we began to notice something with this.

The founder of smutty likes non-consensual pornography. This was evident with the #upskirt but with the #girlfriend, #amateur and #selfie this is confirmed. Not to mention the photos of schoolgirls and the #teen related to pedophilia.

This account was widely used by the creator of smutty starting in 2016, in the likes section of the account we noticed all the posts of other users that the founder of smutty liked. Most of this content is nasty.

the images that owner used to like the most were those with hashtags such as #teen, #teenager, #schoolgirl , #cute, #young, #petite, #sluttyteen and #young. With this we notice that the founder of smutty is a pedophile who likes minors.

The creator of smutty is a clear pedophile who for years profited from child exploitation and revenge porn. He created different anonymous accounts on his own website to interact with pedophile users.

In the “like” section of the account there are many publications, one that attracts attention is that of a user who uses #nn (nonnude) hagstags and distributes a photo of a clearly minor girl. The website owner liked the photo.

The pedophile uploaded the photo 7 years ago and his account is still active, but the worst is not this. The worst thing is the pedophile’s account on smutty, the account is full of child pornography and images that sexualize children.

The pedophile named y*** uses hashtags such as “#jailbait, #lolipop, #teen, #nn” and among others where he distributes Child Sexual Abuse Material (CSAM). The pedophile’s account is still active to this day.

this account is still active in 2024 and sathia musso seems to know of her existence because she gave like to one of her posts where a teenager appeared … this makes me suspicious according to my opinion that there is complicity here …

Again, by seeing the interactions, followers and searching for coincidences I was able to obtain the login credentials and managed to access more than 10 new accounts created from 2013 to 2017 by the smutty administrator.

In total we have more than 20 confirmed accounts that are linked to the website builder. Most of these accounts appear to be anonymous accounts with no information, likes or photos and in most cases the email address is made up.

Logging into the “drhouse” account created on April 25, 2016 we noticed that the Gmail address linked to the account is not verified. Sathia creates many disposable accounts, the reason for the creation of these accounts is unknown.

In the private message chat history of the “pisj” account we noticed how the smutty admin wrote to a user saying that he is the admin of smutty

In addition to this there are other conversations that were mostly ignored by the admin of smutty , in addition to this he sent a message to himself from the “snap” account mentioned in the account map above.

going back to Sathia Francesco Musso’s personal email address, using the tool called IntelBase where we can collect new information such as the Github account or the Nation account of the smutty administrator

In the Notion account we can notice that the name is “S F” which is the acronym for “Sathia Francesco”, these acronyms were first seen in the first and last name of the Google account linked to the smutty account named “snake”.

On the GitHub account of the Smutty owner we noticed that the username is “Sathio” and the name is “Sathia“. On the account he has many replicated repositories of developers, he gave more than 13 likes to other repositories.

In the repositories replicated by Sathia there are mostly repositories related to web development, the penultimate repository is a repository for the creation of a Telegram bot, this coincide with a bot of smutty

The first activity of the GitHub account was in the year 2012 and the last activity was in the year 2023. The replica of the repository on a Telegram bot was replicated in the Sathia account in the year 2022. So this is something recent.

In the latest repositories the Javascript programming language and the jQuery library are mentioned a lot, with the URLScan tool we discovered that smutty is made precisely with javascript and the jQuery library.

In addition to this, he has other repositories in PHP and Python. One in particular is a repository cloned/replicated from another repository that is the source code of an ads analysis and promotion system for websites.

Using this same tool we noticed that the email address “[email protected]” is linked to a GitHub account named carogno. the same name he used on Badoo with the email address “[email protected]”

Thanks to the IntelBase tool, we can collect different OSINT information in relation to the [email protected] email address and [email protected]. sathia has an account on YouPorn and Pornhub named violetto1 and ante43.

The Pornhub account information shows that the account owner is in Italy, the account was created 4 years ago, and the account owner logged in on their phone to watch porn videos on Porhub. The last video seen by him was in 2021.

In this investigation I collected many addresses and places where different fingerprints of the owner of the smutty were located. Most of the locations are in Italy. The reason this is because he is a resident of this country.

These locations were collected by Instagram posts, reviews on Google Maps, and addresses registered in WHOIS on the domains of the creator of smutty. the icons of these 3 different ways of collecting locations are here:

• Green icon with a camera image: Instagram
• Blue icon with a white rendondel: WHOIS records
• purple icon with the image of a white flag: Google Maps

the founder of smutty is a resident of Turin, Piedmont, Italy. He is mostly in Torino and according to my research I am 90% sure that he currently lives in Torino and his home is there. This is thanks to Instagram, Google Maps and WHOIS.

The first locations we are going to see are the 2 companies registered in the name of Sathia Francesco Musso. The 2 shell companies were linked to the WHOIS records of all the domains of the owner of smutty

It is highly likely that these companies were used to send the money earned by these websites to these companies. These 2 companies are located in Piedmont, Italy and were owned by the founder of smutty

To register a company, a address must be added, these locations must be the legal property of the person who registered and in many other cases it may be the location of the organization that helped register the company.

On many occasions owners of shell companies use their home or their previous homes as a legal location for the company, if this is the case it is very likely that these companies are related to physical properties of Sathia Francesco Musso.

in the nearby locations and in the same area where the company “whatever S.R.L” is located sathia wrote a review on Google Maps and he published many posts on instagram in the same area where the company location is registered.

on Google Maps, the creator of smutty wrote a review 6 months ago since I wrote this where he adds 5 strangers to a financial advisor named “Fiscella Vincenzo”. It seems like all over the block there are law firms and lawyers.

these companies are at the same address as Whatever S.R.L, it is very likely that Sathia Musso has registered the company thanks to these people. In addition to this, Sathia Musso has had a lot of activity in that area from 2016 to 2023.

This can be the house of the founder of smutty and at the same time not, it can be the house of a friend, family member or a place where they provide some kind of service at night and he went to the balcony to take a picture.

Near these 3 locations there are 3 other locations where the owner of smutty was according to the fingerprints provided by his Instagram account. The timelines of these images are from 2016 to 2019.

The first image we notice is Sathia Francesco Musso visiting the “Regio” theater in Turin in 2016 to go to Paolo Conte’s concert. The concert was on December 12, 2016 and he uploaded the photo to Instagram a day later.

In another image uploaded to Instagram on February 19, 2019, it is located just 1 block from the Regio theater. The location of the photo is in Plaza Castello right next to Plaza Madama. He was here on this date.

This makes us note that the owner of smutty lives in this area, he passes through this area of ​​Turin very often without mentioning that the company Whatever S.R.L linked to the websites domains is registered there.

In the last Instagram image captured in this area of ​​3 locations we notice that on August 27, 2016 sathia uploaded to Instagram a photo located in the Plaza Club Alberto in Turin, these 3 locations are really close to each other.

15 blocks down there are 4 more locations. These locations were collected thanks to the fingerprints of the pedophile Google account (Google ID) and thanks to this we found the Google Maps reviews.

Near these locations on Google Maps, the creator of smutty was with his son in a square on a bicycle and after this he uploaded the photo to his Instagram. this on February 2, 2022.

In the Google Maps reviews the creator of the website wrote 3 reviews on Francesconi Planet Car Service, DAM Hairdressers Domenico Anna Martina and Pasticceria Uva. All of these locations are quite close to each other.

In the WHOIS records of Sathia Francesco Musso domains there are 3 addresses in different parts of Italy very close to Turin. The first 2 addresses are for the domains linked to Yellow Snow S.R.L and whatever S.R.L.

The only different address that is not linked to these 2 shell companies in the WHOIS records are the records of the domain “howtobleep.com” whose address is in Settimo Torinse, right next to Turin. these are all locations written in WHOIS

Among the cities most visited by the creator of smutty are Naples, Turin, Roccaraso, Rivisondoli, Pescocostanzo, L’Aquila, Genova, Rovigo and other cities in Italy. The one where he has been the most is in Turin.

Sathia Francesco Musso, when she is out of Turin, is usually because she goes out in a motorcycle and other types of vehicles to go and play races in countryside. He has been doing these activities since 2016.

on the Extreme Enduro Lika website Sathia Musso’s name is mentioned in 2 public domain databases along with other information such as the country where she resides, description of the bike and the name of the team.

• Source: Clasification Extrem enduro lika 2018 , Expert Class

In addition to these locations, he was in Cyprus on several occasions. In this case we will see 2 images uploaded to Instagram although there are a few more regarding Cyprus. Now let’s analyze the 2 photos.

The first image shows Sathia Musso in a vehicle on the street, the second image is the creator of smutty dressed as a priest in what looks like a place where many people dressed up as cosplay.

cyprus is far from Italy and he has been to cyprus at least 2 times in different years, in addition to this in a picture mentioned above you see Sathia Francesco Musso on a motorcycle doing the frequent enduro activity.

In another Instagram image uploaded on August 12, 2019 with the location in Blue Cave Croatia. In this image is visible the exact location of the place where Sathia Francesco Musso captured the photo.

as mentioned before, the place where he has frequented the most is Turin, Italy, as you can see in this video whatever S.R.L and the photo on instagram about the building in Turin are really close. He frequents this area a lot.

In the next video we’ll look at this on a large scale. there are more than 9 fingerprints related to the creator’s geographical location of smutty in a small area in Turin. There are 5 Instagram photos uploaded in this same location.

In addition to the Instagram images there are 3 digital footprints related to publications in the form of reviews on Google Maps and the other geographical point is the location of the whatever S.R.L

Now that we have analyzed the digital footprints regarding the locations where the creator of smutty has been, we are going to analyze the videos uploaded to the Instagram account of Sathia Francesco Musso.

We can analyze all the videos, locations, and everything related to Sathia Musso’s public fingerprints but I prefer to leave this here. All other images and locations will be available for public access here:

• Map of Locations: OpenStreetMap

The creator of smutty was in many industries besides pornography, he has tried to make money with many short-lived businesses on the Internet. One of the industries that Sathia Musso wanted to join is in the video game industry

Thanks to the records of the Wayback Machine we noticed that a profile on the play store called Sathia Musso in Italy had uploaded a video game called “Rob da pazzi”. This was a trivia game aimed at all ages and with slightly childish designs.

