With a "secret code". I had a few minutes to kill, so I went there from a browser on my linux system and entered a completely different code (turns out, much as expected, you can enter whatever you want into the "secret code" box). This directed me then to
Rather unsurprisingly, these two domains are both less than a year old (the latter being the older, at around 3 months, the former was registered yesterday), and both registered through namecheap.com
I contacted namecheap.com via their abuse address, and they have so far played every stupid run-around trick they could think of to avoid doing anything. In other words, they know they are aiding in a criminal act and they don't give a shit as long as they get paid.
Not that this is new, many registrars before them have gone down the same path.