Despite intense pressure from the United States, including criticism as part of the USTR’s reports on notorious pirate sites and foreign trade barriers , actions against online piracy are still relatively rare in Bulgaria.

Whether the Bulgarian government had any hand in the closure of RARBG last year remains unclear but its hoped that August 2023 amendments to Bulgaria’s Criminal Code will at least make pirate site investigations more straightforward. A new operation tackling music piracy may be an opportunity to demonstrate progress.

GDBOP Team Up With Europol

The General Directorate Combating Organized Crime ( GDBOP ) is a specialist unit within Bulgaria’s Ministry of Interior. GDBOP is most closely associated with the disruption of organized crime groups and transnational criminal networks, which often sees the unit take action in coordination with international partners.

In a recent action to disrupt music piracy, GDBOP carried out an operation under the supervision of the Sofia District Prosecutor’s Office, in coordination with the European Union Agency for Law Enforcement Cooperation, more commonly known as Europol.

“Employees of the Cybercrime Directorate (GDBOP) conducted an operation to prevent the illegal use of music as an object of copyright and related rights,” a GDBOP announcement reads.

“In the course of the special operation, the cybercrime police established the identity of the owner of 12 sites that he built and maintained to offer their users access to popular music in different countries, providing the possibility to download them in .mp3 format.”

Sites Targeted Display Seizure Banner

The domains of the dozen music piracy sites targeted “due to numerous violations of intellectual property rights” are reported by GDBOP as follows:

downloadmp3bg.com, baixarmp3gratis.com, www.tekstove.org, mp3pesme.com, mp3piosenki.com, descarca-muzica.com, indirsarki.com, mp3kostenlos.com, mp3hitove.com, mp3greek.gr, xn--3-wtbj.net, mp3aghani.com

The domains now display a seizure banner in Bulgarian (translation alongside)

Considering the words used in the domains, it seems likely that in many cases they targeted an international audience.

Baixar, for example, is a Portuguese term for ‘download’ while descarca-muzica suggests downloading music and may have been directed at a Romanian audience. Most likely targeted at a German audience, mp3kostenlos translates to mp3free, indirsarki.com was intended for Turkish consumption, while mp3greek speaks for itself.

xn--3-wtbj.net is an internationalized domain name (IDN) using Punycode, a system used to encode domains containing non-ASCII characters; in this case the domain мп3.net.

Nine of the targeted domains are registered at Dynadot in the United States.

Action within the EMPACT Framework

In coordination with Europol, the action was carried out within the EMPACT framework (European Multidisciplinary Platform Against Criminal Threats) an initiative to “identify, prioritize and address threats posed by organized and serious international crime.”

Participants in EMPACT include law enforcement authorities, the judiciary, EU agencies, customs and tax offices, and various private partners. According to the European Union Agency for Criminal Justice Cooperation (Eurojust), around 200 operational actions are carried out each year under EMPACT.

The specific reasons for targeting these particular dozen sites under EMPACT hasn’t been revealed by the authorities. The operator of the sites has reportedly been identified, but no arrests have been reported.

From: TF , for the latest news on copyright battles, piracy and more.

The Alliance for Creativity and Entertainment ( ACE ) is the world’s most active anti-piracy coalition, initiating and assisting enforcement efforts around the world.

Most anti-piracy actions are focused on streaming sites and services, many of which are located in or operated from Vietnam.

ACE previously visited Vietnam and met with government officials to explore potential solutions to address the problem. However, aside from some incidental successes, the problem persists.

Earlier this year, rightsholders flagged the Asian country as a ‘haven’ for pirate sites. In a letter to the US Trade Representative, IIPA pointed out several problematic sites and services, including Fmovies, AniWave, 123movies, BestBuyIPTV, 2embed, and Y2mate.

Vumoo.to Takedown

The above-mentioned sites remain online at the time of writing, but ACE did book a new success this week by taking the popular pirate streaming site Vumoo.to offline.

On Sunday, the nameservers of Vumoo.to were updated to ns3.films.org and ns4.films.org, which typically signals ACE taking control. And indeed, the group confirmed to TorrentFreak that Vumoo.to is currently offline following ACE action in Vietnam.

