Latest news of the domain name industry

Recent Posts

Feds did not seize conspiracy domain

Kevin Murphy, June 9, 2011, Domain Policy

I reported earlier in the week that the US Immigration and Customs Enforcement agency had seized a domain name belonging to an anti-vaccine conspiracy theorist.

It seems I may have jumped the gun. The seizure of almost certainly didn’t happen.

Ars Technica called up ICE for the affidavit used to win the court order to seize the domain, and received this statement from an apparently baffled press officer:

ICE has not taken any enforcement action against this site. The site owner/administration redirected to our name server, where the seizure banner is hosted.

If this is true, it seems that any idiot can change their name servers to and and ICE will happily serve up a warning about copyright infringement without even checking whether the domain has actually been seized.

While the case did seem odd, I had assumed that ICE was doing some basic domain verification before displaying its increasingly infamous banner.

This was not an unreasonable assumption – previously, domains seized due to child pornography have displayed a different banner to those involvement with counterfeiting.

There is some code on the site checking the incoming domains before displaying the banner, in other words, apparently just not enough to stop the wave of spoof seizures we’re now likely to see.

Feds seize conspiracy theorist’s domain

Kevin Murphy, June 7, 2011, Domain Policy

The US Immigration and Customs Enforcement agency has seized the domain name of an anti-vaccine conspiracy theorist.

Update: This story is probably bogus.

The domain has started resolving to the now-familiar ICE banner, warning visitors about the penalties for counterfeiting and copyright infringement.

Its name servers switched this week to ICE-owned

Judging from the Google cache, the site was devoted to spreading dangerous misinformation about the the efficacy of various vaccines, particularly Gardasil, which is used to prevent HPV infection.

Unlike previously seized domains, does not, at least from the cache, appear to have been prominently pimping counterfeit goods.

It was registered using Go Daddy’s private registration service, but once belonged to one Lowell Hubbs.

You can listen to Hubbs’ theory about vaccines and the Rockerfellers on YouTube. He makes Jenny McCarthy look sensible. He was apparently a regular Huffington Post commenter.

A blog devoted to criticizing Hubbs and his theories can be found at and the reply to that blog, purportedly written by Hubbs, can be found, confusingly, at

The Hubbs’ blog claims the seized site had been hacked and filled with illegal porn links. His critic’s blog says he was likely shut down for using copyrighted material without permission.

ICE seizes more piracy domains

Kevin Murphy, May 23, 2011, Domain Policy

The US Immigration and Customs Enforcement agency has seized a small number of domain names that were allegedly being used to distribute bootleg movies and other goods.

But the number of domains falling to Operation In Our Sites in the latest round appears to be smaller than reported over the weekend by TorrentFreak.

The newly seized domains seem to be, and

Another half-dozen domains reportedly grabbed within the last few days were actually seized last November, as part of ICE’s major Thanksgiving crackdown.

The false positives were likely spotted because the domains recently changed name servers to ICE’s, but this appears to be due to a domain management issue, rather than a fresh seizure.

ICE domain seizures enter second phase

Kevin Murphy, April 20, 2011, Domain Policy

The US Immigration & Customs Enforcement agency seems to be consolidating its portfolio of seized domain names by transferring them to its own registrar account.

Many domains ICE recently seized at the registry level under Operation “In Our Sites” have, as of yesterday, started naming the agency as the official registrant in the Whois database.

ICE, part of the Department of Homeland Security, has collected over 100 domains, most of them .coms, as part of the anti-counterfeiting operation it kicked off with gusto last November.

The domains all allegedly either promoted counterfeit physical goods or offered links to bootleg digital content.

At a technical level, ICE originally assumed control of the domains by instructing registries such as VeriSign, the .com operator, to change the authoritative name servers for each domain to

All the domains pointed to that server, which is controlled by ICE, resolve to a web server displaying the same image:

ICE seized domains banner

(The banner, incidentally, appears to have been updated this month. If clicked, it now sends visitors to this anti-piracy public service announcement hosted at YouTube.)

Until this week, the Whois record associated with each domain continued to list the original registrant – a great many of them apparently Chinese – but ICE now seems to be consolidating its portfolio.

As of yesterday, a sizable chunk — but by no means all — of the seized domains have been transferred to Network Solutions and now name ICE as the registrant in their Whois database records.

Rather than simply commandeering the domains, it appears that ICE now “owns” them too.

But ICE has already allowed one of its seizures to expire. The registration for expired in March, and it no longer points to or displays the ICE piracy warning.

The domain is now listed in Redemption Period status, meaning it is starting along the road to ultimately dropping and becoming available for registration again.

Interestingly, most of the newly moved domains appear to have been transferred into NetSol from original registrars based in China, such as HiChina, Xin Net and

After consulting with a few people more intimately familiar with the grubby innards of the inter-registrar transfer process than I am, I understand that the names could have been moved without the explicit intervention of either registrar, but that it would not be entirely unprecedented if the transfers had been handled manually under the authority of a court order.

If I find out for sure, I’ll provide an update.

Plug-in works around seized domains

Kevin Murphy, April 15, 2011, Domain Tech

Disgruntled coders have come up with a new Firefox plug-in to help people find piracy web sites after their domain names are seized by the authorities.

MAFIAA-Fire hooks into the browser, checking DNS queries against a list supplied by the developers, to see if the name corresponds to a seized domain.

If it does, the browser is redirected to an approved mirror. If it does not, the DNS query is handled as normal through the browser’s regular resolvers.

The plug-in was created in response to the seizure of domain names alleged to be involved in distributing bootleg movies, music and software.

The US Immigration and Customs Enforcement agency has been sending court-ordered take-down notices to US-based registry operators such as VeriSign for the last several months.

Some sites immediately relocate to top-level domains outside of US jurisdiction. MAFIAA-Fire is designed to make the process of finding these new sites easier.

As the plug-in site acknowledges, if any fraudulent data were to make its way onto its manually-authenticated list of domains, it could cause a security problem for end users.

MAFIAA stands for “Music and Film Industry Association of America”, a corruption of RIAA and MPAA. The “Fire” suffix comes from the fact that fire melts ICE.

The plug-in, which was first reported by TorrentFreak, is hosted at a .com address.