THE WHITE RABBIT TRUST DIGITAL INFRASTRUCTURE AND TRANSNATIONAL REGULATORY REMEDIATION
5th February 2026
The digital operations directed by Simon Goldberg, operating under the aegis of the White Rabbit Trust and a broader network colloquially identified as the Rogue Trinity, represent a sophisticated exercise in jurisdictional arbitrage and technical obfuscation. This report provides a comprehensive forensic analysis of the infrastructure utilized by whiterabbittrust.org, detailing why this specific configuration has remained resilient against conventional takedown attempts and outlining a multi-layered strategic framework for successful remediation. The analysis proceeds from a technical deconstruction of the Domain Name System (DNS) and hosting layers into a deep-dive of the legal and regulatory "Achilles' heels" inherent in the group’s own sworn testimony and public activities.
Forensic Technical Analysis of the White Rabbit Trust Infrastructure
The technical configuration of whiterabbittrust.org is not merely a matter of convenience but a deliberate strategy to exploit the fragmentation of the global internet governance regime. By distributing essential service components across multiple providers and legal jurisdictions, the operator creates a series of procedural moats that prevent any single authority or provider from taking unilateral action.
DNS and Registrar Stratification
The primary domain, whiterabbittrust.org, is registered through Wild West Domains, LLC, a wholesale reseller entity of GoDaddy, LLC.1 This selection is critical for several reasons. Wild West Domains serves as a high-volume registrar that provides a layer of corporate separation between the ultimate registry (Public Interest Registry for.ORG) and the end-user. The domain’s longevity, having been registered on February 18, 2015, suggests a stable operation that has successfully navigated the basic compliance checks of the registrar for over a decade.
The inclusion of Domains By Proxy, LLC (DBP) adds a significant layer of legal shielding. DBP is a privacy service that replaces the actual registrant's contact information in the public WHOIS database with its own corporate details.4 Under the terms of the service, the privacy provider will only reveal the true identity of the registrant or disable the service in response to a valid U.S. court order or a specific, high-threshold violation of their Anti-Spam or Abuse policies.4 For international complainants, this necessitates a domestic U.S. legal action to even identify the target, representing a major cost and procedural barrier to remediation.
The Jurisdictional Separation of Hosting and Registration
A defining characteristic of Goldberg’s infrastructure is the geographic and legal separation between the domain’s registrar and its hosting provider. While the registrar is a U.S. entity (Wild West Domains), the actual content is hosted on servers located in the United Kingdom, specifically utilizing Namecheap’s UK infrastructure at IP 185.61.152.71.5
This bifurcation creates a "jurisdictional ping-pong" effect. When a complainant reports fraudulent content to the registrar, the registrar frequently responds that they are merely the "phone book" of the internet and have no control over the "house" (the hosting server) where the content resides.8 Conversely, Namecheap’s hosting department often requires proof that the domain itself is fraudulent or a court order from a UK court before they will intervene in content-related disputes.2 This strategy is particularly effective against automated takedown tools and novice complainants who do not understand the distinction between DNS-level abuse and content-level abuse.
Email Obfuscation and the Jellyfish Ecosystem
The mail infrastructure of the White Rabbit Trust utilizes the jellyfish.systems environment, which is a proprietary email security and filtering ecosystem developed by Namecheap.6 The MX records point to mx1-hosting.jellyfish.systems, which acts as a sophisticated gateway for all incoming and outgoing communications.
The Jellyfish system is marketed as a "self-learning" anti-spam and anti-virus tool, but in the context of high-risk operations, it serves as a robust defensive perimeter.6 It scans all outgoing mail to ensure that "scam" patterns are sufficiently masked to bypass the spam filters of major providers like Gmail or Outlook, thereby increasing the success rate of the group’s recruitment and solicitation efforts.6 Furthermore, by utilizing Namecheap’s internal email routing, the operator can maintain communication with its "members" even if external websites are temporarily throttled or under attack.
