DOJ Seizes CFAKE and SOCFAKE in First TAKE IT DOWN Act Enforcement Action
Federal agents pulled two of the internet's busiest deepfake nude sites offline, marking the first publicly announced domain seizure under a law signed just weeks ago.

The U.S. Department of Justice seized CFAKE.com and SOCFAKE.com on Friday, July 11, 2025, in the first publicly confirmed enforcement action taken under the TAKE IT DOWN Act — a federal statute President Biden signed into law in May 2025.
What These Sites Were Doing
Both platforms existed to generate and distribute nonconsensual AI-produced nude imagery, including depictions of minors. They were not obscure corners of the dark web. CFAKE drew approximately 18 million visits per month; SOCFAKE pulled around 9 million. Together, that is traffic large enough to sustain real advertising revenue and subscription payment processing — which is precisely why these operations remained online as long as they did. Money, not technology, was their foundation.
Visitors to either domain now land on a federal seizure banner. The FBI's Washington Field Office led the operation. As of this writing, no indictments have been publicly unsealed, which suggests investigators are still working to identify the operators, or that an arrest warrant is under seal pending a takedown of the people behind the keyboards.
What the TAKE IT DOWN Act Actually Does
The statute criminalizes the knowing publication of nonconsensual intimate imagery — including synthetic content produced by AI — and imposes a 48-hour takedown obligation on covered platforms once they receive a valid notice from a depicted person. The criminal provisions went live immediately upon signing. The 48-hour compliance clock for platform operators does not start running until May 2026.
That distinction matters. DOJ used the live criminal provisions as the legal hook to compel domain registrars and DNS providers to redirect traffic. This was not a server raid in the traditional sense. The actual infrastructure almost certainly sits offshore behind a content delivery network, and the operators remain unnamed in public filings.
Why Domain Seizures Alone Fall Short
Here is the hard operational truth: domain seizures are a speed bump, not a wall. The underlying image-generation stack requires nothing exotic to rebuild. Open-weight diffusion models are freely available. A scraped set of a target's social media photos and a GPU server costing around $200 a month is sufficient to relaunch. Expect mirror domains within days of any major seizure.
What actually kills operations like this is pressure on the payment rails and ad networks that monetize the traffic. Cut off the revenue, and the economic rationale collapses. DOJ has not yet announced action against the processors or advertisers who served these sites, but that is the part of the investigation worth watching. If prosecutors go there, it will set meaningful deterrence precedent. If they do not, the enforcement value stays symbolic.
The seizure does dent the sites' SEO authority and brand recognition — real costs in a market where discoverability is the product. That is not nothing. But it is not sufficient by itself.
The Control That Failed: Platform Accountability at Scale
The existence of sites running 27 million combined monthly visits in nonconsensual synthetic imagery is not a technology failure. It is a payment, hosting, and advertising ecosystem failure. No ad network should have been serving inventory on CFAKE. No payment processor should have been handling subscriptions. The Verizon 2024 Data Breach Investigations Report notes that financially motivated actors persist as long as the economics hold — and these sites held their economics for years.
Security and trust-and-safety professionals need to recognize that synthetic NCII is now a legal liability category, not merely a content moderation headache. The TAKE IT DOWN Act makes it a federal criminal matter, and covered platforms — broadly, any user-generated, publicly facing service — face an enforceable 48-hour response obligation starting next spring. Your existing DMCA notice-and-takedown workflow will not satisfy it. DMCA assumes a copyright holder asserting ownership rights. TAKE IT DOWN assumes a depicted person asserting harm. The verification logic is fundamentally different, and the clock is tighter.
What Platform Operators Must Do Before May 2026
If your organization runs any surface where users can upload or share images, you need a synthetic-NCII intake path that is distinct from your copyright pipeline. That means a dedicated intake form that accepts claims from depicted persons, a verified internal SLA of 48 hours from receipt to removal, and documented evidence you honored it — because the first enforcement actions under the platform-compliance provisions will be precedent-setting, and regulators will want records.
Training your trust-and-safety and legal operations staff on synthetic media recognition is a concrete first step; organizations with proactive awareness programs are measurably faster at escalating novel harm categories when they first appear. Train2Secure's security awareness curriculum includes modules on emerging content threats that help operations teams recognize AI-generated media indicators before a legal obligation forces the issue.
"The 48-hour clock is not aspirational — it is a compliance floor," said one trust-and-safety attorney briefed on the statute's drafting. "Platforms that treat this like a DMCA extension are going to get caught flat-footed when DOJ looks for test cases."
For a practical framework on what controls map to statutory obligations, NIST's AI Risk Management Framework (AI RMF 1.0) provides a governance structure that covers synthetic media risks under its GOVERN and MANAGE functions.
The Broader Signal
This seizure is a marker, not a finish line. The operators are still unidentified in public filings. Mirror sites are a near-certainty. The payment and advertising ecosystems that fed 27 million monthly visits have not yet faced consequences. And the generation technology that powered these platforms is, if anything, getting cheaper and easier to run.
What changed on Friday is that the United States government now has a criminal statute and a demonstrated willingness to use it. That matters for deterrence at the margins — hosting providers, registrars, and payment processors now have explicit legal risk for knowingly servicing this category of site. The question is whether DOJ presses that advantage or treats the domain seizure as the endpoint.
For defenders, the lesson is simple. Statutory compliance deadlines are lagging indicators of harm that has already scaled. Build the intake pipeline, document the SLA, and train the people who will receive the first claims — before the enforcement clock starts in May 2026, not after.
How to prepare your platform before the 48-hour clock starts
- Stand up a synthetic-NCII intake path now — distinct from your DMCA queue — and document every step of the removal workflow so you have evidence of compliance when enforcement actions set precedent.
- Train trust-and-safety, legal operations, and customer support staff on AI-generated media recognition so your first-line responders can escalate synthetic NCII claims immediately rather than misrouting them.
- Audit your ad-network and payment-processor relationships for acceptable-use clause exposure, because DOJ's next move in this case may target the monetization layer directly.
Train2Secure offers security and compliance awareness programs that help operations teams recognize emerging content threats before they become legal liabilities — see how it maps to your team's risk profile.
Start free — no card requiredSources & further reading
Frequently asked questions
What is the TAKE IT DOWN Act and when does it take effect for platforms?
The TAKE IT DOWN Act is a federal law signed in May 2025 that criminalizes the knowing publication of nonconsensual intimate imagery, including AI-generated synthetic content. Its criminal provisions are active now. The 48-hour takedown requirement for covered platforms begins in May 2026.
Why aren't domain seizures enough to shut down sites like CFAKE and SOCFAKE permanently?
The actual server infrastructure typically sits offshore behind content delivery networks and remains untouched by a DNS-level domain seizure. Operators can relaunch under new domains within days. Sustained enforcement requires cutting off payment processors and advertising networks that monetize site traffic.
How is a TAKE IT DOWN Act takedown notice different from a standard DMCA request?
DMCA notices are filed by copyright holders asserting ownership of content. TAKE IT DOWN notices come from depicted persons asserting personal harm. The verification model, response obligation, and legal consequences are all different — existing DMCA pipelines do not satisfy the new statute.
What should a platform operator do right now to prepare for compliance?
Build a dedicated synthetic-NCII intake process separate from copyright workflows, establish and document an internal 48-hour removal SLA, train trust-and-safety staff to recognize AI-generated media, and review your payment and hosting vendor agreements for liability exposure.



