I have been following the ICE seized domain names and the list that goes along with the sites / domain names that have been seized. It’s getting more crazy!!!!
In the past, with all the "seized" domain names, domain name servers were simply changed by ICE and that was pretty much it from what I could tell. The DNS changes were very likely done at the registry level. Whois details remained the same on the domain names and the sites simply showed a seized image on them.
Rojadirecta.org
Totally different story with this recently seized domain! According to whois records, The Department Of Homeland Security changed whois information on this one!
ICE (immigrations and customs enforcement) of the Department of Homeland Security appears to have changed tactics and is taking ownership of domain names… How? I have no clue, but you can see the whois just as I can above!
Rojadirecta.org has switched over to Rojadirecta.com and the site is still up at time of post. Rojadirecta has posted a statement on the site, which includes:
"US authorities "steal" our domain rojadirecta.org!"
Rojadirecta.org is registered with GoDaddy and from my understanding… the registrants name, address etc is register level data.
StrikeGently.com which was also seized recently, has whois privacy in whois, but still shows "old" DNS, but the site resolves to the seized image. Whois may be the same as Rojadirecta.org, but due to privacy on the domain.. it wouldn’t be displayed.
Atdhe.net
ChannelSurfing.net
FirstRow.net
ilemi.com
Are also newly added as of 2/1/2011. All the above have whois privacy, so I can not tell if whois changed on them to ICE or not.
Here is the latest list that I could come up with but it’s getting harder due to ICE not using the same DNS they were. If you know of a domain that is not on the list, please let me know (post in comment section):
1. 2009jerseys.com
2. 500i.net
3. 51607.com
4. amoyhy.com
5. b2corder.com
6. bishoe.com
7. borntrade.com
8. borntrade.net
9. boxedtvseries.com
10. boxset4less.com
11. boxsetseries.com
12. burberryoutlet-us.com
13. burberryoutletshop.com
14. cartoon77.com
15. cheapscarfshop.com
16. coachoutletfactory.com
17. counterfeit.net
18. dajaz1.com
19. discountscarvesonsale.com
20. dvdcollectionsale.com
21. dvdcollects.com
22. dvdorderonline.com
23. dvdprostore.com
24. dvdscollection.com
25. dvdsetcollection.com
26. dvdsetsonline.com
27. dvdsuperdeal.com
28. eluxury-outlet.com
29. getdvdset.com
30. gofactoryoutlet.com
31. golfstaring.com
32. golfwholesale18.com
33. handbag9.com
34. handbagcom.com
35. handbagspop.com
36. icqshoes.com
37. ipodnanouk.com
38. jersey-china.com
39. jerseyclubhouse.com
40. jordansbox.com
41. lifetimereplicas.com
42. louis-vuitton-outlet-store.com
43. louisvuittonoutletstore4u.com
44. louisvuittonoutletstores2u.com
45. lv-outlets.com
46. lv-outlets.net
47. lv-outletstore.com
48. massnike.com
49. merrytimberland.com
50. mycollects.com
51. mydreamwatches.com
52. mygolfwholesale.com
53. mytend.com
54. newstylerolex.com
55. nfljerseysupply.com
56. nibdvd.com
57. odvdo.com
58. oebags.com
59. onsma.sh
60. onsmash.com
61. overbestmall.com
62. rapgodfathers.com
63. realtimberland.com
64. rmx4u.com
65. scarfonlineshop.com
66. scarfviponsale.com
67. shawls-store.com
68. silkscarf-shop.com
69. silkscarfonsale.com
70. sito.com.au
71. skyergolf.com
72. sohob2b.com
73. sohob2c.com
74. storeofeast.com
75. stuff-trade.com
76. sunglasses-mall.com
77. sunogolf.com
78. tbl-sports.com
79. thelouisvuittonoutlet.com
80. throwbackguy.com
81. tieonsale.com
82. timberlandlike.com
83. topabuy.com
84. torrent-finder.com
85. usaburberryscarf.com
86. usaoutlets.net
87. StrikeGently.com
88. Rojadirecta.org
89. Rojadirecta.com
90. Atdhe.net
91. ChannelSurfing.net
92. FirstRow.net
93. ilemi.com
94. hq-streams.com
95. IILEMI.COM
96. IILEMII.COM
Since the domain names are no longer being put on one server by ICE (ns1.seizedservers.com & ns2.seizedservers.com), any future domains that get seized, we will likely find out about them as the site is shut down and users reach out and inform others. It appears that ICE is using the websites servers to post the image they have been using stating of the seized site… as Rojadirecta.org is still on the same server and so was StrikeGently.com when I checked.
*Please keep in mind that anybody with access to a domain name at its registrar can input ANY data they wish into whois records. Public whois records are not set in stone to the "actual owner" or data display.
TLD
.com version of rojadirecta is seized also as of right now.
what did this site do?
Jamie Zoch
@TLD,
From my understanding, they linked to sites that offer sports streaming and P2P link site. I just added Atdhe.net and ChannelSurfing.net to the list as well. ChannelSurfing.net current is resolving to the IP address but they posted on Twitter “www.channelsurfing.net was siezed today.”