Jan van Voorn, MPA’s Chief of Global Content Protection and head of ACE, says the takedown was not assisted by third parties such as domain registries or registrars. ACE worked directly with the operator of the site, who presumably took it offline voluntarily.

Vumoo.to first came online in 2016 and built a large audience in the years that followed. With well over 12 million monthly visits, the streaming portal was a sizable target and a key one for ACE.

Perpetual Crackdown?

How the anti-piracy group tracked down Vumoo’s operator isn’t mentioned, but ACE has been gathering information for years. Through U.S. courts, the group previously obtained DMCA subpoenas requiring the Tonic domain registry and Cloudflare to share all useful info they have on the site.

Pirate sites often use false information to register domains, so this information may have led to nothing. However, local connections and OSINT may ultimately have helped to pinpoint the site’s operator.

With the ‘takedown’ of Vumoo.to, ACE can chalk up yet another success but whether it will last remains to be seen. Previous Vietnamese actions against sites such as Zoro.to and 2embed had mixed results, as these sites soon came back ‘ under new management ‘ or in ‘cloned’ versions.

From: TF , for the latest news on copyright battles, piracy and more.

Last week, we reported that an Indian dynamic+ court order had taken down movie-web’s demo site, along with several other pirate sites.

The injunction, issued by the New Delhi High Court, requires local ISPs to block access to the domains. In addition, domain name registrars are also urged to take action.

The reach of this Indian order expands far outside the nation’s borders. Several international domain registrars, including the American company Namecheap, complied with its instructions. Failing to do so, could harm the ability of these companies to operate in India.

At the time of our initial coverage, .to domains were a clear outlier. While several of these were registered through Namecheap, they remained online. A possible reason for this is that the .to registry doesn’t support the standard clientHold status code that’s used to suspend domain names.

Namecheap

For a moment, it seemed that anonymous .to domain names, registered through Namecheap, were a perfect match for pirate sites. However, recent developments show that this is not the case.

Over the past few hours, all Namecheap-registered .to domains listed in the Indian court order have also been taken out. This includes several of the world’s largest pirate sites such as Zorox.to, Upmovies.to, and Flixwave.to. Smaller sites, including Sflixz.to and Streamm4u.to suffered the same fate.

Instead of using the clientHold status code, Namecheap has updated the nameservers of these domains, changing them to blockedforabuse.pleasecontactsupport.com and dummysecondary.pleasecontactsupport.com. These nameservers are linked to other Namecheap abuse actions.

Hollywood Connection

TorrentFreak previously reached out to Namecheap requesting a comment on the domain suspensions, but the company hasn’t replied. It seems likely, however, that its actions are a direct response to the Indian court order. All suspended domains are listed in the court order and no other popular .to pirate sites are affected.

Interestingly, the High Court action was instigated by American companies including Netflix, Disney, and Warner Bros. Through the Indian legal system, this eventually came back to the U.S., as Namecheap’s recent actions indicate.

Given the recent success, we expect that the movie industry companies will try a similar approach again going forward. This makes it harder for pirate site operators to keep their domains secure.

Why Namecheap?

Finally, one might wonder why pirate sites would register their domains through an American company to begin with. However, according to a source, the reason for this is fairly straightforward.

Namecheap accepts cryptocurrency payments, which offer more anonymity than credit cards and other traditional payment methods. However, Namecheap’s recent actions show that the domains, including .to ones, are not immune to legal action.

The problem from an enforcement aspect is that the .to registry doesn’t show through which company the domain was registered; but there are ways to find that out, at least for Namecheap.

The suspended sites may eventually make a comeback through new domain names. Upmovies, for one, already appears to have switched to a .net domain. However, Hollywood’s route through the Indian High Court might nonetheless prove to be an effective anti-piracy tool going forward.

—

A copy of the High Court injunction is available here (pdf) .

From: TF , for the latest news on copyright battles, piracy and more.

There’s rarely a shortage of conflict and controversy in the perpetual online piracy wars.

For some, the David versus Goliath imagery, of ordinary people fighting faceless corporations, will never get old. For others, the right of creators to receive fair compensation for their work is non-negotiable; it puts food on the table, literally.