The Rogue Trinity: Coordinated Fraud Network Analysis
The White Rabbit Trust does not function as an isolated entity; rather, it serves as the financial clearinghouse for a coordinated network described in forensic documentation as the "Rogue Trinity".12 This network encompasses three primary domains that work in concert to facilitate financial crimes, mask beneficial ownership, and radicalize members against legitimate financial institutions.
Domain Interdependencies The Rogue Trinity consists of the following interconnected digital assets:
1. whiterabbittrust.org: The financial hub and repository for fraudulent tax templates and instructional materials.
2. empowerthepeople.earth: The primary recruitment and ideology-dissemination platform, focused on "sovereign" legal theories.
3. youandyourcash.com: The tactical site used for managing "claims" and direct interactions with victims regarding their personal debts.
Forensic investigation into the coordination of these sites reveals that they share not only leadership (Simon Goldberg, often using the alias "The Spaniard") but also technical resources and legal defense strategies.12 The White Rabbit Trust domain is specifically used to "mask the beneficial ownership of funds derived from the solicitation of Wire Fraud and Unlicensed Money Transmission".12 By rotating the "call to action" across these three domains, the operator ensures that if one site is flagged for abuse, the others remain operational, providing a resilient frontline for the enterprise.
Operational Role of MLITR Research LLC
Behind the "ecclesiastical" and "trust" facades lies a corporate structure intended to provide a veneer of legitimacy. MLITR Research LLC, registered in Sheridan, Wyoming, is the primary legal vehicle used to manage the finances of the network.12 Wyoming is chosen specifically for its favorable laws regarding private LLCs, which offer high levels of anonymity for managers and members. The "Ecclesia Law" brand is merely a trading style of this Wyoming LLC, designed to appeal to individuals who are inherently distrustful of "BAR-regulated" legal professionals.
This structure is a deliberate attempt to evade the Financial Services and Markets Act 2000 (FSMA) in the UK by claiming that the business is a private, U.S.-based research entity rather than a UK-based financial services provider.12 However, as the forensic analysis of Goldberg’s witness statements shows, the physical performance of the work and the targeting of UK citizens bring the operation squarely within the jurisdiction of the Financial Conduct Authority (FCA).
Legal and Regulatory Vulnerabilities: The Goldberg Achilles' Heels
The persistence of the White Rabbit Trust website is not a result of its legality but rather the failure of complainants to trigger the specific regulatory mechanisms that providers like Namecheap and Wild West Domains are legally required to respect. A forensic review of Goldberg’s own sworn statements reveals five critical vulnerabilities that can be leveraged to dismantle the infrastructure.
Breach of FSMA 2000: Unauthorized Claims Management
In his witness statement, Goldberg describes the entity Empower The People (EtP) as a "go-between, ensuring structured communication and steady workflows" regarding tax claims and legal adjustments.12 Under Article 89G of the Financial Services and Markets Act 2000, the act of "seeking out, referrals and identification of claims" is a strictly regulated activity in the United Kingdom.
By admitting that EtP acts as a conduit for these claims, Goldberg has provided prima facie evidence that he is operating an unauthorized Claims Management Company (CMC).12 Operating a regulated activity without FCA authorization is a criminal offense under Section 23 of FSMA 2000.13 This is the most potent weapon for a website takedown because Namecheap’s UK division (based in Lincoln) is subject to UK law and cannot knowingly host a criminal enterprise involved in unauthorized financial services.
The 1099-OID Fraud: Transnational Federal Crime
The White Rabbit Trust’s primary product is the facilitation of "Redemption" fraud using U.S. tax forms, specifically Form 1099-OID.12 Goldberg has admitted that his organization utilizes these forms to assist members in "discharging" personal debts.12 In the United States, this specific methodology has been definitively criminalized as Federal Wire Fraud and RICO conspiracy, notably in the landmark case United States v. Anderson.
