A fool who discards the domain less than a year after ending service
When a beloved fan community's digital home is left to expire without ceremony or safeguard, it becomes a parable about the weight of institutional carelessness. The official Aqours fan club domain — once a gathering point for millions of Love Live! devotees — was quietly abandoned by Bandai Namco after the club's June 2025 shutdown, and now sits on a Japanese auction platform with a bid approaching $615 million. The episode reminds us that a domain is not merely an address but a covenant of trust, and that trust does not expire on the same schedule as a registration fee.
- A domain once central to one of Japan's most devoted fan ecosystems is now open to the highest bidder, with no guarantee that bidder has benevolent intentions.
- Because the expired URL remains embedded in active official Love Live! websites, every fan who clicks or types from memory risks landing on a site that could steal their credentials.
- Fans are bidding aggressively — driving the price to a surreal 97 billion yen — partly in protest, partly in a desperate attempt to keep the domain out of malicious hands.
- Security professionals point out that browser protections and password managers offer little defense when a phishing site occupies a URL users already trust implicitly.
- Japan's DNS Operators Group has published dormancy protocols for exactly this scenario, yet Bandai Namco appears to have followed none of them before letting the domain lapse.
- The auction closes May 27th, leaving the fate of millions of fans' digital safety in the hands of whoever can outbid the chaos.
The fan club domain for Aqours — the flagship group of the long-running Love Live! franchise — expired after Bandai Namco shuttered the service in June 2025. For months it displayed a quiet farewell message. Then, on May 1st, it reappeared on Onamae, a Japanese domain registrar, listed for public auction with a closing date of May 27th. The current bid has climbed to roughly 97 billion yen, or about $615 million — a figure almost no one expects to be real, but whose very existence signals how alarmed the community has become.
The security concern is concrete, not hypothetical. The domain is still linked from multiple active official Love Live! websites, meaning fans navigating through familiar channels could be redirected to whatever the new owner decides to put there. A convincing replica of the original fan club page could harvest passwords, and browser security tools might not flag it — the URL, after all, is the one fans have trusted for years. Password managers could auto-fill credentials without hesitation.
Fans were quick to name the failure. One user bluntly asked whether Bandai Namco had forgotten that one of their brand domains had been hijacked before — because this is not the company's first encounter with this exact problem. That institutional memory, apparently, did not translate into policy.
The Japan DNS Operators Group offers clear guidance for situations like this: place expiring domains in dormancy, scrub them from search indexes, request removal from archive services, and only fully release them once traffic has faded to negligible levels. None of that appears to have occurred here. The domain was simply allowed to lapse.
Whether the inflated auction bid represents fans trying to protect their own community or something more chaotic is unclear. What is clear is that a domain carries the accumulated trust of every person who has ever been directed to it — and abandoning it without a plan is not a technical oversight. It is a breach of that trust, offered up to whoever arrives with the highest bid.
The official fan club domain for Aqours, one of the most successful iterations of the Japanese pop franchise Love Live!, expired last year and is now sitting on an auction block. The current bid stands at 97.14 billion yen—roughly $615 million. No one expects that price to stick, but the fact that the domain is for sale at all has set off alarm bells among fans and security experts alike.
Aqours represents the franchise at its most expansive: a decade-plus of games, multiple anime seasons, live concerts, and merchandise that has built a devoted global following. The official fan club operated as a hub for this ecosystem, bundled with CD purchases and game codes, tied directly into the community's engagement with the brand. When Bandai Namco shut down the club in June 2025, the domain lovelive-aqoursclub.jp was left to expire. For months, it displayed a polite farewell message to anyone who visited. Then, on May 1st, that changed. The domain went live on Onamae, a Japanese domain registration service, with an auction set to close on May 27th.
Fans immediately recognized what had happened, and the reaction was swift and furious. The concern isn't academic. The domain still appears as a link across multiple official Love Live! websites, which means anyone who clicks through from those sites—or who types it into a browser from memory—could end up somewhere they didn't intend to go. If a third party acquires the domain, they could set up a phishing site that looks identical to the original fan club page. Browser security features might not catch it. Password managers could auto-fill credentials. The damage could ripple across the entire fanbase.
One fan, posting under the handle AkiraReynir, didn't mince words: "Is Bandai Namco stupid or what? A fool who discards the domain less than a year after ending service! They've apparently already forgotten that their brand domain got hijacked before." The frustration cuts deeper when you realize this isn't the first time the company has faced this exact problem. There's institutional memory here, and it's been ignored.
The Japan DNS Operators Group has published clear guidance on how to handle this situation. When a domain is being discontinued, the recommendation is to put it into dormancy, remove it from search engines, request deletion from archive sites, and only truly abandon it once traffic has dropped below a certain threshold. None of that appears to have happened here. The domain was simply allowed to lapse, and now it's in play.
What's actually driving the auction bid—whether it's fans trying to protect their own community by outbidding potential bad actors, or trolls having a laugh—remains unclear. Either way, the $615 million figure is almost certainly not going to materialize. But the episode exposes a real gap in how major entertainment companies manage their digital infrastructure, especially when they're shutting things down. A domain isn't just a URL. It's a trust relationship with millions of people who've been directed to it, who remember it, who might type it in years from now. Let it expire without a plan, and you've handed that trust to whoever bids highest.
Citações Notáveis
If the domain falls into the hands of a third party, there is a risk that phishing sites mimicking the official fan club could be created, potentially bypassing browser security features or causing password managers to auto-fill credentials.— ITmedia (Japanese news outlet)
When discontinuing a domain, it is recommended to put it into dormancy, perform reverse SEO measures, remove content from archive sites, and only abandon the URL after DNS queries fall below a predetermined threshold.— Japan DNS Operators Group
A Conversa do Hearth Outra perspectiva sobre a história
So fans are bidding $615 million for a domain? That seems like either a joke or a panic.
Both, probably. The real issue is that Bandai Namco let the domain expire without any safeguards. It's still linked from official sites, so people could end up on a fake version without realizing it.
And that's dangerous because?
A phishing site could look identical to the real fan club page. Your browser might not catch it. Password managers could auto-fill your login credentials straight into a scam.
So the fans bidding high are trying to prevent that?
That's the most charitable reading. They're essentially trying to keep it out of bad hands. Whether they'll actually win, or whether this is just performative anger, is another question.
Has this happened to Love Live before?
Yes. The company's had brand domains hijacked in the past. So this isn't a new vulnerability—it's a repeated mistake.
What should they have done instead?
Kept the domain in dormancy, removed it from search engines, waited for traffic to drop, then made a deliberate decision about what to do with it. Instead, they just let it go.