Find the ip address of a seized website

So your favorite site is now displaying the following message:

This domain name has been seized by ICE – Homeland Security Investigations

In this example we will use the recently seized domain “”.

What “ICE” have done is changed the IP address that the domain resolved to, to one of their own.

The easiest way to see what the IP address currently is, is by using the “ping” command:

[hm2k@server~]$ ping
PING ( 56(84) bytes of data.

— ping statistics —
1 packets transmitted, 0 received, 100% packet loss, time 0ms

We can see that “” domain currently resolves to the “″ IP address.

We know this is the incorrect IP as visiting in your browser beings up the “seized” notice.

So what’s the real IP? Here’s how you find out:

First of all you need to Whois the domain name. There are various ways you can do this, from using a program to sending raw commands to the whois server yourself. In this case we will use a whois website:


The Whois record should show the following details which we will find useful:

   Domain servers in listed order:

Now, here’s what you do to find the right IP:

[hm2k@server~]$ nslookup NS51.DOMAINCONTROL.COM
Server:         NS51.DOMAINCONTROL.COM


So, there you have it: the real IP. Let’s just check that by visiting in our browser.

Ah yes, that’s it, the real site pops up.

Now it’s up to you. To make life easier for yourself you could now go ahead and add these newly found details to your hosts file so you don’t have to look them up again.

It doesn’t work!?

Unfortunately, this doesn’t work for every domain as “ICE” seem to have changed some domains (eg: to have NS1.SEIZEDSERVERS.COM and NS2.SEIZEDSERVERS.COM as the name servers.

A little set back, however a little fishing on Google and you will soon come across the correct name servers.

[hm2k@server ~]$ nslookup NS1.DNSPOD.NET
Server:         NS1.DNSPOD.NET


Again, that’s the real IP. However, with this one you’ll have to add it into your hosts file for this to work, which should look like this, for example:

Hey presto! Get to your favorite seized sites in a couple of clicks.


Based on this I have now started a project that provides you with an alternative hosts file as a work around.

  • Visit the deicer project


Related posts:

  1. email address on your website This is something that people don’t seem to realise, and...
  2. Pingotron I’ve been meaning to publish a post about Pingotron for...
  3. What is a valid email address? With the on-going abuse to email based systems, we are...
  4. Tracking an IP address In my job I have to manage lots of machines...
  5. Tricked by fake .uk sites? Trading standards say that consumers are being tricked into buying...

Leave a Comment