The distribution of these instruments via the whiterabbittrust.org domain constitutes the use of a U.S. registrar (Wild West Domains) to facilitate federal crimes. This creates a direct reporting pathway to the IRS Criminal Investigation Division (CID) and the Federal Bureau of Investigation (FBI). Once a federal agency issues a seizure warrant or a formal request to the registrar, the "Domains By Proxy" shield is immediately pierced, and the domain is suspended.
The "Muad'Dib" Alias and Forensic Suicide
A unique insight into the fraudulent nature of the operation is Goldberg’s admission that he refers to his tax specialist as "Paul Muad'Dib," a character from the fictional universe of Dune.12 From a professional forensic standpoint, the use of "fantasy" aliases to introduce an expert witness in a financial matter is a catastrophic failure of credibility. If the "expert" is not a registered U.S. tax preparer with a Preparer Tax Identification Number (PTIN), his involvement in filing 1099 forms is an admission of unlicensed practice and potential fraud.
Analysis of Takedown Obstacles and Remediation Failures
The user’s reported failure to take the website down is likely due to the application of standard "abuse" reporting protocols to a non-standard, "bulletproof" hosting configuration. Conventional abuse reports are processed by low-level technicians who are trained to look for obvious violations such as phishing pages (exact copies of banks) or malware. Goldberg’s infrastructure is designed to avoid these "low-hanging fruit" triggers.
The Procedural Moat of Namecheap
Namecheap has established a reputation for resisting non-judicial takedown requests, often positioning itself as a defender of internet freedom. They are known for requiring specific, admissible evidence of a crime rather than mere allegations of a "scam." Furthermore, Namecheap’s abuse department is often understaffed, with reports taking up to 72 hours or longer for initial review.
The "Sovereign" Defense Strategy
Goldberg’s use of terms like "White Rabbit Trust," "Ecclesia," and "Private Ecclesiastical Counsel" is a psychological and legal tactic.12 It is designed to signal to the hosting provider and the registrar that any attempt to take the site down is an attack on "religious freedom" or a "private trust".12 This creates a "legal hesitation" in the compliance departments of Western providers, who are wary of being sued for civil rights violations. To overcome this, the remediation must focus strictly on the unauthorized financial activity and tax fraud, which are not protected under any ecclesiastical or sovereign doctrine.
Strategic Remediation Framework: The Master Takedown Plan
To successfully remove the White Rabbit Trust from the internet, a coordinated, multi-jurisdictional approach is required. This plan leverages the "Achilles' Heels" identified above and targets the infrastructure providers at their most sensitive points of compliance risk.
Phase 1: UK Regulatory Engagement (The Silver Bullet)
Since the website is hosted in the UK (Namecheap UK) and Goldberg is physically operating in the UK, the most immediate path to success is the Financial Conduct Authority (FCA).
1. FCA Unauthorized Firms Report:
Submit a formal report to the FCA’s Enforcement and Market Oversight Division. The report must explicitly state that whiterabbittrust.org is being used to operate an unauthorized Claims Management Company in violation of FSMA 2000, Section 23.
2. Action Fraud (UK) Referral: File a report with the UK’s national fraud and cybercrime reporting center. Reference the "Rogue Trinity" network and provide the IP address 185.61.152.71.
3. Namecheap UK Legal Notice: Send a formal "Notice and Takedown" to legalandabuse@namecheap.com. This notice should not be a general abuse report. It must be a legal letter citing the FSMA 2000 violations and Goldberg’s own sworn confession of unauthorized activity.12 State that the continuation of hosting services for a known criminal enterprise involved in unauthorized financial services creates liability for Namecheap under the Proceeds of Crime Act (POCA) 2002.
Phase 2: U.S. Federal Criminal Escalation
This phase targets the registrar (Wild West Domains) and the registrant shield (Domains By Proxy).