The app was released on November 19, 2014 and has between 500 and 1k installs. The developer’s email address is [email protected]. exactly the personal email of the creator of smutty.

the app developer’s website is “tiasmo.yellowsnow.it”, the same domain owned by the creator of smutty that we have previously seen in WHOIS. This domain was used by Yellow Snow S.R.L. so this app was linked to this company

This application appears on different websites for downloads of applications aimed at children, teenagers and young people. So the creator of smutty was related to the video game industry aimed at children.

• source: 9APPS , APKPURE , APKFREE

Sathia Musso started the project in 2014 and finished it in 2016. This was the second most popular project between 2014 and 2016 besides smutty.

It is shady how the same person who created a website that profits from child sexual exploitation and child sex trafficking has at the same time created a project aimed at children and adolescents in the form of a video game.

Between 2006 and 2008 there are records of different discussions created in Google Groups where the creator of smutty interacted with other Internet users. In these discussions, he used the email address [email protected]

In these groups he chatted about software and computer science with other users who lived in different parts of Italy. In these groups he mentions the nickname “sat_” which was mentioned on Sathia’s social media accounts.

Here are the threads of the chats in Google Groups:

• statistiche in alternativa a google analitycs
• MySQL – nuovamente lentissimo
• Reduce di DBIII
• Liquid Fire

Sathia Musso didn’t just talk about software and programming on websites other than Google Groups. On the official PHP website, he asked for help on the PHP programming language. The posts are linked to [email protected].

Here are the threads of the chats in PHP Forum:

• stats on failed queries
• doesn’t install neither on os x or linux

Where Sathia Francesco Musso has spoken the most is in a forum about software, servers and the Linux operating system. The creator of smutty has been posting since 2005. Here you can see a screenshot of the forum.

Here are the threads of the chats in Narkive Archive Forum:

• aggiungere utente samba senza aggiungere utente di sistema
• Apache errore 403 con link simbolici cross/device
• numero massimo file per directory
• Problema framebuffer kernel-2.6
• DNS di Register.it down?
• man man [mandostai?]
• cronjob che non parte
• problemi con wget
• raid hardware
• ntpdate

With the Pentester tool we could notice that the 2 email addresses of the creator of smutty are in lists of data breachs in relation to forums and groups about programming. In these data breaches, the website is linux.sys mentioned.

The Pentester tool reveals that behind the usernames “Sathia Musso” and “Sathia Francesco Musso” these 2 email addresses were used in the threads that are currently archived on the Narkive Archive Forum

TechSoft Limited:

In the first part of the article I mentioned that in the terms of use of smuty the company “TechSoft Limited” was mentioned along with the company address. In this part of the article we will investigate this and its relationship with Sathia.

The location of the company provided by the terms of use of smutty mentions that it is located in the Seychells. When we go to the address in Google Earth we notice that it is in the middle of a park. a shell company with all the letters

• source: Techsoft Limited – House of Francis, De Quincy, Seychelles

The company even though it claims to be in this location in the Seychelles islands, when you go looking up the name of this company in the company registers of the government of the Seychells islands there is no record.

As this is a shell company, there are almost no records of this company but I found a mention on another website to the same data of this company. The website goes by the name pornxs.com and claims to be created in the year 2009

this website has the exact same terms of use and DMCA section as smutty. even the same email address and designated attorney for DMCA issues is mentioned. so this website are from the same administrators

the assigned attorney for DMCA issues is Corey D. Silverstein. an attorney from Silverstein Legal which is a lawyer service that offers services to people in the industry. are located in the United States.

• source: DMCA , contact , Team Member

According to the Wayback Machine records from June 2015 this website had a different design and in the “sites of our Network” section different websites appear including smutty.com, fantasti.cc, pornxs.com and imagearn.com

this confirms that these 2 websites are connected and behind everything is TechSoft Limited, in addition to this we found out that there are 2 websites that were created by the administrators of smutty.

currently the only websites that are still active are pornxs and smutty, the website and forum fantasti.cc currently redirects to pornxs. The website is smutty repeatedly mentioned by forum members

To no one’s surprise, the fantastic.cc forum suspiciously seems to have the same problem that smutty currently has, I mean the distribution by users of Child Sexual Abuse Material (CSAM) and child sexualization

on November 2, 2014, a user posted on the website asking administrators why photos of children were allowed on Fantastic.cc and in the post complained that administrators do not seem to fight pedophile forum members

The forum member states that it seems as if the forum’s terms of service no longer matter to the administrators and complains that even though there are moderators they are not properly supported by the forum owner

the assigned attorney is the same as the current assigned attorney for the DMCA and the assigned directory for the DMCA page is “DMCA_noticie.php” is the exact same address as in smutty

When the forum existed there were a lot of people complaining about child pornography and accusing the administrators of not doing much to combat it, a lot of people like user “jiffler” accusing that the owner does nothing about it

Strangely enough, there are many discussions about child pornography, children and minors. For example, in a thread in 2011 they were discussing child pornography laws on a forum meant for adult content…

For example, in the 2011 thread users talked about children, the age of consent, and other disgusting things. For example, one user calls minors “jailbait” and another said he had the opportunity to have sex with a 10-year-old

on the other website named “Imagearn” there was also the exact same problem. Pedophiles uploaded child pornography and sexualized children and the website’s admins looked the other way as happened in smutty

In addition to illegal content related to child exploitation, there was also a lot of non-consensual pornography and revenge. smutty admins profited from illegal content even before creating the monster that is Smutty today.

using the Wayback Machine I was able to go to the records of the website in September 2011 and also found pedophiles posting illegal content. child sexualization and child pornography in Imagearn was “commonplace”

The most popular users of the website were called “hotgirlsXXX” and “YoungerTeensNL”. These 2 users were dedicated to distributing illegal content and the statistics of these pedophiles show that they were popular profiles.

The user “hotgirlsnxx” has more than 6M views and uploaded more than 63k images. The other user has more than 600k views and more than 23k images uploaded. This reminds me of the prize pedophile users of smutty.

This could be considered a “beta” of what smutty is today. a place flooded with pedophiles where Child Sexual Abuse Material (CSAM) is blatantly distributed while admins are complicit in this while looking the other way at illegal content.

Using the phonebook tool again we noticed that the domain “fantasti.cc” has a history of email addresses used by its administrators. Just as it is on the smutty and catly.com domain, there is an email called “[email protected]” here.

using the snusbase tool we found different accounts in public data breaches, he has an account on Badoo, Animoto, Apollo IO and Twitter. The first thing we noticed is that we found 2 passwords that match Sathia Musso’s password

The username of the Twitter account is @fantasti_snake and was created on September 15, 2011, in addition to this he has another account on Badoo with false information linked to the email of the domain fantasti.cc

As in other accounts linked to Sathia Musso, he has an account on apollo io with the nickname “Snake” and phone number, this phone number is consistent with Sathia Musso’s phone number. With this we confirm that it is him.

It is not surprising that when following the trail of Techsoft Limited we find again Sathia Francesco Musso, the registry in the past of more than 2 companies in Italy linked to the Internet and their domains

As we saw earlier, the smutty admin has been creating disposable accounts since 2012 in smutty with different email addresses. Using the email address of the domain fantasti.cc we found an account named “zero” created in 2012

The account named “Zero” follows 2 other users who are also accounts owned by him, one named “Undefined” which was mentioned earlier in a screenshot in a list of accounts owned by Sathia Francesco Musso

the other account is called “null” created on June 3, 2012 it is also owned by the creator of smutty and uses the email address “[email protected]” which is linked to Badoo again and verifications io

Again we find another account of the creator of smutty on Badoo, the pervert was dedicated to creating many accounts on Badoo with false information for probably nefarious reasons.

The creator of smutty created other email addresses on the same domain. Another of the addresses that he has used is “[email protected]”, he has an account on Trello with the name “Max Paccagnella” and is in 2 data breaches.

Investigating the other email addresses we found that the email address [email protected] that when we looked it up on Intelbase and Snusbase we found a lot of useful fingerprints such as that he has a Trello account

In addition to this, this email address has a lot of data breaches where it is mentioned, such as on Twitter, TNAFLIX , apollo io, Tumbrl, and adobe. A lot of useful information is mentioned in these data breaches.

the password used by “Felipe” is different from Sathia’s, but in the Apollo io account it seems that the number linked to the account is exactly the same as the one used by Sathia, but the username is “Felipe Fantasti.cc”

When searching for the first and last name used to search for matches with other fingerprints, we noticed that there is a Hotmail email address that when looking for information we noticed that it uses the same password.

Using the first and last name search in snusbase we found another email address named “[email protected]” that has data breachs and the passwords used match the passwords used by “[email protected]”

In the Twitter accounts owned by Felipe we can see that one account never had activity and another registered with the domain of fantastic.cc did have a lot of activity, in this account he was dedicated to sharing links to posts and threads.

The first Twitter account uses the username @felipesacher and the account that has some activity is called @felipe_sacher. In the last account he shares links to topics related to technology and porn, many of the links belong to the forum GFY

He follows a user named @naheev who made a post on Twitter in Italian language, I saw this and used snusbase to see the email address behind the account and the email is “[email protected]”.

What we noticed with these 2 accounts is that the owners of the 2 accounts live in Italy, using Snusbase’s reverse password lookup we found another email named “[email protected]”. Torino is the city where Sathia Musso lives.

All of these people are located in the same country and are linked to the fantasti.cc admin. It is likely that the administrators of the porn website meet in person and that’s why Sathia gave him the confidence to give admin.

Using Domain Research Suite we found that the name and surname of the domain owner is “Maximiliano Paccagnela” and that he has many email addresses in the same domain. A very striking address is “[email protected]” and “[email protected]”

He uses the address [email protected] with the acronym of the initial of the name. “M” stands for “Maximilian”, the one with the email address “[email protected]” in PeopleDataLabs used the name “Max Paccagnela”

with phonebook we discovered that these 3 domains have the email address “m@” which refers to “Max Paccagnela”. Thanks to OSINT Industries we discovered different accounts linked to these email addresses.

on the account on Foursquare he provided different information from him, among the information provided he claims to be from Torino, Italy just like the creator of smutty. He on Google and Foursquare uses the name “Primo Secundo”.

