Domain Name Seizures Of Popular Rap File-Sharing Sites Potentially An Elaborate Hoax (updated)

There was talk of this being an elaborate hoax since the beginning including mentions of 4chan. Earlier today, commenter Elun B. summarizes some of the information:

What a con game! None of these are ICE seizures. They are all fake sites put up to mimic (and not very well) the real ICE seizures. What’s the clues? All of these sites are hosted at carohosting, including the google analytics and piwik analytics that the creator wanted to track how well his viral news article was. Official seized sites are no more than a single 640×480 JPG (with no visitor tracking). Not knowing anything about the original site content of these fakes, perhaps the site owners are trying to bilk their subscribers and blame it on the Feds. For the real seizures (and for the con artists, the real graphic), visit:

Another good source of information regarding the (il)legitimacy of the seizures can be found in the comments section of the slashdot post:

Well, it looks fishy to me. Here are the questionable elements.

(1) The domain registration information information still lists a private domain owner and and admin contact.

(2) The name servers and, as well as the ALL redirect to addresses in a private hosting company (, .109 and .110 respectively), physically in Charlotte, NC. The picture you’re greeted with is served from one of the hosting company’s addresses.

(3) Whois reports the registrar to be Go Daddy, but the name servers ns1 and whose IP addresses aremanaged by a private company called “wild west domains”.

(4) The “” domain is controlled by a company called “immixGroup IT solutions”. The registrar is network solutions and the registrant is using network solution’s privacy service to block his contact identity.

Notice what is missing here: any reference to a government controlled host, domain or name controller. All we have is a set of privately procured and managed name and web servers with anonymous administrative contacts. There is literally *nothing* to connect the picture you are seeing at the website to DHS, other than the picture’s *claim*.

A little googling shows this exact same picture shows up in similar “DHS seizure” cases, with the exact same pattern of private servers and domains leading back to some anonymity service and NO government ip addresses, domains or contacts involved, although the *private* domains and servers involved are different. If this were a DHS seizure program, wouldn’t the trail lead back to the same government contacts?

It looks to me like this is either a hoax or a case of private hijacking by a private individual or group who uses different domains and accounts to cover his tracks.

NYTimes Piece On The DHS/ICE Domain Seizures Does Not Offer Any New Significant Information
Department of Homeland Security Seizes Popular Rap File-Sharing Sites, OnSmash, Dajaz1, RapGodfathers


After some discussion it is seeming less likely the seizures were a hoax. And now Techcrunch has pointed out that the affected sites could easily follow Torrent-Finder’s lead and re-register with a non US Government controlled domain, like .info, to get back online.

While the graphic is pretty scary, Market Ticker’s Karl Denninger points out the websites themselves and the servers they run on have not actually been seized, just the domains.

“That’s a lot of staff attorney time and trouble to get a big fat nothing out of it, which is exactly what they get going down this road. Why? Because all they can do is redirect the domain pointers which will do exactly nothing when the sites re-register under a top-level domain not under the US Government’s jurisdiction – and there are lots of them.”

Domains under US jurisdiction currently include anything controlled by Verisign which puts .com site owners in a legal relationship with the United States. According to Denninger, all afflicted site owners need to do is move to a non-US controlled top level domain in order to dodge further ICE seizures.