1. IRS Whistleblower Office (Form 211): Submit Form 211 to the IRS. Provide evidence that the domain is the primary repository for 1099-OID fraud templates.12 The IRS CID has the authority to request that U.S.-based registrars suspend domains involved in federal tax crimes.
2. FinCEN SAR Filing: Utilize the FinCEN "Suspicious Activity Report" webform to report the White Rabbit Trust Group as an unlicensed Money Service Business (MSB). Citing the masking of beneficial ownership and the collection of fees for illegal tax instruments will trigger an AML investigation.
3. Wild West Domains Abuse Escalation: Contact abuse@wildwestdomains.com. Provide the IRS/FinCEN case numbers. Inform them that the registrar is currently facilitating a RICO enterprise as defined in United States v. Anderson.12 Demand the suspension of the domain to prevent further federal wire fraud.
Phase 3: Targeted Infrastructure Neutralization
This phase focuses on the "connective tissue" of the operation.
1. Jellyfish Spam Protection Report: Report the MX record mx1-hosting.jellyfish.systems to Namecheap’s email abuse team at abuse@namecheaphosting.com.9 Provide full email headers from the group’s solicitation emails. Because Namecheap markets Jellyfish as a tool for "safety and security," they are more likely to act if their own infrastructure is being used to bypass external spam filters for fraudulent purposes.
2. Meta (Facebook) Group Takedown: As noted in the Ecclesia Law demand, the Facebook group "White Rabbit Trust" is the primary recruitment node. By removing the social media presence, the traffic to the website will drop significantly, reducing its utility as a fraud clearinghouse.
3. Whois Inaccuracy Complaint: Submit a report to whoisinaccuracy@namecheap.com and Wild West Domains.9 If the registrant data for MLITR Research LLC is outdated or if the Wyoming entity has been administratively dissolved, the registrar is required by ICANN to suspend the domain until accurate data is provided.
Conclusion: The Path to Final Decommissioning
The White Rabbit Trust website infrastructure is a resilient, cross-border system designed by an operator who understands the procedural limitations of major internet service providers. Simon Goldberg’s use of Namecheap UK hosting and a Wild West Domains US registrar is a strategic choice intended to create a jurisdictional vacuum. However, the operator’s own arrogance in providing sworn testimony regarding unauthorized financial activity (FSMA 2000) and federal tax fraud (1099-OID) has provided the necessary evidence to collapse this vacuum.
The best way to take the website down is to stop treating it as a "scam website" and start treating it as a "regulatory compliance failure." By forcing Namecheap and Wild West Domains to acknowledge their legal liability under the Financial Services and Markets Act and U.S. Federal Fraud statutes, the "free speech" and "sovereign" defenses are rendered moot. The remediation must be clinical, statutory, and persistent, targeting the infrastructure's legal standing rather than just its content. Only by following the regulatory escalation paths to the FCA, IRS, and FinCEN will the user achieve the final suspension of the White Rabbit Trust domain and the dismantlement of the Rogue Trinity network.
