Piracy Domains Seized By US Because Verisign & GoDaddy Are American

Home > Anti-Piracy > Takedowns and Seizures >

The Department of Justice and Homeland Security Investigations (HSI) have just announced the seizure of six music piracy domains. The seizures were straightforward due to Verisign and GoDaddy being American companies. However, additional facts regarding these seizures, including on whose behalf they were supposedly carried out, raise key issues that don't make much sense.

Department of JusticeLast week, Brazilian law enforcement agencies announced a new wave of Operation 404.

The anti-piracy initiative began in 2019 and with the assistance of law enforcement agencies in the United States and United Kingdom, Brazilian authorities claim to have put hundreds of websites and apps out of action via blocking and domain seizures.

Department of Justice Announces Seizures

Following last week’s announcement by the Government of Brazil, the US Department of Justice released additional information on Monday. It confirmed that as part of ongoing efforts by the Department of Justice and Homeland Security Investigations (HSI) to combat copyright infringement, six website domains had been seized.

As the seizure banner now displayed on those domains shows, the official seals of IPR Center, Department of Justice, and Homeland Security Investigations are followed by that of Brazil’s Ministry of Justice and Public Security, indicating the seizures were carried out to assist the Brazilian government.

DOJ-HSI-Seize Brazil

The six domains – all unquestionably linked to music piracy – read as follows: Corourbanos.com, Corourbano.com, Pautamp3.com, SIMP3.com, Flowactivo.co and Mp3Teca.ws. Things get more interesting when drilling down into how the domains were seized and on what basis. But there are other questions too.

Affidavit in Support of Seizure Warrant

On June 14, 2022, Immigration and Customs Enforcement (ICE) and Homeland Security Investigations (ICE) filed an HSI Special Agent affidavit at the US District Court for the Eastern District of Virginia. It details why there is probable cause to seize the six domains by citing alleged criminal copyright infringement offenses.

The affidavit states that in April 2022, HSI received information from Brazil-based anti-piracy company Ltahub, which acts as a representative of Warner Music Group, Universal Music Group, Sony Music Group, and Interscope Records in Latin America & the Caribbean.

Also in April, HSI received additional information from IFPI which, in common with its member labels, confirmed that the domains were being used to distribute copyrighted music without authorization. The Special Agent confirmed that infringing music could be downloaded in the Eastern District of Virginia.

The Infringing Domains

Given the evidence in the affidavit, there is no doubt that the domains engage in mass copyright infringement.

Corourbanos.com and Corourbano.com are linked, with the former servicing an estimated 1.1 million visitors per month but the latter, just 72K. Pautamp3.com has an estimated monthly audience of 680,000 visits, SIMP3.com an estimated 1.8 million, Flowactivo.co around 1.6 million (more on that later), and Mp3Teca.ws roughly 1.4 million.

Given that pre-release piracy is considered one of the most damaging forms of infringement by the recording industry, it’s worth highlighting that Corourbanos.com and SIMP3.com are directly accused of making music available in advance of commercial release. As per the affidavit, all of the pirate music site domains easily meet the standard for criminal copyright infringement.

Domain Seizures

After showing that the domains are involved in criminality as per US law, the HSI Special Agent states that a criminal seizure warrant is justified on the basis that if the domain owners were convicted, the domains would be subject to forfeiture.

While there is nothing in the affidavit (or subsequent IFPI and DoJ press releases) to indicate that the owners of the domains are being prosecuted, seizing their domains at this stage immediately puts their platforms out of action. And as it turns out, seizing them wasn’t difficult at all since they all have connections to the United States, one way or another.

Corourbanos.com, Corourbano.com Pautamp3.com, and SIMP3.com, all utilize the ‘.com’ top-level domain. The registry for ‘.com’ is VeriSign, conveniently located in Reston, Virginia, meaning that these domains could be seized at the highest level.

Verisign was required to direct the domains to two specified name servers (ns1.seizedservers.com and ns2.seizedservers.com) and prevent any further modification or transfer, pending completion of forfeiture proceedings. The registry was also ordered to notify US-based domain registrars GoDaddy and Namecheap of the seizures so they could make the necessary administrative changes.

The seizures of Flowactivo.co and Mp3Teca.ws were executed differently since their domain registries are located outside United States jurisdiction. The registry for ‘.co’ is in Bogotá, Colombia, and the registry for ‘.ws’ is in Samoa.

These jurisdiction issues were easily overcome by ignoring these overseas registries altogether. Dropping down a level, HSI/ICE targeted the domains’ registrar instead. Located in Scottsdale, Arizona, GoDaddy LLC was given the same name server and modification prevention instructions as Verisign, which provided a functionally similar end result.

Domains Seized For Brazil. Interesting

The HSI/ICE affidavit filed in Virginia makes no mention of cooperation with the Brazilian authorities or indeed Operation 404, of which the seizures were a part. This is where the seizures start to make less sense, at least considering their presentation by both US and Brazilian authorities.

Corourbanos.com enjoyed around 1.1 million visits per month, confirmed by data provided by SimilarWeb. However, the same data shows that the overwhelming majority of visitors were from Peru (50%), Dominican Republic (12.4%), and Chile (9.4%). Just 6.4% came from the United States with Mexico coming in below 3%.

Corourbano.com had just 76,000 visitors per month with just over 89% coming from Peru. Less than 6% came from Spain, with the Dominican Republic and Guatemala following with 3% and 2% respectively. In short, these two domains presented in Spanish were of little interest to Brazilians who, in the main, speak Portuguese.

Pautamp3.com continues a similar pattern. Presented in Spanish (around 4% of Brazil’s population are speakers), around 27% of its visitors are predictably from Spain, 17% from Argentina, 11% from Mexico, 6% from Chile and 5.5% hail from Ecuador. Whichever way the traffic is cut, the share from Brazil and the United States is negligible.

SIMP3.com is also presented in Spanish and is most popular in Spain (30%), through to Mexico, Argentina, Peru, and Colombia (6%). Again, interest in Brazil is negligible.

Flowactivo.co is also in Spanish but bucks the trend with 37% of its visitors coming from the US, followed by Spain, Italy and Venezuela. However, the site’s traffic is much smaller than the 1.6 million visits per month cited in the affidavit. Over the past three months the platform had just 130K visits per month according to SimilarWeb data.

Traffic claims for Mp3Teca.ws also seem inflated. The affidavit claims 1.4 million visits per month but SimilarWeb disagrees stating between 800K and a million visits per month over the last three months. And again, the site isn’t remotely popular in Brazil or the United States. Most traffic comes from Venezuela (20%) followed by Dominican Republic, Spain, Mexico and Ecuador (7%).


From the small sample of data it’s difficult to draw solid conclusions but it’s certainly interesting that of six domain seizures carried out by the United States, ostensibly to assist a Brazilian anti-piracy operation, none are of notable interest to pirates in Brazil. On the other hand, the recording industry outside Brazil (especially in Spanish-speaking countries) will benefit but quite why that had to be achieved through the US and Brazil is another question.

An answer may partially lie in Brazil being under continued US scrutiny for not doing enough to combat piracy. It’s on the USTR’s Special 301 Watch List (pdf) for failing to combat IPTV piracy, for example, and interestingly the latest phase of Operation 404 prominently featured seized streaming devices.

The other big takeaway is that if pirate sites use a domain that either has its registry or registrar in the United States, it can be taken away in an instant. That raises the question of the hundreds of pirate sites that have more traffic than even the most popular of these six seized domains, yet somehow remain completely untargeted by similar US seizures.

The seizure documents can be found here and here (pdf)


Popular Posts
From 2 Years ago…