Yet spend enough time digesting every possible detail presented by those shouting most loudly about piracy, and it becomes increasingly clear that piracy is already too big to fail.

Anti-piracy is now a multi-billion dollar industry in its own right, that means companies investing real money, long-term, into a fight where the ultimate reward for achieving the impossible is self-destruction via redundancy. Very obviously that isn’t going to happen because according to regular reminders, pirates never stop innovating and there’s nothing anyone can do about that in the absence of draconian tool (x)

AGCOM – Hold My Beer

If piracy is too big to fail, then the same also holds true for events playing out in Italy. After expending huge resources to obtain legislation to a precise specification, rightsholders have the legal basis to give pirates everything they’ve got, with little to fear, even when things go terribly wrong.

With full support from AGCOM, the whole of Italy has endured non-stop lectures on piracy, the capability of the Piracy Shield blocking platform, and how nothing will ever go wrong because this mission is too big to fail. When things did go wrong two weeks ago , AGCOM claimed that journalists made the whole thing up and when an even bigger blunder took out countless innocent sites last weekend, proponents of Piracy Shield disappeared and said nothing.

In parallel, information on which domains and IP address have been blocked, aren’t being published according to the rules. This means that when innocent sites are rendered inaccessible, those affected are denied any right to know what went wrong or who can be held responsible. That seems incompatible with even a basic level of responsibility towards innocent third parties.

Piracy Shield Blocking Data – Feb 2024 – Weeks 1-3

Since information apparently likes to be free and access to justice is a basic human right, here’s the first three weeks of IP addresses blocked by the Piracy Shield system. The list handed to TF over a week ago appears to cover the first two-and-a-half, possibly close to three weeks of February. It contains 1267 IP addresses but less than 10 domains names have been revealed to the public in official records.

Long lists of IP addresses tend to become a bit meaningless, so we’ve added relevant data (everything beyond the bare IP addresses) to help the numbers make sense. We used IPInfo to obtain approximate server locations and various other tools to compile the rest of the data.

From a total of 1267 IP addresses, 558 geo-locate to the Netherlands, 433 to Romania, and the rest as follows: Austria (69), Germany (57), Italy (33), France (28), Ukraine (28), Nigeria (13), Ireland (8), Switzerland (6), Greece (6). All other countries were were linked to five IP addresses or less.

While the usual caveats apply in respect of geo-location data not necessarily being accurate, it seems reasonable to conclude that European server locations caused many issues in the first two or three weeks of February.

However, dots on a map don’t always tell the full story. Server operator data (presuming that can be relied on) may offer a few more clues towards a more distant problem than ‘Frankfurt’ may first suggest. Indeed, GZ Remittance (China) Industry Ltd (specifically, Hong Kong) turns up no less than 350 times in the list (29% of all blocks) but appears to have almost 4,100 German IP addresses in total , so quite a few to go yet.

For those interested in the data, a .csv file is available here . If anyone can make the data look really nice, please send us a copy here .

Note: An earlier version of this article referenced Superhub Limited in Hong Kong in connection with the IP addresses listed above, as reported by the database queried. There is more than one company with that name in Hong Kong but in this case the IP addresses are linked to Superhub Ltd in some online databases, which does not appear to be correct.

The full name listed in other databases is IPv4 Superhub Limited, which appears to be accurate. This is also a Hong Kong company but does not immediately appear to have connections to Superhub Limited, even though the two entities are very close geographically.

From: TF , for the latest news on copyright battles, piracy and more.

In recent months, Movie-Web has quickly gained popularity among a particular group of movie aficionados.

The open source software, which is still available on GitHub, allows anyone to set up a movie search engine capable of streaming content from third-party sources. These external sources tend to have large libraries of pirated entertainment.

Like Google

Movie-web’s developers are not oblivious to the legal ramifications but since they don’t host any files, they hoped to avoid legal trouble. The software just provides a search engine for third-party content, they argued.

“Think of it like Google, we search the Internet for videos, but we don’t own the sites, nor the content. We merely link to them,” movie-web explained in its FAQ.

That ‘Google’ argument has previously been used by torrent sites. However, history has shown that this doesn’t make such projects immune to legal issues. And as movie-web grew, Hollywood started to take notice, and action.