• information exported from [email protected] in PDF document

The “[email protected]” email address is linked to many other domains such as “pvorn.org” which refers to “porn.org”. he register many domains that reference popular websites. He buys the domains to sell them at a higher price.

Using the Domain Research Suite tool I obtained the whois history information of some domains. this person also has a company just like Sathia Francesco Musso and is in the exact same location as Whatever S.R.L in Turin

Among the more than 100 domains purchased are domains referencing porn websites, domain referencing Tor Browser and domains referencing social networks. This is similar to what Sathia Musso does with “catly.com”

Maximiliano Paccagnela and Sathia Francesco Musso definitely know each other personally, the 2 of them managed fantasti.cc and smutty and now we find out that Maximiliano has an company at the same address as Whatever S.R.L.

Thanks to the WHOIS history records, we can find out the phone number linked to Maximiliano Paccagnela. using OSINT industries we can see that he is linked to a Facebook account named “Get Mind”.

on the Facebook account, he shared links to gaming and programming websites. The account was active from 2010 to 2012. In addition to Facebook he is registered on instagram and whatsapp

with a reverse lookup with the password used by him and the IP address he used in cryptocurrency forums I found a new email called [email protected] which matches the IP address and passwords.

the email address is mentioned in the BitcoinTalk, Netlg, Twitter, and artsy data breach. information such as IP addresses used, usernames, and passwords are displayed in these data breaches.

In 2010 he registered on Twitter posing as a 16-year-old girl who was a youtuber between 2009 and 2010. This was 2 years before the creation of smutty and 2 years after the creation of fantasti.cc.

The account has 400 followers and all these people follow the account because they think it’s a 16-year-old YouTuber girl, the smutty and fantasti.cc admin shares website links and lies saying it’s a 16-year-old girl with tweets.

Looking at the whole context, it is very murky that the admin of a website where there is a pedophile ring, illegal pornography is distributed and children are sexualized has a Twitter account pretending to be a 16-year-old girl

This person like Sathia Musso he created different disposable accounts on Badoo with fake names. This person is just as shady as the creator of smutty

using OSINT industries we got information from Google account, Youtube channel, Github account and Easty. the name of the Google account is “GIF VR” and it has a profile picture of a cat wearing glasses

He is also registered on Medium under the name “Marmos.eth”, on AirBnB he uses his real name and not a fake internet nickname. AirBnB’s name is called “Maximiliano” and the account was created in the year 2015.

He is also registered with FitBit under the name “Black M.” In the accounts we have seen with this email address he mostly used fake nicknames and names

• information exported in PDF document

Looking at the results of the email checkers we noticed that he is registered in cryptocurrency wallets such as Binance or HTX, he is also registered with Apple and Samsung so it is likely that he has an Apple and Samsung device.

Most of the websites where he is registered are social networks such as Pinterest, Twitter, Spotify and SoundCloud. he also has an account in PayPal, Adobe, MyFitnessPal, Evato and Kamot.

the videos uploaded to the Youtube channel called GIF VR are videos in video games based on virtual reality. The first videos were uploaded 10 years ago in 2013 and the last videos were uploaded in 2020

going back to the other fantasti.cc administrator who calls himself “Felipe” we are going to investigate this administrator again using different OSINT tools

We had previously used snusbase to investigate accounts affected in data breaches linked to the [email protected] email address. now let’s investigate it with OSINT Industries and see the information provided.

The Youtube channel is called “Joe Scudato” and has uploaded 1 video about a video game in virtual reality on September 2016. it is the same type of content that Maximiliano Paccagnela uploaded in the channel called “GIF VR”.

When searching for the username “joescaduto” on snusbase, we discovered that emil [email protected]’s address used these 2 usernames in Last FM and Nexus Mods. With this we discover a new email address in the domain “ctrl.it”

With this we know that Maximilian gave access to an email address in the domain “ctrl.it” to “Felipe”. The passwords used for the accounts match other passwords used by the same person at other email addresses.

using OSINT industries to look up email address information [email protected] we found a lot of accounts and a lot of new information about “Felipe”, such as that his real name is “Filippo” and his real last name is “Moncelli”

He has an account on Google, Poshmark, Skype, Foursquare and among others. on Skype and Forsquare it is mentioned that he is in Torino (Turin), Italy. So it seems that the 3 administrators live in the same city and in the same country.

He is also registered with Apple and we now know that his phone number ends in “73”, he also has a Microsoft account with a photo on a motorcycle and a Dropbox account with the name “Complete Ctrl”

He is registered on the imageshack website under the username Felipe22. thanks to the email checkers we know that she has an account on Instagram, Pinterest, Freelancer and Ubisoft (online video game company)

Now that we know the name, what I did was look up the first and last name of the administrator and found 2 accounts with 2 different email addresses. the first account belonged to “[email protected]” and was registered with PeopleDataLabs.

the other account was found in the Ladger data breach, the email address linked to this account is [email protected]. The amazing thing about this account is that it provides address of where he resides and phone number.

The phone number linked to this account is +3802548573, the final numbers of the phone number are “73” which are consistent with the Apple account linked to the email address [email protected]

The address provided by Ledger is Corso de Nicola 52, 10129 Torino TO in Italy. When looking up the address on Google Earth we found that the location is in a group of apartments in the city of Torino.

the gmail address linked to Ladger’s account has a lot of fingerprints. When analyzing it with OSINT INDUSTRIES we noticed that Gmail is linked to the same Skype account as the one mentioned above with [email protected]

The accounts found linked to the gmail are from AirBnB, Medium, DropBox, Flickr, Trello and among others. This is the personal Gmail account of this fantasti.cc admin. “Felipe’s” real name is Filippo Moncelli.

After this investigation we can come to the conclusion that the administrator “Felipe” of fantasti.cc lives in the same city as Sathia Musso and Maximilian and these 3 people are very close to each other.

Using the same OSINT methods that I used to list Sathia Francesco Musso-owned users in the past, I’m going to use the same technique here but with the admin nicknamed “Felipe” in fantasti.cc

These 4 accounts used the same login credentials in relation to the password. In the 4 accounts he used different nicknames but the one that catches my attention the most is “joesmutty” which refers to the name “Joe Scaduto”.

Fellippo Moncelli and Max Paccagnello have been friends for many years, in 2005 they were mentioned in an article on domuswebIT where the names of the 2 administrators of fantastic.cc were mentioned.

The article also mentioned a website called “glocalmap.to” that recreated a virtual map of Turin, the map was created with contributions and location information provided by citizens of Turin, Italy.

When searching for the names of these 2 people, in addition to mentions to Glocalmap, there is also a site related to virtual reality video games called VRUG.

the creator of the game studio is Filippo Moncelli and he has the job of programming and designing the game, the other member of VRUG is the graphic designer of the game and his name is Max Paccagnella.

The date of creation of VRUG and the video game programming activities are very close to the first video game created by Sathia Francesco Musso uploaded to the Play Store in 2014 called “Rob da pazzi”

on the VRUG website there is a Youtube video uploaded by Max Paccagnella’s youtube channel called “GIF VR” mentioned above

In addition to these results, a search on Google for the name of Filippo Moncelli brings up a search website for companies in Italy. the page mentions a company called “AMALTHEA SOCIETA A RESPONSABILITA LIMITATA SEMPLIFICATA“.

The company is located in Turin, Italy at the same address as Whatever S.R.L (Sathia Franceso Musso) and Office of unspecified services S.R.L (Maximiliano Paccagnella). 2 shell companies mentioned above.

The email address linked to the company is “[email protected]” and the company was registered on April 11, 2014.

In 2016 the company earned more than €16,160, in 2018 it also earned €16,500. Starting in 2019, he started losing money and only earned 292 euros. As of 2020, it did not generate any income and the company ceased to be active.

After this investigation of the 3 administrators we came to the conclusion that these 3 people know each other and live very close to each other. These people are also directly linked to the administration of fantasti.cc and smutty

This becomes a bit more apparent when all 3 admins have companies in exactly the same address, city, and country. All 3 companies are currently in liquidation.

Now that we know this information we can affirm that these 3 people were involved in the admins of the forum and Max and Sathia in the former admins of smutty. although there is still no clear connection with TechSoft Limited.

Using the tool host.io with the domain “pornxs.com” we noticed that there are currently 2 domains that redirect to the domain, we already knew fantastic.cc but not fantastic.mobi. That domain was for the mobile version of the fantastic.cc

Using the Wayback Machine we look at the old version of the website and notice that the background image of the website is exactly the same as “howtobleep.com” in the login and register section.

We know a lot of information about these 3 individuals but we don’t know much about TechSoft Limtied besides the fact that they officially run smutty and some other porn websites. Here is a concept map of this:

Now we know that these 3 individuals are related to TechSoft Limited but I do not believe that they are the owners of TechSoft, it is likely that they have sold the websites to this company but this is a topic that I will explain later.

Many businesses, such as crypto banks, factories, financial firms, and companies that sell products online, are also located at the same address as TechSoft Limited. This reveals that many companies use the same location.

Shell companies use “virtual addresses” or “shell addresses” where many other shell companies are registered. This topic will be explained in detail later, now I will explain the sale of smutty and fantasti.cc

sale and transfer of admin of smutty and fantasti.cc

When I started investigating smutty I started asking some questions to some trusted contacts who might know something about this and a trusted contact notified me that smutty had been sold some time ago.

I asked for more information about this and sources but the sale of smutty seems to have been quite confidential and without official notice of a change of admin on the websites that were owned by Sathia Francesco Musso

This is not known when it happened for obvious reasons, but I assume that Sathia continued managing smutty until at least 2020. According to Sathia’s fingerprints using the nickname “snake” and “adamino” in smutty.

The last interaction on smutty was in 2020 with the account “adamino” which is owned by Sathia Musso. Also the user “Diomed” on GFY stated that he had interactions with “snake” between January and March 2020.

Using osint industries I was able to know that the last time Sathia Musso accepted Google’s terms of service was on February 4, 2024 and the github account named “carogno” was created on November 26, 2019.