TLD
I get if you’re hosting movies or hosting the broadcast, but taken down because of a link? What if they didn’t hyperlink but just put a URL address in text? Or what if in their link they put .c0m instead of .com (using a zero… so the link wouldn’t go anywhere unless the user manually edited it).
This is a stretch, pretty soon they will ban sites that link to opinions that they don’t like.
And what is worst, is that our tax dollars are being used for the government to try to protect the billions of profits of a few large corporations. Gee, exactly how I want my hard earned tax dollars spent. I don’t want more police on the street to catch killers or anything.
carlos
Reminds me of egypt shutting down the internet. Perhaps this is a step in the goverment resolving how to censor indirectly.
Tired Of The BS
Welcome to Barack Obama and Janet Napolitano’s New America. When these scumbags aren’t coming up with creative excuses that allow them to fondle you in an airport, they’re confiscating domain names due to outbound links.
Joey Starkey
Major Corporations might as well run the U.S. at this point.
They have the money in which they pay off the politicos wihch in turn make the laws.
It will only get worse IMO. Look at the new item that the US is pushing on ICANN.
Any domain anywhere near a TM (generic)is going to be given to any corporation that wants it. And it won’t matter if how the domain is being used.
Michael Ronayne
For the 10 Domains seized by the DHS on 2011-02-01, it appears that DHS hacked the Root Name Servers to take control of the 10 Domains. The WhoIs records show the old Name Servers while the Start-Of-Authority (SOA) records show the ICE Name Servers which they user previously for the 2010-11-24 seizers:
NS1[dot]SEIZEDSERVERS[dot]COM
NS2[dot]SEIZEDSERVERS[dot]COM
Domain Tools is showing incorrect information and not accurately tracking these changes. The Domain Tools, service “Name Server Spy” is rendered ineffective. I don’t know if the new DHS methodology is predicated on the desire to hide their activity or pure stupidity or both.
The bottom line is that we can no longer trust that WhoIs, SOA, Root Name Server records will be in agreement. This makes it increasingly difficult to track what DHS is doing. The DHS is operating with the mentality of computer hackers. Why, because they can!
You can verify what I am reporting at this website where you can do bulk lookups on all 10 Domains at the same time:
Digwebinterface[dot]com
Using this tool, run bulk lookups on all 10 Domains for the “A Record” and “SOA” information, using the Default and Authoritative Name Servers. You will find that the lookups for Authoritative Name Servers will fail. I suspect that this is part of the problem which Domain Tools is experiencing.
There is a mistaken believe amongst the holders of the seized Domains that the DHS will not seize International TLD’s. This belief is in error, because on 2010-06-30 DHS seized the International Domain MOVIES-LINKS[dot]TV. Seizing the TLD of a small Pacific Island nation which is perched atop an unstable volcanic atoll is one thing, but it would be entertaining to see what would happen if the DHS seized a Chinese “.cn” TLD where most of the trademark infringement is occurring, with full Chinese State sponsorship. But DHS would not want to get the Chinese angry; the US Government might have to stop stealing money from our Great-grandchildren.
What can we do?
1. Have automated systems log DHS activities.
2. Stop trusting what the high level GUI tools are reporting.
3. Encourage tool developers to run consistency checks for tampering.
4. Re-learn how to use low level tools such as DIG.
5. Get the word out as to what is really going on.
6. Support the Dot-P2P project.
7. Be vigilant, trust nothing and verify everything.
Mike
Jamie Zoch
@Mike,
Thanks for the great info! I can see ICE seizing a .tv domain, because .tv is run (registry) by Verisign. A U.S. Company.
Michael Ronayne
@Jamie,
You raise one very interesting question for which I don’t know the answer. How many International Domains are managed by US based companies and who are they? With the growing use of International Domains for vanity Domains and URL compression services, that could be a problem in the future. Could someone take that as a “To Do”?
Look at the way in which the Root Name Servers are organized according to Wikipedia: en[dot]Wikipedia[dot]org/wiki/Root_nameserver, with special attention to who has control of the servers as showed in the table contained in section “Root server addresses”. For the 2011-02-01 seizure, the DHS did not require access to the Registrars, although they were apparently able to compel GoDaddy to transfer ownership in the case of the rojadirecta.org Domain. Anyone who is using GoDaddy as their Registrar, should think long and hard on that decision.
The DHS was well aware that the 10 Domains, which they seized, had backups or would replaced and back in operation within a few hours but that was not the purpose of this exercise. The DHS want to test three things which they did successfully:
1. Establish case law by having a Federal Judge sign a seizure order.
2. Compel a Registrar turn over ownership of a Domain to DHS bypassing WIPO.
3. Bypass the Registrars and directly hack the Root Name Servers.
With the three successful dry-runs, which DHS now has under their belt, DHS is ready to do some serious seizures. What are we going to do when they come after a Domain which expresses a point of view which the Government of the United States doesn’t like? Look at WikiLeaks[dot]org, this website was only minor problem as long as the leaks were damaging to our last Chief Executive, once WikiLeaks became a problem for our current Chief Executive the story-line quickly changed.