Movie-web Domain Shutdown

Yesterday, the movie-web.app domain was suddenly taken down. According to a message posted on the official Discord server, this is the result of a “court action” from several movie companies including Warner Bros. Netflix, Paramount, Universal, and Disney.

TorrentFreak is not aware of any lawsuit, but [I]t appears that action was taken against the movie-web.app domain. It seems likely that registrar Namecheap suspended the domain after receiving a legal complaint from the aforementioned Hollywood companies.

Update: After publishing the article we learned that there is a legal action that requires registrars to take action against several ‘pirate’ domains. We’re looking into the matter and will follow this up later.

Namecheap updated the domain’s status to clientHold, which effectively rendered the domain inaccessible. The measure is often used to suspend pirate site domains following copyright holder complaints.

No Comeback

The surprise takedown only affects movie-web’s publicly hosted ‘demo’ instance. On Discord, the movie-web team says that it has no plans to bring this website back in any shape or form.

“As a team, we always said that if we were taken down, we would go down without a fight and we have decided to stick to that. We have zero interest in getting involved with legal matters, and so we will not be trying to circumvent this takedown in any way,” developer ‘BinaryOverload’ writes.

While this is the end of the popular movie-web.app site, the project isn’t dead yet. The code remains available on GitHub and people can still use it to run their own self-hosted instances.

In fact, the movie-web team points to several of these third-party instances, which were not targeted in the same takedown effort.

More Targets…

TorrentFreak reached out to the movie-web team requesting more details about the takedown action but, at the time of writing, we have yet to hear back.

Looking through the discussions, we found a comment from user ‘chaos,’ one of the project leads, who confirms that the domain name takedown happened through Namecheap. This also suggests that movie-web wasn’t the only target. [see earlier update]

“This wasn’t just targeting movie-web, it was a blanket attack on a lot of other domains/sites as well. I doubt they actually have any grounds, but Namecheap isn’t going to go to court to defend piracy,” ‘chaos’ wrote.

The movie-web team says that it will continue to support people who want to self-host instances of the app, when possible. In addition, it will also maintain the list of “official mirrors” that they trust and recommend. Whether Hollywood will approve remains to be seen.

From: TF , for the latest news on copyright battles, piracy and more.

Press releases announcing the shutdown of yet another pirate site, more arrests, and what that means for the entertainment industry, are nothing out of the ordinary. In particularly busy periods, simply determining where one batch ends and another begins can present challenges.

Yet in many cases, even the most straightforward reports have much more going on just below the surface. An announcement published Monday by the Alliance for Creativity and Entertainment is clear, quite detailed, but also conservative in respect of reporting events behind the scenes.

The matter involves the oldest and most likely the largest torrent site in Thailand, a platform described by the most powerful rightsholders in the United States as a priority enforcement target for at least seven years. Yet only now, 18 years after the site first launched, have local authorities taken any visible action.

If policy recently changed in Thailand, there’s no obvious indication of when that took place or what it might be. The official page to provide tips about illegal services on the police website still doesn’t work and known complications simmering in this particular case haven’t been mentioned either.

ACE Outlines The Main Facts

The key details, as reported by ACE on Monday, read as follows:

The Royal Thai Police’s Economic Crimes Department (ECD), with support from the Alliance for Creativity and Entertainment (ACE), has raided four locations in Bangkok, Surin Province and Surat Thani. Four Thai nationals have been taken into custody and are expected to be formally charged with copyright offenses in the coming days.

Siambit.me was the largest torrent tracker site in Thailand with average monthly visits of 5.5 million, and which provided access to a huge range of Hollywood, international and Thai content.

The site had been in operation since 2005 and is known to regularly change its domain to avoid detection. According to statements by the Royal Thai Police, Siambit.me had over 100,000 VIP members and the operators were making an estimated 1.5 million baht (USD $41,000) on a monthly basis.

The 5.5 million visits reported here align exactly with data reported by SimilarWeb, so we’ll put that aside for now. The reference to 100,000 VIP members indicates those paying a fee each month. The lowest monthly fee reported recently was just 99 baht with the highest at 499 baht, so roughly $2.70 to almost $14.00 per month.