According to these Google account fingerprints, he or someone else was active in their Google account linked to that email address. This is strange if we assume that Sathia would no longer have control of smutty

The last post on Twitter was on July 27, 2017, the password is the same as the one used in Sathia Musso’s personal accounts but the account has stopped being active since 2017. It is strange that the password has not been changed

Probably the reason Sathia seems to have a lot of money and doesn’t work is because of what she made from the sale, maybe that’s the reason she has a lot of time to travel. For example, he was recently playing motorcycle races.

It also makes sense that he sold the 2 websites since he found out in 2020 that he was going to be a father and perhaps he wanted to leave his dark past behind on the internet to have a family. This makes a lot of sense.

and if he is not the current owner of smutty , who is? Is he one of Sathia Musso’s other friends? was sold to TechSoft Limited? The first thing we will analyze are the old versions of fantasti.cc to obtain information with OSINT.

In the old terms of fantastic.cc you can notice that there is no company behind it nor a lawyer, the website for DMCA reports used the email address [email protected] and other reports [email protected]

The acronym “SRL” reminds us of the S.R.L companies owned by Sathia Musso and the other admins. 2 years later the terms were updated and the shell company “Okeanus Finance Limited” is now mentioned.

this company is located in the British Virgin Islands, a well-known tax haven. Here we already notice something in common with TechSoft Limited, in addition to the fact that these terms are very similar to the current ones on smutty and pornsx

The designated attorney on the website and email address were also changed. The attorney was previously Lawrence G. Walters and when the terms were changed, the attorney became Corey D. Silverstein.

Probably between 2014 and 2016 Sathia Francesco Musso sold the fantasti.cc and smutty, the most likely way is that he remained the administrator of the 2 websites but not the owner of these websites.

Sathia 2016 sent a message to a user stating that he was the owner of smutty, the changes to the terms were in 2015 and in 2016 he was still managing the websites. Everything remained like this at least until 2020.

But if the two websites changed ownership, why did Sathia Musso still have control of the site? One theory may be that after purchasing it they want him to continue managing it while they kept all the profits from the websites.

Now we are going to investigate these people who bought the website from Sathia Francesco Musso, basically the current administrators of the website and others responsible for pedophilia, child abuse and child pornography

Okeanus Finance Limited:

currently smutty is operated by people who are involved with tax havens, websites with illegal activities, shell companies and many other things that we are going to analyze in this section of the investigation.

In a document dated May 24, 2016 it is mentioned that Okeanus Finance Limited and this company owns fantati.cc, smutty and notsmutty.com. the shell company’s management in the British Virgin Islands is also included.

This shell company not only acquired these 3 websites, in this same investigation I mentioned the website “pornxs” and “imagearn” and how this last website was used by pedophiles to distribute CSAM just like smutty

This document was probably written by the appointed lawyer after the purchase of these 3 websites which were operated by Sathia Francesco Musso until the purchase of these 3 sites by Okeanus Finance Limited.

The reason why these 4 websites were mentioned in the “sites in our network” section is because they were owned by this company. The “pornxs” website currently claims to be operated by TechSoft Limited.

Until a few years ago in the DMCA section of pornsx the company “Ristorian Limited” was mentioned just below the information of the designated attorney.

The owners of these companies have used different names to carry out the same financial and ownership activities. by the company “Ristorian Limited” is located at the same address as the previous company.

The address of the company is in the British Virgin Islands in the city of Road Towns at the same address as the previous company, same lawyer and the domains acquired are “pornxs.com” and “imagearn.com”

When going to the records of the old versions of imagearn in wayback machine there is also a section of “sites in our network” and there are 4 new websites mentioned that we did not know were owned by them until we saw this.

The websites are spankwire, Mofosex, ExtremeTube and Keezmovies. According to this section these websites were owned by these shell companies based in the British Virgin Islands. Now we will investigate this more deeply.

The websites no longer exist and redirect to YouPorn but when going to the wayback machine to the terms and conditions section it is mentioned that the owner of all these websites is Glorious Holdings Investment Ltd

Glorious Holdings Investment Ltd is another company registered in the British Virgin Islands that uses exactly the same lawyer as the other 2 companies and uses exactly the same location as the other 2 companies.

In the document the email address “[email protected]” is mentioned where the website of the shell company owned by these websites is mentioned.

The website has not been updated since 2021 and it seems that it has different sections such as “services”, “development”, “traffic”, “SEO” and “contact us”

The website mentions that the shell company is dedicated to offering services to companies and website owners. In addition, they are dedicated to creating software and traffic trading.

In the contacts section a contact email address is mentioned and the same address mentioned in the other 3 legal documents of the 3 shell companies registered in the British Virgin Islands.

The address of these 3 shell companies registered in the British Virgin Islands is “Quijano Chambers, P.O. Box 3159, Road Town,Tortola, British Virgin Islands”. Okeanus Finance Limited, Ristorian Limited and Glorious Holdings Investment.

when searching for the address on Google, the first results are from other shell companies registered in the same place. These 2 companies are mentioned in the Panama Papers and Paraidas Pepers.

using the Offshore Leaks Database search tool provided by ICIJ (International Consortium of Investigative Journalists) discovered many other shell companies linked to the same location.

All of these shell companies come from leaked documents from the Panama Papers, the Paradaise Papers and the Pandora Papers. Many shell companies use “virtual addresses” and not real addresses. This is why they agree.

using the DMCA Designated Agent Directory tool provided by U.S. Copyright Office we can see information from TechSoft Limited that most of us already know but this is a confirmation of everything.

Most of the aforementioned websites were moved to TechSoft Limited except the websites that were owned by Glorious Holdings Investment, the Spankwire network websites were moved to another company in 2020.

Before TechSoft Limited these people used the shell company called Ristorian Limited to operate the 4 websites mentioned in the image. The list includes most of the sites mentioned above except fantasti.cc

on the websites where trademark registrations are displayed, Glorious Holding Investment LTD is repeatedly mentioned and as it is the owner of the trademarks of ExtremeTube, Spankwire and Keezmovies.

Then we will continue investigating these 3 websites and the network of websites named spanwkire and even their direct relationship with MindGeek.

using the OSINT tool named Fofa we noticed that the glorious.holdings website has many subdomains and the name “adsession” is mentioned repeatedly. We also now know that it is hosted on a Virtual Private Server (VPS) with Ubuntu.

The website uses the IP address “45.76.37.107” owned by The Constant Company and we found another website hosted on the server and the website is called “adsessionltd.com” which appears to be a supposed ad provider.

The website is an ad provider and advertises itself as a provider that can bypass Internet adblocks . There is an option to claim it but it is only a contact form. There doesn’t seem to be a real service behind this website.

The website logo mentions a domain name “adsession.com” which is not the domain of the website in the screenshot.

When going to the aforementioned website we see that the design of the website is much better and looks more modern. The website offers advertisers and publishers the option to join its ad provider to earn money.

Using wayback machine to look at old versions of this website, I found that the 4 blatant websites we previously researched were mentioned above. Here we confirm that these shell companies are closely linked to all this.

In the terms of use of Adsession it is mentioned that the legal entity name of the company is called “Adsession Ltd” and the address of the company is 26 Othellou, Strovolos, 2018, Nicosia, Cyprus. It is based on the island of Cyprus.

on Linkedin this company has a profile and presents itself as advertising services, it was founded in 2018 and unlike the terms on Linkedin, another address of where the company is located is mentioned.

Adsession employees are Denis Dudarenko as Creative Director of Adsession, Stu Baguley as Business owner of Adsession and Alina Petruk as Looking For exclusive Tube Traffic. these 3 people are supposedly behind Adsession.

Analyzing the domain with Fofa we discovered that there is a subdomain named “login.adsession.com” to log in, what is striking here is that it is another IP address and uses another hosting provider in this section of the website.

by analyzing the new IP address with the numbers “65.21.89.92” we collect different websites that are hosted on the same server I discovered such as “adltserv.com”, “aj2536.bid”, “aj2538.bid”, “aj2533.bid” and other domains.

what catches my attention about this ad provider is that despite publicly saying that it provides services to ads and publishers, there is no login or registration section. This section is in a hidden subdomain that is on another server

now using the URLScan search we are going to search for the websites that send requests to the ad provider’s domain. By doing this we found many of the clients of this ad provider and now we know who they provide services to.

Adsession provides services to porn sites, from the list of websites on URLScan none is a normal website, all of them have some relationship with pornography. This list includes websites like Spanwkire, ExtremeTube, Fantasti.cc and others.

Analyzing the websites analyzed in URLScan we found some domains and subdomains owned by Adsession, such as “adsession.exadcn.com”, “adsessionserv.com” and other domains such as “aj2218.online”

using Fofa to analyze the domain “adsessionserv.com” we found that this domain is related to many other porn sites such as MrDeepFake and many others. which means that they provide advertising to these websites.

MrDeepFake is a non-consensual and revenge website, the most trafficked site of its kind and a few days ago the UK government blocked access to the website in the country. it seems that Adsession has no problem monetizing all content

when analyzing the websites blocked by Adblock on the “smutty.com” and “pornxs.com” websites, we can notice that the domain “aj2218.online” is found related to the blocked ads. This domain was mentioned earlier.

so we can think that the ad provider used by smutty is Adsession LTD. They probably use strange and untraceable domains so that the website’s ad provider cannot be traced. This is to be more anonymous.

The ad provider uses different domains related to the advertising network. In this case we see these domains in Redd.Tube, smutty and pornxs.com

The strange thing about this ad provider is that the login section doesn’t seem to be in public mode unless someone analyzes the subdomains. My question is, where do clients and users get if access to the panel is not available?

I managed to register in Adsession but when trying to log in I couldn’t log in because I need authorization, I went to the lost password section so that the server sent me an email and they sent me an email with a password recovery link.

The email address that contacted me was “[email protected]”. EPOM is a very large company that offers a service called “Epom Ad Server” for advertising companies. so it seems that Adsession uses these services external to them.

