Online poker domains seized by US law enforcement on Black Friday have been exposing visitors to scams and malware.

On Thursday, tech blog Torrentfreak.com reported that online gambling domains seized by US federal authorities on April 15, 2011 – including AbsolutePoker.com and UltimateBet.com – were now directing visitors to a Zero-Click advertising feed, which has been criticized in the past as a conduit for malware installers and other digital cesspools.

Until recently, the domains displayed only a seizure notice from the US Department of Justice. A similar effect greeted visitors to Megaupload.com, the cloud-storage website formerly run by Kim Dotcom, who was indicted by the DOJ on charges relating to illegal file-sharing in January 2012.

The problem arose after the DOJ apparently lost control of the domains’ nameserver, either by letting control expire or by some unknown action by a third party. Domain name ownership service Whois currently lists the sites’ nameserver as a derivative of CIRFU.biz, which appears to be a play on the CIFRU.net domain operated by the FBI’s Cyber Initiative and Resource Fusion Unit. But CIRFU.biz, which is hosted on a server in the Netherlands, isn’t an official CIFRU domain.