[AfrICANN-discuss] U.S. Government Seizes BitTorrent Search Engine Domain and More

Sat Nov 27 06:13:35 SAST 2010

Morning Alex,

I find this very curious.

We all know (or should know) that ICANN or more properly (the IANA)
cannot physically make this change, as they do not have access to the
.com zone file to physically make this change.

So, either GoDaddy is lying aboout ICANN making the change, or they
meant that the order came from ICANN, which, as we all know is not the
way things should be done.  If GoDaddy has an order from ICANN, I
would love to see it, more likely, GoDaddy got an order from a court
ordering them to do this.

There is another possibility, this is possibly a hoax, or social
engineering attack.

Looking in the DNS I see that whois shows that the original
registrant, torrent finder still owns the domain, so the domain was
not "seized", but the DNS was redirected seemingly by a private
company whose domain (seized Domain.com) was registed on 24 Nov,
seemingly by a private company.  If you lok at the IP address whois,
that block is registered to another private company, so there is no
evidence that this was done by a USG body....very curious indeed.
Does the USG outsource  "seizures" of this kind??  I would think they
would use their own IP ranges and web servers.  It looks very fishy to
me!!

anyway here is the DNS and whois data:

dig torrent-finder.com

; <<>> DiG 9.3.2 <<>> torrent-finder.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 168
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;torrent-finder.com.            IN      A

;; ANSWER SECTION:
torrent-finder.com.     15089   IN      A       74.81.170.110

;; AUTHORITY SECTION:
torrent-finder.com.     15089   IN      NS      ns2.torrent-finder.com.
torrent-finder.com.     15089   IN      NS      ns1.torrent-finder.com.

;; ADDITIONAL SECTION:
ns1.torrent-finder.com. 15089   IN      A       74.81.170.109
ns2.torrent-finder.com. 15089   IN      A       74.81.170.108

;; Query time: 234 msec
;; SERVER: 196.200.16.2#53(196.200.16.2)
;; WHEN: Sat Nov 27 06:41:35 2010
;; MSG SIZE  rcvd: 120

dig @ns1.torrent-finder.com ANY torrent-finder.com

; <<>> DiG 9.3.2 <<>> @ns1.torrent-finder.com ANY torrent-finder.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1312
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;torrent-finder.com.            IN      ANY

;; ANSWER SECTION:
torrent-finder.com.     86400   IN      A       74.81.170.110
torrent-finder.com.     86400   IN      SOA     torrent-finder.com.
noreply.seizeddomain. 2010111801 86400 3600 604800 10800
torrent-finder.com.     86400   IN      NS      ns2.torrent-finder.com.
torrent-finder.com.     86400   IN      NS      ns1.torrent-finder.com.

;; ADDITIONAL SECTION:
ns1.torrent-finder.com. 86400   IN      A       74.81.170.109
ns2.torrent-finder.com. 86400   IN      A       74.81.170.108

;; Query time: 437 msec
;; SERVER: 74.81.170.109#53(74.81.170.109)
;; WHEN: Sat Nov 27 06:42:34 2010
;; MSG SIZE  rcvd: 176

C:\Documents and Settings\Administrator>whois -h whois.arin.net  74.81.170.110
#
# Query terms are ambiguous.  The query is assumed to be:
#     "n 74.81.170.110"

CaroNet Managed Hosting, Inc. CI-74-81-170-0-23 (NET-74-81-170-0-1)
74.81.170.0 - 74.81.171.255
Carolina Internet, Ltd. CARO-NET-ARIN-4 (NET-74-81-160-0-1)
74.81.160.0 - 74.81.191.255

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

C:\Documents and Settings\Administrator>dig @ns1.torrent-finder.com
ANY SEIZEDSERVERS.COM

; <<>> DiG 9.3.2 <<>> @ns1.torrent-finder.com ANY SEIZEDSERVERS.COM
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 740
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;SEIZEDSERVERS.COM.             IN      ANY

;; ANSWER SECTION:
SEIZEDSERVERS.COM.      86400   IN      A       74.81.170.110
SEIZEDSERVERS.COM.      86400   IN      SOA     SEIZEDSERVERS.COM.
noreply.seizeddomain. 2010111801 86400 3600 604800 10800
SEIZEDSERVERS.COM.      86400   IN      NS      ns1.SEIZEDSERVERS.COM.
SEIZEDSERVERS.COM.      86400   IN      NS      ns2.SEIZEDSERVERS.COM.

;; ADDITIONAL SECTION:
ns1.SEIZEDSERVERS.COM.  86400   IN      A       74.81.170.109
ns2.SEIZEDSERVERS.COM.  86400   IN      A       74.81.170.108

;; Query time: 500 msec
;; SERVER: 74.81.170.109#53(74.81.170.109)
;; WHEN: Sat Nov 27 06:53:13 2010
;; MSG SIZE  rcvd: 175

whois -h whois.networksolutions.com SEIZEDSERVERS.COM

Registrant:
immixGroup IT Solutions
   ATTN SEIZEDSERVERS.COM
   care of Network Solutions
   PO Box 459
   Drums, PA.  US  18222

   Domain Name: SEIZEDSERVERS.COM

   Administrative Contact, Technical Contact:
      immixGroup IT Solutions
ha3cf8td8vj at networksolutionsprivateregistration.com
      ATTN SEIZEDSERVERS.COM
      care of Network Solutions
      PO Box 459
      Drums, PA 18222
      US
      570-708-8780

   Record expires on 24-Nov-2011.
   Record created on 24-Nov-2010.
   Database last updated on 26-Nov-2010 22:38:17 EST.

   Domain servers in listed order:

   NS1.SEIZEDSERVERS.COM        74.81.170.109
   NS2.SEIZEDSERVERS.COM        74.81.170.108

-- 
Cheers,

McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there."  Jon Postel