The email also mentioned a Skype username and the sales email address used by Adsession. With this I noticed that the employees of this ad provider used Skype to communicate and I found many other usernames.

a user named “kypros” mentions Adsession and Clips4Sale in his username. Clips4Sale is a premium porn website that was sold in 2021. The attorney for DMCA requests is Corey D. Silverstain who is the same as smutty

The location of Tropical Sun LTD is at “Gladstonos & Evangelistrias, 1, Agathangelou Business Center, 3032, Limassol, Cyprus”. It is the same location as the Adsession company but the only difference is that the zip code.

The postal code of Adseessionis “3031” and that of Tropical Sun LTD is “3032” but despite these 2 differences the address of the company is in the same place.

This is not a connection with clips4sale. At smutty every certain post on the home page posts promoting Clips4sale are displayed. These posts, when clicked, redirect to an external website outside of smutty.

These posts are ghosts, basically these posts do not exist and when going to the Clips4sale smutty account these posts are not visible, the likes of these ghost posts seem to be from bot users that are inactive.

Glorious Holdings Investment operated ExtremeTube, KeezMovies, Mofosex and Spankwire until 2020. After March 17, 2020 the service provider became “Liquidum Limited” located in Cyprus in the city of Nicosia.

It is based in the same city as Adsession LTD and Tropical Sun LTD. He is exactly the same lawyer as always and the email address designated for the agent is [email protected], which would be the domain owned by Liquidum Limited.

The website is currently down but in the old versions of the website it is seen that Liquidium Limited was a company that developed applications for Android and iOS. It has nothing to do with the pornographic industry.

Among the applications they developed were a free VPN, cleaning applications for the phone, applications to extend the phone’s battery life and security apps.

This company is connected to the group of people who operate all these shell companies. It seems that in recent times they have brought companies to the island of Cyprus. The only company that is not in Cyprus and is TechSoft LTD.

When investigating the address of this company I realize that it is owned by MindGeek, it is at exactly the same address as MG Freesites LTD. in the list of ownership of MG companies it is mentioned that Liquidum LTD is owned by them.

MindGeek and its relationship with these shell companies:

MindGeek is the most famous porn company in the porn industry in the entire world. It owns Pornhub and xvideos in addition to many other porn websites. MindGeek has a relationship with this shell company in the Virgin Islands.

MindGeek and the people behind the shell companies registered in the Virgin Islands and the Seychelles island have had a very direct relationship since 2014. Before 2015 MindGeek owned the Spankwire network.

These anonymous people bought the entire Speankwire network of websites in 2015 from MindGeek. They used the shell company “Glorius Holdings Investment LTD” registered in the British Virgin Islands to make the purchase.

Many people have noticed this relationship between MindGeek and this shell company in the past but there is not much information because it seems that MindGeek and this shell company have wanted to be publicly discreet.

The shell company owns the trademarks for ExtremeTube, KeezMovies and Spankwire. The trademark registration agent was HallMan, Eli J. a trademark registration agent who works with MindGeek and is the same person who registered the Pornhub trademark and all MindGeek trademarks.

From Spankwire’s trademark ownership history we can see that there are 2 owners. The 2 are the legal name of the company MindGeek. MindGeek changed its name in 2014, before this it was called “ManWin”.

The first company that registered the name in 2011 was Manwin Licensing International Sàrl and then the owner changed to LICENSING IP INTERNATIONAL S.AR.L. These 2 companies are controlled by MindGeek. This company has an account at RIPE NCC and the email address domain is “mindgeek.com”

some people mention that MindGeek sold these adult websites to these people but there is no confirmed record of this but there is a record confirming that they did business and that the 2 were owners of these adult websites

The fact that whoever is behind this shell company has contact with very high-ranking people at MindGeek and that they have done business together tells us something important and that is that they have money, contacts and power.

The question is, was this just the interaction with MindGeek? and the answer is no, MindGeek and this company collaborated for years and even the websites of this shell company were mentioned on a “pornhub network” website.

PornMD is a website that was owned by MindGeek until early 2024. The spankwire network continued to be mentioned on PornMD after 2015 and in 2018 MindGeek added the website “pornxs” to its website banner.

until early 2024, MindGeek controlled the website named PornMD using the company “MG Freesites LTD” which is another name on the list of companies owned by MindGeek. MindGeek operates many sites under this company.

In the old privacy terms of Pornhub, RedTube, YouPorn and other MindGeek websites, the company “MG Freesites LTD” was mentioned, at the end of 2023 this changed and the company “Aylo Freesites Ltd” is now mentioned since MindGeek name changed recently

We now know that MindGeek is linked to these people and that they did discreet business together. but this does not end here. MindGeek is also closely related to hosting provider Reflected Networks Inc. Most MindGeek sites use these servers.

Reflected Networks is a hosting provider closed to the public, what does this mean? That you can’t just go, register, choose a hosting plan and pay. They basically have to authorize you from within the hosting provider.

The websites that use Reflected Networks servers are the property of MindGeek, MindGeek collaborators, affiliates or persons who have any contact with MindGeek. Here is the list of clients of the hosting provider.

When going to the DNS history of the domains owned by the spankwire network we noticed that to this day they use Reflacted Networks servers. Glorious Holdings Investment was probably authorized by MindGeek to use the servers.

In addition, the website “pornxs” uses Reflacted Networks servers. The website is currently operated by the company “TechSoft Limited”, which also operates smutty. This shell company based on the Seycheels island is controlled by the same people who operate Glorious Holdings Investment.

This hosting provider not only uses the name “Reflected Networks”, they have also used the name “Viking Host B.V.” and “Swiftwill, Inc.” Both have websites but it is only a home page without hosting plans.

on smutty, when accessing ads and trackers blocked by Adblock, we noticed that a domain name rncdn7.com is mentioned along with a subdomain for smutty. The domain is related to the ad provider TrafficJunky.

“rncdn7.com” is hosted on Reflected Networks like the other websites. TraffcJunky is a porn ad provider operated by MindGeek and is currently providing ads to Pornhub, RedTube and other websites.

These same domains are mentioned on Pornhub and xvideos along with other domains owned by TrafficJunky. This means that this ad provider is connected to the smutty infrastructure.

The domain “rncdn7.com” is also mentioned on the website “pornxs.com” and is also mentioned on the website “clips4sale.com” which is related to a person behind Adsession LTD and Glorious Holdings Investment LTD. clips4sale also uses the hosting provider Reflected Networks.

Who is behind these shell companies?

The question is, who is really behind these shell companies? We know the people who are related to them but not who are the owners of these shell companies.

The whois history of the domain “pornxs.com” mentions the name, email, phone number and other information of the website owner from 2014 to 2018 which the domain registrars changed and enabled domain privacy.

The name of the domain registrar is “Dan Horn” and the name of the organization is “Iridium Investments LTD” and the address provided in WHOIS is again in the Seychelles island as in TechSoft Limited.

The 2 shell companies are registered in the same city of Seychelles and are in locations quite close to each other. On Google Earth you can see how they are less than 20 blocks from each other.

The address of Iridium Investments LTD is used by many other shell companies. as happened with the other shell company registered in the Virgin Islands

The address of this shell company is found in the public domain database of the shell companies mentioned in the Panama Papers and Offshore Leaks.

Using OSINT industries we noticed that the email address is linked to the domain “videoarn” and “pornxs”. He was also found to be in Verifications.io and PDL Customer data breaches. This email has little information but is still useful

Looking at the domain name “videoarn” it reminds me of “imagearn” and has the same website design. so we found a connection with this again.

A year after this, in 2014 the design of videarn.com was updated to one inspired or copied from that of pornsx.com, the name “Iridium Investments LTD” was also added in the DMCA section next to the address of the shell company

The DMCA agent does not appear to be visible to the public and only a contact form is enabled. This means that we cannot know the name of the designated agent, the group of lawyers to which he belongs, and the contact email address.

even so, we found legal documents where it is mentioned that the company that operates the website is TVO Media LTD along with the domains of the site that it owns. What is striking here is that the lawyer is the director of the company.

The name of the director of the company is Tom Volonterio, TVO Media LTD is registered in the United Kingdom and the document mentions domain names and one that we already knew was “imagearn.com”

We previously mentioned that Iridium Investments LTD owned 19 domains. one of them is “porntm.com” and in the WHOIS records the name of Tom Volonterio and the address of the shell company on the Seychelles island are mentioned.

His phone number is also mentioned. When investigating the connections of the phone number, he discovered a Telegram account named “Coldf1re12“. Use the same username on Snapchat but without the number 12 at the end.

The telephone number is from the telephone provider named Hutchison 3G Ltd and the prefix is ​​the UK. He also has a WhatsApp and Instagram account.

when searching on Instagram for the username “coldf1re” I found that there is an Instagram account with exactly the same username and the alias “Tom”.

The profile photo of the Instagram account shows Tom with what is probably his wife or girlfriend. The location where he is seems to be in a fairly luxurious hotel.

In Companies House records it is mentioned that TVO MEDIA LTD was created on June 16, 2011 by Thomas Volonterio who resides in the United Kingdom and was born on September 16, 1981. He is currently 42 years old.

From its creation until 2016, the company added different members. among whom are “Joanna Volonterio, Louise Volonterio, Heiko Ortmaier and Louise Anne Volonterio.” (the 2 people named louise are probably the same)

Tom Volonterio also owns TVO HOLDINGS LTD, OFFERZ LTD AND PEEPD.COM LTD. Going back to TVO Media LTD, the designated agent phone number is the property of Dan Harn who is the person mentioned above in WHOIS.

In the historical whois records of the domain “videarn.com” the name “TVO Media” is mentioned along with an address in a city in the Cayman Islands. A Norplay email address and phone number are also mentioned.

The phone number is linked to an account named “scubadez” and is registered in the city of George Town in the Cayman Islands under the name “Derrick Inam”. The number is linked to 2 more domains than videarn

on a website of what appears to be a supposed real estate agency, the phone number and name of the domain registrar are also mentioned as “Tom Volonterio” and the same address on Cayman Island is mentioned

Now we know who people are linked to TVO Media and we know that Tomas Volonterio and Dan Horn supplanted this company with Iridium Investments LTD, which is a shell company registered on the Seychelles island.