To @Joey who said that the “Major Corporations might as well run the U.S. at this point”, the corporations who will benefit the most from the last three sets of DHS Domain seizures, comprise the major contributors the successful election of our current Chief Executive, who is by all accounts is an honest politician because once you buy him he stays bought. If DHS had done exactly the same thing while reporting to our last Chief Executive our Free Press would be all over this story screaming about freedom speech, etc.
In the context of the last 7,000 years of recorded Human history we must not lose sight of exactly how unique an opportunity the Internet is to the advance of Human freedom. To paraphrase an old car commercial, when America still had free car companies:
It is not just your Domain, it is your Freedom!
Mike
Michael Ronayne
Two of the seized Domains, rojadirecta[dot]org and rojadirecta[dot]com are of high interest, because DHS appeared to take WhoIs ownership of rojadirecta[dot]org. These two Domains were replaced by rojadirecta[dot]es, rojadirecta[dot]me and rojadirecta[dot]in. The Registrar for Spanish TLD “es” doesn’t disclose any information about registrations, including the date of registration; however Domain Tools has been caching International TLD’s WhoIs records for several years now and the earliest cached date in their records for rojadirecta[dot]es is 2010-01-09 which means that the Domain existed on or before that date. The cached WhoIs records are empty except for the Name Server information which was recorded by Domain Tools.
Now here is where things get really interesting! The two new backup Domains, rojadirecta[dot]me and rojadirecta[dot]in, were both registered on Monday 2011-01-24, a full week before the DHS seizures on Tuesday 2011-02-01. Here are the earliest cached WhoIs records (registrant only section) in Domain Tools for both Domains.
Domain: rojadirecta[dot]in – Domain History
Cache Date: 2011-02-01
Server: whois[dot]inregistry[dot]net
Domain ID: D4737402-AFIN
Domain Name: ROJADIRECTA.IN
Created On: 24-Jan-2011 06:12:46 UTC
Last Updated On: 01-Feb-2011 06:09:08 UTC
Expiration Date: 24-Jan-2012 06:12:46 UTC
Sponsoring Registrar: Internet.bs Corp. (R111-AFIN)
Status: CLIENT TRANSFER PROHIBITED
Status: TRANSFER PROHIBITED
Registrant ID: INTEqxxft095kuac
Registrant Name: Igor Seoane
Registrant Organization:
Registrant Street1: Street
Registrant Street2:
Registrant Street3:
Registrant City: City
Registrant State/Province:
Registrant Postal Code: Postalcode
Registrant Country: ES
Registrant Phone: +34.012345678
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email: igorseoane[at]gmail[dot]com
Domain: rojadirecta[dot]me – Domain History
Cache Date: 2011-02-01
Server: whois.nic[dot]me
Domain ID: D1824953-ME
Domain Name: ROJADIRECTA.ME
Domain Create Date: 24-Jan-2011 18:08:49 UTC
Domain Last Updated Date: 24-Jan-2011 18:08:56 UTC
Domain Expiration Date:24-Jan-2012 18:08:49 UTC
Last Transferred Date:
Trademark Name:
Trademark Country:
Trademark Number:
Date Trademark Applied For:
Date Trademark Registered:
Sponsoring Registrar:Dynadot LLC R30-ME
Created by:Dynadot LLC R30-ME
Last Updated by Registrar:Dynadot LLC R30-ME
Domain Status:CLIENT TRANSFER PROHIBITED
Domain Status:TRANSFER PROHIBITED
Registrant ID:CP-106310
Registrant Name:Igor Seoane c/o Dynadot Privacy
Registrant Organization:
Registrant Address: PO Box 701
Registrant Address2:
Registrant Address3:
Registrant City: San Mateo
Registrant State/Province: CA
Registrant Country/Economy: US
Registrant Postal Code:94401
Registrant Phone: +1.6505854708
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant E-mail: privacy[at]dynadot[dot]com
I can think of only two explanations for the Domains being registered exactly one week before the DHS seizures:
1. The timing of the registrations for the two domains was just an unusual coincidence.
2. The security for the DHS operation was compromised and the holders of “Roja Directa” Domains knew that the DHS was coming for them.
If the second explanation is correct, that raises a very interesting scenario and could explain a troubling bit of information which I didn’t understand. Knowing that the DHS was coming for them, and having registered the two additional backup Domains in advance, the holders of “Roja Directa” (“Red Direct”) researched the WhoIs information which the DHS could have used and once they lost SOA for the rojadirecta[dot]org Domain on 2011-02-01 they changed the WhoIs records themselves and could actually still have control of the Doman at GoDaddy. This would explain why rojadirecta[dot]com was not transferred to DHS, it being the more valuable Domain which “Roja Directa” could use in future litigation.
The holder of “Roja Directa” Domains were the first one to report the DHS seizures on Tuesday 2011-02-01. A coincidence, I think not!
Basically “Roja Directa” could be sending a message to DHS. In the vernacular this is know as sticking it to the Man! A comforting theory if it is true.
Mike
haidjj
hai nice sharing…….
Rudy
What jurisdiction would ICE have over websites with .ch?
I know of a few streaming sites. Could these be affected?
Seems plain wrong for ICE to intercede in a sovereign country.