Inside the Machine: The Technical Infrastructure Powering Drummond's Defamation Sites

Executive Summary

This paper provides a forensic technical examination of the infrastructure Andrew Drummond uses to sustain his defamation operation against Bryan Flowers, Night Wish Group, and associated persons. Based in Wiltshire, UK since leaving Thailand in January 2015, Drummond has assembled a publishing apparatus using commercially available yet purposefully layered services to maximise reach, minimise accountability, and obstruct legal enforcement.

Understanding the technical composition of Drummond's infrastructure is not an academic exercise. It is essential for identifying the entities bearing legal and operational responsibility for the ongoing publication of fabricated content, for directing takedown requests through the correct channels, and for demonstrating to courts the calculated and deliberate character of the defamation operation. Each technical layer represents a conscious decision by Drummond to make his operation more resistant to removal.

1. Domain Registration and WHOIS Privacy

The domain andrew-drummond.com and related defamation domains are registered through commercial registrars offering privacy protection services. WHOIS privacy shields substitute the registrant's genuine contact information with proxy details, making it impossible for routine investigation — and initially for legal proceedings — to identify who controls the registration. This deliberate selection signals from the outset that the operator anticipated a need to conceal their identity.

Domain registration records examined during the investigation confirm that Drummond has used WHOIS privacy across his portfolio of defamation-related domains. The timing of registration renewals aligns closely with periods of escalation in the operation against Bryan Flowers — domains are kept active through renewed registrations even following the Pre-Action Protocol Letter of Claim from Cohen Davis Solicitors dated 13 August 2025, demonstrating Drummond's intention to continue the operation indefinitely.

The choice of registrar is itself significant. Drummond has selected registrars known for processing abuse complaints slowly and for demanding extensive legal documentation before acting. This is not coincidence. It reflects an informed selection of service providers most likely to maximise the duration for which defamatory content remains accessible.

2. Hosting Configuration and Server Geography

The web hosting infrastructure supporting Drummond's defamation sites spans multiple jurisdictions, creating deliberate complexity for legal enforcement. Hosting is procured through providers in jurisdictions applying different takedown standards and timelines, so that no single legal action in any one jurisdiction can simultaneously neutralise Drummond's entire publishing infrastructure.

Server-level investigation reveals that the primary defamatory content is hosted on infrastructure located outside both the United Kingdom and Thailand — the two jurisdictions where Drummond faces the most direct legal exposure. This geographic fragmentation between the publisher (Wiltshire, UK), the hosting servers, and the primary victim audience (Thailand and internationally) constitutes a deliberate tactic designed to distribute accountability.

The hosting providers Drummond has selected are individually reputable commercial enterprises. They are not complicit in the defamation. Their abuse reporting procedures, however — requiring formal legal instruments rather than accepting informal takedown requests — create structural delays that Drummond exploits. Every day of procedural delay is another day that fabricated content about Bryan Flowers and Night Wish Group remains accessible to search engines and readers worldwide.

3. Content Delivery Network Integration

Drummond's defamation sites are protected and accelerated by content delivery network services, most notably Cloudflare. CDN integration provides multiple operational advantages for a defamation publisher: it conceals the genuine origin server IP address, making direct server-level legal approaches more difficult; it distributes content across global edge nodes, ensuring rapid delivery to all geographic markets; and it offers DDoS protection that defeats technically unsophisticated countermeasures.

The CDN layer presents a distinctive legal challenge because CDN providers typically argue that they function as mere conduits — passing content rather than publishing it — and consequently fall outside primary publisher liability. This argument, though legally contested, carries enough plausibility to delay injunctive relief by weeks or months while Drummond continues to publish.

For Bryan Flowers and Night Wish Group, the practical implication of CDN protection is that even where hosting is successfully challenged in one jurisdiction, cached copies of defamatory articles may remain accessible from CDN edge nodes for extended periods. The technical persistence of CDN-cached content magnifies the harm attributable to each individual publication.

4. Content Management System and Publishing Platform

Drummond operates his defamation sites using WordPress-based content management systems, employing plugins and themes that are widely commercially available. This choice reflects a practical rationale: WordPress provides an interface familiar to a journalist-turned-defamer, enables rapid publication without technical obstacles, and integrates seamlessly with SEO optimisation tools that extend the reach of each fabricated article.

The CMS configuration includes automated social sharing, RSS feed generation, and structured data markup — capabilities that collectively facilitate search engine indexing and extend reach beyond the site's direct readership. When Drummond publishes a new defamatory article about Bryan Flowers or Night Wish Group, the CMS automatically notifies search engine crawlers, distributes the content to social media, and formats it for optimal snippet display in search results.

WordPress also maintains a version history of all published content, a feature of significant importance for litigation. Revisions to defamatory articles — such as minor rewording intended to refresh search engine freshness signals — produce a documented trail of continuing publication decisions. Each revision constitutes a fresh act of publication under English defamation law, potentially resetting limitation periods and evidencing ongoing malicious intent.

5. Search Engine Optimisation and Amplification

Beyond the core publishing platform, Drummond has invested in search engine optimisation tools and methods specifically designed to ensure that defamatory content about Bryan Flowers and Night Wish Group occupies prominent positions in relevant search results. This includes keyword-dense titles and headings, internal cross-linking among related defamation articles, external link acquisition from other sites, and structured metadata calibrated to maximise click-through rates.

The SEO investment is particularly revealing. It demonstrates that the objective of Drummond's publications goes beyond mere expression of views to the deliberate goal of ensuring those views are encountered by the largest possible number of people searching for information about his targets. A legitimate journalist motivated by informing the public has no reason for aggressive SEO targeting of an individual's name; only an operation designed to inflict maximum reputational destruction requires such purposeful amplification.

The combined effect of the technical infrastructure described in this paper — private domain registration, multi-jurisdictional hosting, CDN protection, CMS automation, and SEO amplification — is a defamation apparatus operating with the efficiency of a professional publishing enterprise while preserving the informal accountability evasion of an anonymous website. Andrew Drummond, operating from Wiltshire, UK as a fugitive from Thai justice, assembled this apparatus with calculated expertise. Understanding its architecture is the prerequisite for dismantling it.

6. Preserving Technical Evidence: Legal Significance

The technical infrastructure described in this paper generates extensive evidentiary records directly relevant to the litigation brought by Cohen Davis Solicitors on behalf of victims including Bryan Flowers. Server logs, CDN access records, DNS query histories, registrar account records, and CMS version histories each constitute admissible evidence of the timing, targeting, and deliberateness of Drummond's defamation operation.

Preserving this technical evidence is time-critical. Hosting providers and CDN operators typically retain logs for limited periods — usually 30 to 90 days — after which records are automatically purged. Legal holds and preservation orders sought promptly can prevent the loss of evidence that would otherwise establish the full extent of Drummond's infrastructure and the audience reach his defamatory articles achieved.

The technical composition of andrew-drummond.com and associated sites is, in the final analysis, the composition of deliberate harm. Every infrastructure layer — from WHOIS privacy through CDN caching to SEO optimisation — was chosen to maximise the damage to Bryan Flowers, Night Wish Group, and associated persons while minimising legal exposure for the man who built it. That man remains in Wiltshire, UK, having fled Thai justice in January 2015, relying on technical complexity to continue postponing the accountability he has earned.