Tom on Twitter calls himself “coldf1re” and uses the username “coldf1re1” which is linked to the address to a Yahoo address linked to an account on Badoo, BlackHatWord, OVHCloud and Modaco Forum.

In the Badoo account Tom he used his real date of birth which was mentioned above, this Yahoo account was created a long time ago. He has a BlackHatWord account with the username “devey_89” created on January 23, 2008.

The first records of the email address are at the end of 2007 and the last activity was on May 1, 2024. Most digital footprints come from data breaches.

The Yahoo address is also linked to different accounts. In the Skype account his name is “David Lane” and it catches my attention that he uses another name and surname. He also has a Chess account that was created on June 26, 2009.

The account username is “imagearn” and the country is United Kingdom. At Microsoft he is also called “David Lane”, the account was created on August 6, 2023 and the last update of the account was mentioned above.

on the GoFuckYourself porn forum Tom Volontorio has an account with the username imagearn, we know and can confirm this because the account’s contact information mentions an email address and phone number.

The email address is linked to a Twitter account and a Microsoft account named “Tom Volonterio”, the location of the account is in the United Kingdom and the creation date was January 2, 2007. The last update of the account was 2019.

many of the last posts were about selling domains and websites, in these posts he offered a contact for this and in one post the email [email protected] and the account are mentioned. skype “tom-coldf1re”

on April 14, 2014 he put the website “imagearn” up for sale and confessed that he earned more than 5k dollars per month with the website, in the same posts he wrote the Skype username tom-coldf1re.

Tom Volonterio initially only put imagearn up for sale and claimed that videoarn.com was not part of the sale. He limited himself to saying the price for the sale of imagearn in public and told users to contact him on Skype.

The negotiation for the sale of the website lasted months and forum users began to complain that he was somewhat arrogant privately with users who offered to buy the website.

one user mentioned that he told him that he earned 2.5k per month from LiveJasmin ads (porn webcams) and the rest he earned from ads from the ad provider named Exoclick. Tom Offered to sell him the website for 30k.

After this he told the user that a person wanted to buy imagearn and videarn for more than a million dollars. So a few months after the main post, the videoarn website was also put up for sale. It is unknown who this person is.

Months after this the owner of the website said that he was earning 3.8k per month and the website visits are more than 25k per day, this means the price and traffic of the website is low. After this he continued looking for possible buyers.

It is not known if he finally sold the website, it seems that until October 23, 2014 he continued trying to find buyers but the thread died some time later. The last message was “great deal to be done with someone” referring to another person.

2 years before this post he made another post in 2012 where he sold the PornTM website and claimed that he earned more than 1.2k with Exoclick and Plugrush. Before the date of the sale the website was something similar to what videoarn

The thread about this was short and the website was sold, although this contradicts the official WHOIS records which show that until April 10, 2015 the website was in the name of Tom Volonterio and Iridium Investments LTD

It is likely that the “selling” of these websites really was that Tom began collaborating with someone else in the administration of the websites, this coincides with some changes made to WHOIS on that same date.

In documents and in the historical WHOIS database it was mentioned that TVO Media LTD was the owner of these websites but this changed from 2013 and the company that controlled these websites began to be “Iridium Investments LTD”

In 2013, the website sold changed its design and stopped being a porn website where users uploaded videos and became the visible face of a network of porn websites with more than 150 websites in which videoarn and imagearn

Now we investigate the porn websites owned by Tom Volonterio starting with PornTM which was the brand name of the network of porn websites owned by the shell company based in the Seychelles islands.

so now we will analyze the websites that these people operated. in which the previously mentioned name “videoarn” is located. a website that for almost its entire existence had partner websites with a website that promoted it as jailbait.

Jailbait is a word often used by pedophiles to refer to children under 16 years of age. There are also other websites that are promoted such as “My Teen GF” and “Just Teenz” that also make reference to minors but not as blatant as the first.

When searching for the name “videarn.com” on Bing, images of children appear. The results have titles with the initials “JB” which is the acronym for JailBait. This is quite disturbing, the girls who appear are between 4 and 17 years old. wtf

on the GoFuckYourself (GFY) forum in a thread where Tom Volonterio posted about imagearn. one user commented on the posts that there are images of minors on the website and just next to hardcore porn ads.

When searching on Bing for the imagearn website, images of children also appear. They are mostly very young children and model children. Yes, we enter the iceberg of child abuse and child exploitation again.

on the website called blackhatworld, a user made a post where he mentioned that the website “videarn.com” had illegal content and minors. He wonders how they get away with it despite looking the other way.

The website was full of videos with the word “teen” and videos with minors. The website’s partners were other websites flooded with illegal content such as, one of the websites is “Jailbait Cams” and another named “Young Teen Videos”.

The title of a video is “Teen Bait” and I don’t even have to explain what this refers to because the girl is a minor. Among the TOP partners of the website is a website with the title “Young Teen Videos” that redirects to a website

The website is flooded with Child Sexual Abuse Material (CSAM) and images of children, at least half of the images are of victims of sexual predators targeting minors on platforms like Omegle.

This website is connected to another website where images of children and Child Sexual Abuse Material (CSAM) were distributed. this website used words like “JailBait” or “JB” to refer to children. although in some cases it says the real ages

The owner of the website had an account on videoarn and uploaded videos of minors and then uploaded the link to his illegal website. In addition to uploading this, he also uploaded videos generated by illegal porn filming studios.

This was a very large pedophile network at the time and everything was linked directly to videoarn. This was something similar to what smutty mis today but probably much worse

The man Tom Volonterio has an account on the forum called porn-w where he published images from imagearn, he uploaded revenge porn and CSAM from his website. For example, a post from May 2009 used the words “lolita”.

The owner of imagearn and videarn with the user “coldf1re” promoted and distributed different images of revenge porn and child pornography. In 2009 he wanted to attract pedophiles to imagearn to benefit from the traffic.

On videoarn in the partners section there was a website mentioned as “JailBait Cams”, the website to which the link redirects is “videoarnarchive” which is an extension website of videoarn. they are from the same owner

Yes, Tom Volonterio promoted the videoarn archive as a “jailbait” website, remember that jailbait is a word used by pedophiles to refer to minors.

currently videarn ceased to exist but investigating the video system I realized that the backup copy of videos uploaded to videarn are stored in pornxs

So now we know that the videos uploaded to videarn were backed up and all stored on pornxs, a website currently operated by the Seychelles-based shell company TechSoft Limited.

PornTM was a network of websites with more than 130 websites, some of which we already mentioned above. Most of the websites in this network of websites had many images of minors and Child Sexual Abuse Material (CSAM).

They were mostly revenge porn and non-consensual porn websites. Many of the “cams” websites were videos recorded by sex criminals harassing minors. The videos along with the faces of the victims were shown on these websites.

on these websites where the faces of minors who were victims of sexual harassment were uploaded on platforms such as Omegle, there were advertisements for Chaturbate, Stripchat , Livejasmin and among others

These porn webcam companies benefited from traffic in the form of visits from pedophiles coming from these illegal websites. While minor victims were seen by thousands of pedophiles, these companies benefited from this monetarily.

on the “teeny tease” website, friends’ websites mentioned a website with the title “JailBait Teen Cams” where images and videos of children were uploaded. From the WHOIS history we know that the website was owned by Tom Volonterio.

among the many friendly and partner websites is a webcam website that uploads videos of minors and CSAM. In the title of the uploaded videos we can see that one of the victims who appeared in the videos was only 12 years old.

All of these websites were part of a large pedophile network that exchanged links to illegal websites and distributed illegal content. This is just the beginning of the iceberg, the pedophile network is much bigger and much worse than this.

on the Feralamateurs website there was a long list of friendly websites, one of the websites mentioned is “Mini Zone” which, as the name refers to, was a child sexualization and illegal pornography website.

shen entering the website, images of children appear again, the source of the images are from recordings without consent of chats on platforms such as omegle. minors are recorded and put on these site to be seen by pedophiles

This website also has a list of friendly websites and they are mostly websites owned by the PornTM network, here there is also a website called “JailBait Cams” along with other websites that are related to child abuse content.

These websites are all connected to each other and some of these websites are connected to a TOPlists website that lists many websites related to child pornography, child sexualization and child sex trafficking.

While there is an ad from the ad provider PopAds, below there is a pedophile forum that distributes images of models from 12 to 17 years old. The images come from child pornography filming studios.

The second on the list is a website that collects images of minors on omegle, the third is another pedophile forum that fulfills the same objective as the previous one. These websites use words like “JailBait” to refer to minors.

Sitting on the ad provider for a second, I had a conversation with Tomasz Klekot (CEO of PopAds) in June 2023 because a website that distributed 1 CSAM file and the website was dedicated to uploading “Lolicons” used this ad provider .

he refused to suspend the service despite the fact that the owner of the website distributed CSAM, as an excuse he compared himself to Google and Amazon but these 2 platforms when a user does something illegal they suspend the account.

He found out that a client of PopAds had distributed child porn and all he did was request the removal of the content and told me that his legal department would look into it and to this day the pedophile continues to use PopAds.

so I’m not surprised that a child pornography website uses a PopAds affiliate link, going back to the previous topic, on the pedophile forum criminals distribute images and videos of child sex trafficking victims.

The pedophiles who have captured the victims change the name of the victim and call them something else in front of their clients on the dark web. The names of girls mentioned on the pedophile forum are aliases of these victims.

these criminals are clients of these dark web child modeling studios, these illegal modeling agencies force children to record CSAM and then the videos are sold in crypto to pedophiles very well connected to pedophile networks.

These victims of human trafficking are sold by child traffickers to these child modeling agencies, then these victims are sold to other pedophiles. It is a very large black market with a lot of money, financing and resources

The pedophile members of this pedophile forum are very well connected to organized crime and some members have financed these child modeling studios. They have written the domains owned by these illegal studios.

on the website, more than 20 victims are mentioned, whom these psychopaths call Stars, Talents and models. In the website updates it is mentioned that there are new models from 8 to 10 years old in the modeling studio.

on the home page of the website, images of the victims in the illegal recording studio are shown, some are with their clothes on and others are in underwear and beach clothes. In each post there is an option to purchase the videos.