Works cited
1. Report phishing to Wild West Domains, accessed February 5, 2026, https://phish.report/contacts/Wild-West-Domains
2. Namecheap, EFF and the Dangerous Internet Wild West - CircleID, accessed February 5, 2026,
https://circleid.com/posts/20200312-namecheap-eff-and-the-dangerous-internet-wild-west
3. Wild West Domains LLC | BBB Complaints | Better Business Bureau, accessed February 5, 2026,
https://www.bbb.org/us/az/scottsdale/profile/internet-service/wild-west-domains-llc-1126 9001721/complaints
4. Tucows WHOIS privacy terms and conditions - 123 Reg, accessed February 5, 2026,
https://www.123-reg.co.uk/terms/general-whois-privacy-terms/
5. SecuritySnacks - DomainTools Investigations, accessed February 5, 2026, https://dti.domaintools.com/category/securitysnacks
6. Jellyfish Spam Protection by NameCheap, accessed February 5, 2026, https://www.namecheap.com/security/anti-spam-protection/
7. WHOIS data privacy - EU considers ban on anonymous websites - AKD, accessed February 5, 2026,
https://www.akd.eu/insights/whois-data-privacy-eu-considers-ban-on-anonymous-websites
8. How do you report a fraudulent website to a registrar? - Namecheap Blog, accessed February 5, 2026,
https://www.namecheap.com/blog/how-to-report-a-fraudulent-website-to-a-registrar/
9. How and where can I file abuse complaints? - General & Support - Namecheap.com, accessed February 5, 2026, https://www.namecheap.com/support/knowledgebase/article.aspx/9196/5/how and-where-can-i-file-abuse-complaints/
10. How to configure Jellyfish for a domain - Email service - Namecheap.com, accessed February 5, 2026, https://www.namecheap.com/support/knowledgebase/article.aspx/10560/2216/how-to configure-jellyfish-for-a-domain/
11. privateemail.com Lookup - SPF-Record, accessed February 5, 2026, https://www.spf record.com/spf-lookup/privateemail.com
12. WHITERABBITTRUST WEBSITE ONLINE SUBMISSION.docx
13. Financial Services and Markets Act 2000: Key Compliance Guide for UK Businesses, accessed February 5, 2026,
https://sprintlaw.co.uk/articles/financial-services-and-markets-act-2000-key compliance-guide-for-uk-businesses/
14. Financial Services and Markets Act 2000 - GOV.UK, accessed February 5, 2026, https://assets.publishing.service.gov.uk/media/5a79a91ded915d07d35b72a2/consolidated_fsma050 911.pdf
15. Case 1:12-cv-00040-JPJ-PMS Document 6 Filed 11/06/12 Page 1 of 19 Pageid#: 25 - Department of Justice, accessed February 5, 2026, https://www.justice.gov/sites/default/files/tax/legacy/2012/11/09/Sewell%20Amended%20Injunction% 20Complaint.PDF
16. Case 1:24-cr-00255-JLT-SKO Document 102 Filed 07/23/25 Page 1 of 6 - GovInfo, accessed February 5, 2026, https://www.govinfo.gov/content/pkg/USCOURTS-caed-1_24-cr 00255/pdf/USCOURTS-caed-1_24-cr-00255-12.pdf
17. uploadtree.com - Pulsedive, accessed February 5, 2026, https://pulsedive.com/ioc/uploadtree.com
18. Facebook sues Namecheap - Hacker News, accessed February 5, 2026, https://news.ycombinator.com/item?id=22497391
19. Namecheap abuse suppport is terrible - Reddit, accessed February 5, 2026, https://www.reddit.com/r/NameCheap/comments/1qtp45t/namecheap_abuse_suppport_is_terrible/
20. Legal - Copyright and Trademark Policies - Namecheap.com, accessed February 5, 2026,
https://www.namecheap.com/legal/general/copyright-trademark-policies/
21. UDRP arbitration lawyer - Vondran Legal, accessed February 5, 2026, https://www.vondranlegal.com/udrp-complaints
22. The Truth About Frivolous Tax Arguments — Section I (D to E) | Internal Revenue Service, accessed February 5, 2026,
https://www.irs.gov/privacy-disclosure/the-truth-about-frivolous-tax arguments-section-i-d-to-e
23. When should I contact the Namecheap Legal and Abuse department? - General & Support, accessed February 5, 2026, https://www.namecheap.com/support/knowledgebase/article.aspx/10146/5/when-should-i-contact the-namecheap-legal-and-abuse-department/
24. UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA CIVIL ACTION NO. UNITED STATES OF AMERICA, Plaintiff, v. SHARON ANGULO - Department of Justice, accessed February 5, 2026, https://www.justice.gov/archive/tax/angulo_complaint.pdf