Whois and registrar records connect the dots between domain names used in prostitution crime.
The United States government has filed an in rem action against 500 domain names for forfeiture that it says were used in prostitution and sex trafficking ring.
Over a period of six years, the conspirators paid over $25,000 to register the domains through Domain.com, the suit states. I reviewed the list of domains and found that they were almost all registered at either Domain.com or HiChina.
It’s interesting to read about how the FBI connected the dots between the domain names. It used as much publicly available Whois information as it could, while also connecting the dots using DomainTools and records from the registrars and hosts. Here’s the description from the FBI about how it uncovered the domain names used in the ring:
On or about November 2018, the FBI accessed publicly available information regarding twenty-five domains associated with the email address [email protected].
Using Domaintools—an open source tool that queries WHOIS records, passive Domain Name Service (DNS) data, IP addresses, hosting data, and other DNS information—
investigators learned that the twenty-five domains were hosted on IP address 64.50.176.48, along with hundreds of other domains.Records from Domain.com revealed that for all twenty-five domain names, the subscriber was Weixuan Zhou, with an email address of [email protected], a telephone number of 213-431-0920. The billing information for this account showed the card holder name as Weixuan Zhou and a billing address: ti yu lu no. 613 Guang Zhou, China.
Most of the other hundreds of domains hosted on the same IP address shared the same or similar registration information: registered to Weixuan Zhou through Domain.com, LLC, with historical registrant email information identified as [email protected] or [email protected].
Credit card activity shows Weixuan Zhou paying Domain.com for these domains from August 2012 to June 2018. Finanacial records for Zhou, from August 16, 2012 through June 1, 2018, show payments made via credit card to Domain.com totaling $11,202.04. One specific example shows that Zhou’s Wells Fargo credit card made multiple payments to Domain.com in September 2014. This credit card’s September 2014 balance was paid down from Weixuan Zhou’s Wells Fargo checking account. The source of these funds originated from cash deposits at banks in Texas, Colorado, Oregon, Washington, and California.
80. Records from PayPal showed that beginning on or around February 15, 2018, and continuing through October 10, 2018, the PayPal account linked to [email protected] sent
147 transactions totaling $6,150.14 to Domain.com. The subpoena return also showed on or around January 31, 2016, and continuing through September 2017, the PayPal account linked to [email protected] sent 169 transactions totaling $10,241.74 to Domain.com. The total payments sent to Domain.com from Zhou’s two PayPal accounts were approximately $16,391.88
Acro says
Full listing of the domains seized by this 6 month old operation:
https://domaingang.com/domain-crime/the-fbi-shut-down-498-escort-domains-on-chinese-registrar-aliyun/
Andrew Allemann says
They seized them a while ago but just commenced forfeiture proceedings last week.
Charles Christopher says
https://www.zerohedge.com/news/2019-05-17/wells-fargo-banker-pleads-guilty-helping-launder-millions-sinaloa-cartel
“A 30-year-old Wells Fargo personal banker pleaded guilty on Thursday to knowingly opening bank accounts for people working with the Sinaloa cartel for money laundering purposes.”
“Between 2014 and 2016, money laundering organizations recruited people who would open bank accounts for the cartel’s drug money, according to the US Attorney’s Office in the Southern District of California. The operation laundered over $19 million dollars in narcotics proceeds.
The drug money would be deposited into the bank accounts, also known as “funnel accounts,” in amounts below the threshold for regulatory reporting.”
https://www.zerohedge.com/news/2016-09-18/wells-fargo-who-says-crime-doesnt-pay
“The way it worked was that employees moved funds from customers’ existing accounts into newly-created ones without their knowledge or consent, regulators say. The CFPB described this practice as “widespread.” Customers were being charged for insufficient funds or overdraft fees — because there wasn’t enough money in their original accounts.
Additionally, Wells Fargo employees also submitted applications for 565,443 credit card accounts without their customers’ knowledge or consent. Roughly 14,000 of those accounts incurred over $400,000 in fees, including annual fees, interest charges and overdraft-protection fees.”
https://www.extremetech.com/internet/235382-wells-fargo-faces-185-million-fine-for-massive-fraud-and-theft-scheme-5300-employees-fired
https://www.reuters.com/article/us-wells-fargo-class-action/wells-fargo-to-pay-480-million-to-resolve-lawsuit-related-to-sales-scandal-idUSKBN1I52IV
https://www.govinfo.gov/content/pkg/CHRG-115hhrg31327/pdf/CHRG-115hhrg31327.pdf
“Prior to my time at Contra Costa, I served as a Financial Crimes Consultant with Wells Fargo’s Financial Institution Investigations Group (“FHG”). Wells Fargo created FIIG in response to the findings of a 22-month long investigation by the Drug En!orcement Administration, the Jntemal Revenue Service and other agencies regarding Wachovia’s1 handling of$373 billion in wire transfers, $4 7 billion in remote deposits2, and nearly $5 billion in bulk cash deposits processed on behalf of”Casas de Cambio.” high-risk currency exchange businesses operating in Mexico. The investigation concluded that these transactions were conducted with limited or no anti-money laundering oversight by Wachovia and at least $110 million of the funds processed were directly related to criminal drug trafficking activity”
https://www.justice.gov/usao-sdca/pr/wells-fargo-personal-banker-pleads-guilty-money-laundering-charges
… I wonder if “forfeiture proceedings” on the domain name WELLSFARGO.COM might have a positive impact on the problem ….
John says
We should all support the fight against human trafficking and exploitation, including promoting awareness. It is a horrible evil. Been doing that myself for years now, and hopefully more going forward.
However…
We must also balance all of it, because it can get very imbalanced and also go in harmful and even politicized directions.
And my recommendation is that people start with that balancing part by reading this:
“The Deadly Consequences of the Anti-Sex Trafficking Law”
https://thecrimereport.org/2018/06/04/the-deadly-consequences-of-the-anti-sex-trafficking-law/
Crimson says
Show your support for DomainTools.com as they help FBI take down sex trafficking sites.
John says
You know when I was a fed it was also very comical the extent to which we used such commonly available public tools and the thought of it feels a bit embarrassing even now, and that’s exactly what I was reminded of and thought about as I read this. But we certainly had other resources, and no it was not the FBI in my case.
Charles Christopher says
>comical the extent to which we used
>such commonly available public tools
I have a friend in military intelligence. When they catch the guys they often ask “How did you know we were going to do this?”
Answer: Facebook
They post on Facebook (and other social media sites) somehow with the idea that only their peers are looking at their pages. Just can’t make this stuff up.
John says
We were one floor from them. Those were some days.
FX says
FBI wouldn’t be able to do its job without https://www.domaintools.com/