They added a watermark to each image in case someone stores the images and distributes them on a pedophile forum or another place on the Internet, so that pedophiles know that the victims are from that illegal modeling studio.

These people do not work alone, they have HD and 4K cameras (in 2018), they have luxurious properties, recording sets and contacts to find victims of child sex trafficking. There is a whole illegal business here that many people are part.

In the movie Sound of Freedom a pedophile is shown looking for children on a child sex trafficking website, the website shown in the movie is quite similar to the websites on the dark web of child modeling studios.

In the first scenes of Sound Of Freedom it is shown how children are taken to a modeling set and a member of a child trafficking ring tells them how to pose. Those images are then put on the website selling children on the dark web.

Recently, several people were arrested and sentenced to prison for operating a “child modeling agency” that created and distributed Child Sexual Abuse Material (CSAM) to pedophile clients around the world.

This company was registered “Newstar Enterprise” and many people were involved. from child traffickers, money laundering criminals and pedophiles operating temporary CSAM websites on the dark web.

• Floridians Charged and Convicted in Connection with International Enterprise that Operated Sexually Exploitive ‘Child Modeling’ Websites
• Foreign National Sentenced for Trafficking Child Pornography

These child pornography filming studios operate from different parts of the world, they have hundreds of thousands of clients who pay and finance criminal activities. This market makes millions at the expense of the suffering of children.

many of the clients are on pedophile forums distributing illegal content and helping these illegal modeling agencies. For that reason smutty was flooded with photos of victims of child sex trafficking.

Pedophiles who use the “clear web” go to porn websites where they know that the website administrators look the other way regarding child abuse and child exploitation. smutty is currently the preferred clear web website

This pedophile forum benefited from the Chaturbate affiliate program. This is what I was talking about previously, porn companies benefit from this organized crime and do not seem to control too much those who use the affiliate programs.

These cybercriminals used the Chaturbate affiliate program to make money by sending visits to this webcam website, they sent thousands of pedophiles to Chaturbate and Chaturbate paid the cybercriminal.

It seems that cybercriminals were doing so well doing this that they made another website just to send traffic to Chaturbate. The website was called “Lolitas City” and was part of a large network of child abuse content websites.

This website was connected to many other illegal websites and pedophile forums. The amount of money that Chaturbate paid with the affiliate program was enough for these pedophiles to see it profitable.

This criminal business would not be so big if it were not for the fact that the people who could do something against this did so, but in real life companies like Chaturbate are involved in the financing of pedophile networks.

Chaturbate is not the only one, companies like BongaCams and Exoclick contribute to the financing of criminal groups that benefit from child abuse.

Now that we’ve seen all this, we already know that Tom Volonterio’s videarn and websites were linked to a network of illegal websites and a pedophile network that distributed Child Sexual Abuse Material (CSAM).

Now again we come across MindGeek, MindGeek benefited from this pedophilia and revenge porn network and was directly linked to some websites of the PornTM network that was operated by Iridium Investments LTD.

Before being called that, MindGeek operated under the name Manwin. At that time, MindGeek operated a website called “gfrevenge.com” and the marketing model of that website was revenge porn and teens.

MindGeek used phrases like “100% Real Exposed Teen GFs” at the start of its website. What this company was looking for with this was to attract perverts who were looking for images of teenage revenge porn victims.

It seems that MindGeek not only did this but also partnered with real revenge porn websites. Websites that, in addition to having revenge porn, were flooded with images of children. websites connected to a large pedophile network..

This seems to be quite hidden, it is a website owned by MindGeek that used revenge porn marketing and was linked to revenge porn, pedophilia and Child Sexual Abuse Material (CSAM) websites.

videoarn was part of a large distribution network for child pornography and pedophilia. Not only was illegal content distributed on this website, but other websites were also promoted and did the same.

This pedophile network was fed by the PornTM network websites, they fed each other with visits. While investigating this network I realized that every time I delved deeper into this, the illegal activities became worse.

A very mentioned website on this network is also DareDorm which is another website owned by ManWin / MindGeek / Aylo . At that time ManWin owned many websites that no longer.

Now we know who these people are, what they did and who the founders and previous owners of imagearn and pornxs were. In this case it was Tom Volonterio using the shell company Iridium Investments LTD.

The domain provider changed to EuroDNS in 2015 for the domain “imagearn.com” and in 2018 it changed to the domain “pornxs.com” so it was probably around these dates that the websites were purchased.

probably imagearn was sold first in 2015 and 3 years later the website pornxs was also sold. At that time the websites were no longer operated by Iridium Investments LTD and the other members of PornTM.

and began to be operated by the shell company Ristorian Limited from the British Virgin Islands, what we know today as TechSoft Limited which is another shell company that currently operates smutty.

Those who operate these shell companies in tax havens know very well what they are doing, for years they have been involved with websites involved in child exploitation and they have known how to be invisible and to this day they remain involved in this terrible illegal business.

The people behind TechSoft and the other 3 companies did not care about doing business with the owner of websites that were flooded with illegal content and that in the partners section there were words like “JailBait“.

Now that we know this, it is not a surprise that on smutty pedophiles with profile photos of children, missing children and victims of child exploitation have followers and the administrators do nothing.

Website administrators do not suspend pedophiles’ accounts even when they have a profile photo of a child or acronyms like “CP” in the username or account description. They are complicit in this pedophile network

and in cases where the admins do something it is because it is obvious and serious. like when a user had the acronym “CP” as a description and more than 1.6k posts of Child Pornography and Child Sexualization.

What did the admins do? suspend the account? No. As shown in the video, what they did was delete the account description and the posts where they were more serious regarding Child Sexual Abuse Material (CSAM).

What the administrator is responsible for is that illegal activities do not attract attention outside of smutty, he does not care what pedophiles do as long as he continues to monetize images of children and revenge porn.

This is something very big, this is organized crime from beginning to end. This concept map shows the level of this, this is not a simple cybercriminal operating this. There are many people involved here.

These people have a lot of money, contacts, shell companies, these people are anonymous, they have connections with pedophile networks and have been their accomplices for years and have many resources.

In all the websites where these people have been related, the same problem always appears and that is child sexual exploitation and photos of children. These people have been profiting from child exploitation.

These people have also bought websites of other pedophiles, such as when they did business with Sathia Francesco Musso, a man who liked #jailbait posts on his own website and did not suspend the accounts.

Another person with whom they did business is Tom Volonterio, a man who was connected to a pedophile ring, owner of websites flooded with CSAM and on videoarn he had a JailBait website as partners.

These people have contacts at MindGeek and have done large but discreet business with this porn company. As we saw previously, it seems that someone internal to MindGeek has the approval regarding these people.

Regarding the websites of the spankwire network, even here there were also problems with child porn. In a class action lawsuit against MindGeek, the 4 sites linked to a shell company of these people are mentioned.

These people even created their own ad provider that they use to monetize child pornography, child photos, and revenge porn. These people know what they are doing and have spent a lot of money to do this.

Now finishing the article, I will talk about Corey D. Silverstein, which is the name that appears as the attorney assigned to all the shell companies and offshore companies owned by these criminals.

Corey D. Silverstein is the owner of a law firm called Silverstein Legal that provides legal services to companies in the porn industry and appears to be a popular attorney among the porn industry.

On March 31, I contacted a website that used terms and conditions almost identical to those of smutty and the other websites. I wanted to know what the source was and if it was a generator or there was a company behind it. Now 2 months later I know it was Silverstein Legal.

The email was sent to the website admin and the email address of the designated attorney, which was Corey. I gave them a context of the situation so they knew it was important and I also said who I was.

The email was opened by the website admin the same day it was sent and then on April 15, 2024 it was opened by the designated attorney who I deduce is Corey D. Silverstein. No one responded to this email.

It seems that Corey recently defended Clips4sale in an intellectual property case and won, so these people and this law firm seem to interact often.

This law firm has been involved as designated attorneys for each and every one of these people’s offshore companies (including TechSoft Limited which is the current owner of smutty and pornxs)

Kevin S. Toll and Lawrence G. Walters also work at the law firm. I don’t know why these last two have photos that look like something out of an evil character from a movie, but it makes me uncomfortable to see these two.

It seems that Corey D. Silverstein has no problems with appearing on a website flooded with child porn and having his name appear on the same website where there are pedophiles uploading images of missing children.

What you are probably wondering is how is it possible that a website flooded with child pornography and that operates a pedophile network with thousands of interactions per month is on the clear web?

That is why now I will talk about the hosting provider that I used smutty from 2016 to 2023, which is NForce. a hosting provider that is considered bulletproof and closely linked to Child Sexual Abuse Material.

NForce is the third hosting provider in the world to receive the most CSAM removal notifications from authorities. This list is from a document regarding this same thing uploaded by a United Nations organization.

This hosting provider was investigated by the Dutch authorities for this very reason and thanks to the illegal activities of NForce pedophile clients, politicians wanted to legislate a law to fine companies like these.

This hosting provider was used by pedophilia forums and child porn websites, the owners of smutty surely had this information and used NForce to host smutty and the porn forum fantasti.cc

Who is really behind TechSoft Limited?:

These people have been in charge of doing everything discreetly and anonymously. But at this point in the investigation we know that these people have many resources, money and shell companies.

using OSINT methods to find domains owned by these people, I found a domain name techsoftltd.com which was very similar to glorious.holdings and in the contact section the address of TechSoft Limited.

It seems that the website admin did not want anyone to find this website since in the “robots.txt” file the indexing of the website is disabled for search engines and this makes this website unable to be found on Google.

When I look at the domain’s WHOIS information I find useful information such as that the owner calls himself “Babushka Sargent” and lives in Cyprus. with this little information I began an investigation.

TechSoft Limited domain is registered with the organization “Aprodigamentum Limited” registered in Cyprus , Nicosia on May 4, 2012 and the director of this company is Babayan Sergey.

