The U.S. government has filed an in rem action for forfeiture against 500 domain names that it claims were used in an illegal prostitution and sex trafficking ring.
One of the alleged leaders, Weixuan Zhou, 37, of Guang Zhou, China, used gmail and hotmail email addresses and a Los Angeles-area telephone number. He and five others were charged in January with racketeering following a nationwide sting that targeted illegal Asian brothels.
Latin for ‘in the thing itself’, an action in rem (also referred to as real action) is an action to determine title to property, and the rights of the parties. Title and rights are determined not merely among the parties to the lawsuit but also against all persons at any time claiming an interest in that property. It determines rights in property that are conclusive against the whole world.
Over a period of six years, the alleged conspirators shelled out more than $25,000 to register the domains through Domain.com, according to the feds. Andrew Alleman at DomainNameWire reviewed the list of domains and found that they were almost all registered at either Domain.com or HiChina.
Writes Alleman: “It’s interesting to read about how the FBI connected the dots between the domain names. It used as much publicly available Whois information as it could, while also connecting the dots using DomainTools and records from the registrars and hosts. Here’s the description from the FBI about how it uncovered the domain names used in the ring:”
On or about November 2018, the FBI accessed publicly available information regarding twenty-five domains associated with the email address [email protected].
Using Domaintools—an open source tool that queries WHOIS records, passive Domain Name Service (DNS) data, IP addresses, hosting data, and other DNS information—
investigators learned that the twenty-five domains were hosted on IP address 64.50.176.48, along with hundreds of other domains.Records from Domain.com revealed that for all twenty-five domain names, the subscriber was Weixuan Zhou, with an email address of [email protected], a telephone number of 213-431-0920. The billing information for this account showed the card holder name as Weixuan Zhou and a billing address: ti yu lu no. 613 Guang Zhou, China.
Most of the other hundreds of domains hosted on the same IP address shared the same or similar registration information: registered to Weixuan Zhou through Domain.com, LLC, with historical registrant email information identified as [email protected] or [email protected].
Credit card activity shows Weixuan Zhou paying Domain.com for these domains from August 2012 to June 2018. Finanacial records for Zhou, from August 16, 2012 through June 1, 2018, show payments made via credit card to Domain.com totaling $11,202.04. One specific example shows that Zhou’s Wells Fargo credit card made multiple payments to Domain.com in September 2014. This credit card’s September 2014 balance was paid down from Weixuan Zhou’s Wells Fargo checking account. The source of these funds originated from cash deposits at banks in Texas, Colorado, Oregon, Washington, and California.
[ ] Records from PayPal showed that beginning on or around February 15, 2018, and continuing through October 10, 2018, the PayPal account linked to [email protected] sent
147 transactions totaling $6,150.14 to Domain.com. The subpoena return also showed on or around January 31, 2016, and continuing through September 2017, the PayPal account linked to [email protected] sent 169 transactions totaling $10,241.74 to Domain.com. The total payments sent to Domain.com from Zhou’s two PayPal accounts were approximately $16,391.88
Investigators believe Weixuan Zhou is presently in China.