This company is mentioned in 2 more domains, one of them is “ortnec.com” which is a company also registered in Cyprus. one of the email addresses of that domain is used in the WHOIS of “smuttylive.com” and “pornxslive.com“

The website “modelcentro.net” was also mentioned, this website is supposedly owned by “Centro Publisher Limited” a company based in the British Virgin Islands that is the owner of websites related to porn models.

The shell company’s address is in a location close to the other companies. when investigating the new address, it is mentioned in the Panama Papers and Offshore Leaks. Many shell companies use the same address.

The address appears to be linked to PortCullis TrustNet, which is or was a company that was fined 200k for money laundering and helping to finance terrorism. This makes me wonder a lot of things.

This makes me wonder what the other shell companies are about and what they are involved in at the addresses used by these people and that are mentioned in the Panama Papers and Offshore Leaks.

Team Centro is a part of Ortnec Services, on the Team Centro website a list of jobs is mentioned and 2 of these are “Middle Affiliate Manager” and “Senior Publisher Manager” and the job department is “Adsession”

They are the owners of Adsession LTD which is the current ad provider for smutty and we mentioned above what this ad provider is involved in.

Team Centro is, in its own words, a team of people who have experience in web development and the entertainment industry. It doesn’t say anything related to the porn industry even though they are mostly dedicated to this.

It has offices in many parts of the world. The company’s headquarters appear to be in Cyprus, Limassol and it has other offices in other countries such as the United States, Spain and Canada.

on Instagram this company has an Instagram account where they upload photos of company employees and the work team. It seems like they are having a great time partying and having fun. 

In the description of the account the URL of the Team Centro website is mentioned and since I follow the founder of smutty on Instagram I realized that he follows this account on Instagram.

on the Instagram account there are photos that catch my attention, such as one where it seems that a member of Team Centro who calls himself “standman360” is talking to a representative of JuicyAds

JuicyAds is one of the largest ad providers used in the porn industry, in the other photo there is a person wearing a t-shirt with the Brazzers logo which is a porn website. By the way Sathia Musso liked that photo.

This reminded me of when the founder of smutty uploaded photos in cyprus to Instagram, when I started to see sathia musso’s photos in cyprus I began to realize that in those photos there are interactions with standaman

standman360 is mentioned in a photo where Sathia Musso is posing dressed as a priest or at least that’s what it seems, in another photo the Team Centro member commented on Sathia Musso’s photo

in Stan Fiskin Instagram and Twitter accounts, notice that in the Twitter description he claims to be an investor and co-founder of FanCentro, CentroBill, ModelCentro and Clips4Sale.

In the Instagram account he mentions Team Centro, PrimeClicks (ad provider for betting websites) and other Instagram accounts related to this. currently Sathia Musso and he follow each other on Instagram

The first interaction of the founder of smutty on Stan Fiskin’s account was on July 26, 2016. 1 month before, sathia had uploaded 2 images located in the United States. The images were located in New York and Miami.

In 2016 was when “Okeanus Finance Limited” acquired fantasti.cc and smutty, this also coincides with the fact that the first interactions on Instagram with “Stan Fiskin” were in July of that same year.

Let’s remember that New York is close to New Jersey and is where Stan Fiskin (standman360) put his location on his Twitter account. amonth after Sathia’s posts, Stan uploaded a photo in Florence, Italy.

In April 2023, the company gave Stan Fiskin the “King of Adult” award and Sathia Musso gave him a like. In other posts there are mentions of “ortnec”. These types of images are uploaded to the Team Centro account.

on Instagram Stan Fiskin (member of Team Centro) uploads images and videos where he shows himself with a lot of money and in luxury properties and cars. as in Ferraris, Lamborghinis and other types of cars.

Stan Fiskin is part of FanCentro, a porn website that is similar to OnlyFans. currently the domain uses privacy WHOIS but before July 2014 it did not use it and “Ortnec Holdings Limited” was mentioned as the owner.

the legal director of this company is Sergey Babayan, again this name keeps appearing. We remind you that he is the director of “Aprodigamentum Limited” which is the owner of the “TechSoft Limited” domain.

Sergey Babayan is very involved in this, legally and in the information written in WHOIS on many domains. he is probably a financier or founder of Ortnec. He is also involved in other companies related to internet.

In Krebs on Security an investigation was made regarding some websites suspected of scamming and stealing money, in this investigation a certain “Sergey Babayan” from Nicosia, Cyprus is mentioned.

He is mentioned in relation to a financial company named Prospectacy Limited, a company that was dedicated to corporate and financial services and helped register offshore companies in countries such as the Seychelles.

Among the domains owned by Prospectacy are Go Offshore which was a website for registering offshore companies in the Seychelles Islands, Cyprus, Belize, Andorra, British Virgin Islands and many other countries.

Sergey Babayan was involved in many other companies, these companies are mentioned in the Companies House database, there we find data about him as he was born in June 1984, he is of Cypriot nationality.

Currently Sergey Babayan has a website called Lestri LTD which is supposedly a company that provides Software and financial services. The website is a generic website. The domain was created on December 2, 2022.

In WHOIS an address in Nicosia, Cyprus is mentioned along with a telephone number registered with the telephone provider Lycamobile AG. An email address that uses ProtonMail is also mentioned.

Sergey is a peculiar person, he is involved and related to many shady, unethical things and issues on the internet. With the last thing we realize this, what type of financial company uses ProtonMail for email in WHOIS?

When I saw the Ortnec employees I realized that some have a relationship with MindGeek, like this person who worked at Adsession, Ortnec and also worked as a “Web Analyst And Content Partner” for MindGeek. 

another person named Akis worked at Aylo Inc (MindGeek) and then at Ortnec and then at Aylo Inc again. This person lives in Cyprus and the 2 contact addresses use the domain “aylo.com” and “mindgeek.com”

The sales manager of Team Centro before joining Ortnec (Team Centro) worked for 4 years and 9 months in the offices of Manwin (MindGeek) Canada. working as “Monetization Manager” and “Product Manager”.

The name “Sergey Babayan / Babayan Sergey” is used in the WHOIS information of some porn industry domains owned by Ortnec. for example in the domain “eurorenueve.org” which is related to an old Ortnec project.

The first and last name are also linked to other sub companies such as Sumom Limited, Aradiaco LTD and BirdView Mobile Limited, which is a company that registered more than 200 domains related to porn.

Among the domains owned by Sergey Babayan are temporary websites related to “Teens” and “Youngs”. These websites are flooded with child pornography and seem to belong to a network of websites of this type.

Some of the images belong to child modeling agencies owned by organized crime. These images were probably uploaded to the website by the owner since there is no option for a user to upload content.

These websites use the ad provider named “EroAdvertising”. they were websites flooded with Child Sexual Abuse Material (CSAM). It is not a surprise looking at the history of these people.

These people always seem to somehow have a connection with Child Sexual Abuse Material (CSAM) and pedophilia. There is clearly someone in this company who knows what is happening and is complicit in this.

The next image mentions some of the websites and ad providers that Ortnec / Team Centro was or is currently the owner of. The subcompanies that Ortnec owns in the past and currently are also mentioned.

For many years Ortnec was the owner of Euro Revenue, I don’t know if it still is or if it was sold to someone else. EuroRevenue is a service related to the porn industry related to traffic and visits.

Many of the websites owned by Ortnec used DNS servers named “ns1.eurorevenue.com”. More than 130 porn websites use this on their DNS servers and from the looks of it most of them were Ortnec websites.

Before Ortnec / Team Centro, the owner of EuroRevenue was Manwin /MindGeek / Aylo. In 2010 Manwin acquired it and at some point the ownership passed to Ortnec.

Senior management at MindGeek and senior management at Ortnec have had a very close relationship for many years. They have done business together and even former MindGeek employees are current Ortnec.

Now that we know all this, my question is why? Because some people have to be so psychopaths and human shits to be owners of a website where there is a pedophile network that distributes child abuse content every day.

Now that we know everything, we also know that there is an Ortnec member who notices that pedophiles have profile photos of children and does not suspend their accounts and does not report them to NCMEC.

Not only are they the owners of smutty, they are also owners of the ad provider and for years they have been monetizing images of victims of child sex trafficking, child rape, photos of children and child porn.

I admit they were smart, it’s very difficult for anyone to realize all this since officially the website is operated by a shell company in the Seychelles islands, the ads come from random domains like “aj2218.online”

Let’s remember that smutty is not even the only website owned by Ortnec where this happened. Exactly the same thing happened in imagearn and even when searching for the domain on Bing, images of children appear.

Let’s remember that imagearn was owned by Tom Volonterio, a pedophile who owned “videoarn”, a website that was used by hundreds of sexual predators and in the Partners section JailBait sites were mentioned.

Let’s also remember that videoarn was connected to a network of pedophilia and temporary child abuse websites. Ortnec still decided to do business with Tom Volonterio and buy imagearn and pornxs

At the same time, Ortnec was doing business with the founder of smutty. We remember that Sathia Musso interacted with pedophile users and recommended users to upload images that sexualized children

Tools used for the research in this article:

All OSINT tools used to perform this operation written in this article. They are useful to carry out an entire research based on public fingerprints on the Internet

• Email Address & Phone Number Research: OSINT INDUSTRIES
• Tool to analyze WHOIS history database: Domain Research Suite
• Domain Redirected Traffic Analysis: Host.io
• Data collection based on data breaches: SnusBase
• Email Address Analysis: SEON
• View old versions of websites: Internet Archive
• Data Breach Analysis: Pentester
• email address finder in data breaches based on domains: IntelligenceX
• Domains, IP Addresses, and Subdomains Analysis: SecurityTrails
• Website analysis, collection of ad scripts and installed programming languages: URLScan
• Email Address Analysis & Data Breach Analysis: IntelBase
• Analysis of accounts linked to email addresses: Castrickclues
• Search for companies based in the European Union: European e-Justice Portal
• Search for companies based in the Seychelles Island: Search Business
• GEOSINT tool with artificial intelligence: Geospy
• creation of maps based on OpenStreetMap: uMap
• Map creation and 3D map visualization: Google Earth
• ICIJ: Offshore Leaks Database
• Cyprus based company registration database: Search
• search for company records: Opencorporates
• designated agent records: DMCA Designated Agent Directory
• find company records related to united kingdom: Companies House