The higher monthly rate of $14.00 makes little to no sense in any context while the claim that 1.5 million baht was generated each month could in theory suggest around 15,000 members paying 99 baht each. If 100,000 members paid even the minimum rate each month, no figures from any source combine to produce a sensible total, so perhaps more information will emerge to clarify the situation.

Images of Police Action Emerge

Images that began circulating late last week seem to confirm that the authorities had good intelligence. Photographs such as the one featuring a server room below appear to have been taken at the home of the main suspect.

When trying to establish a timeline for the events reported a few days ago a confusing picture emerged. In fact, to make any sense of these events we needed to go back, not just days, but several weeks.

Thai Police & ACE Took Sites Down in January

On January 19, 2024, we provided background on an ACE announcement detailing the shutdown of 27 Thai-focused sites, each reliant on a common infrastructure provided as a service by the website IAMTHEME.com.

Around January 17, officers from the Central Investigation Bureau were preparing an operation to enforce the country’s strict pornography laws; in Thailand it’s illegal to distribute porn, possess it, or produce it.

The bureau’s target was the suspected operator of numerous sites including xxxporn678.com, 037movie-hd.com, dooball678.com, movie678.com, and 678-hd.com. The first domain seems to have majored on illegal adult content while the rest appeared to focus on pirated movies and pirated live football streams.

The common denominator for all sites was a) a reliance on services offered by IAMTHEME.com and b) offering porn illegally and/or generating revenue illegally from online gambling advertising.

Combinations like these are an effective way to attract Thai authorities, who will shut sites down and arrest their operators. And that’s exactly what happened here. Items seized included four computers, eight mobile phones, and more than a dozen bank accounts.

Dominoes Start to Fall

Not long after the operator of xxxporn678 and the other sites was arrested, police began investigating the operator of IAMTHEME. On or around February 2, he too was placed under arrest, most likely for similar reasons.

At some point, police determined that their latest suspect was either sourcing his porn and pirated movies from SiamBit or was otherwise connected to the site and/or its operator. That triggered a series of events that led to Thailand’s largest torrent site becoming the focus of the ACE announcement published on Monday.

A source who asked not to be identified said that police initially expanded their investigation to identify the person in charge at SiamBit. Armed with a search warrant dated February 7 issued by a local court, on February 9 they targeted the home of a man in his late thirties* suspected of running the group that controls the site.
*the suspect is believed to be either 38 or 40

According to the authorities, SiamBit had 10,000 VIP members, together paying around 1.5 million baht to its operators every month. For balance, we have also seen references to ‘100,000 members’ but without any mention of money. SiamBits’ tracker data obtained by TF shows a peak of almost a million peers while reporting over 200,000 members.

It’s possible that the focus will end up being a monetary value, but whether that will be linked to porn and gambling, copyright infringement, or both, is still unclear.

At least initially, police focused on suspected crimes under Section 287 of the Thai Penal Code. Section 287 makes it beyond clear that any kind of dealing in pornographic content is a criminal offense, punishable by a fine, a prison sentence, or both.

While we were able to positively identify all four main suspects by name and home address, details here are limited to their initials, arrest location, alleged role, and reported age.

CW : Sai Mai District. SiamBit operator and famous professional racing driver (38/40)
PB : Chatuchak District. Financial controller (54)
WNK : Surin Province. Website/systems administrator (42)
NSWW : Surat Thani Province. Administrator, community manager (53)

Several images made available by the authorities allegedly feature the suspected operator of SiamBits but whether all show the same person isn’t entirely clear.

On the top row, images one and two show the same person at the same location, dressed in a light blue t-shirt, face blurred. However, the person with his face obscured in image three at the bottom seems to more closely match press images of the racing driver named as the main suspect.

That raises the question of why the person in image three is wearing completely different clothes than those worn by the suspect in one and two.

Other apparent anomalies include the Alliance for Creativity and Entertainment referencing the domain Siambit.me, which as far as we can establish is indeed the site’s main domain.

Locally there appears to be greater interest in Siambit.io, which at the time of writing redirects to Google. Meanwhile, the .me variant currently redirects to a Telegram channel with over 18,700 members.

Thai authorities confirm that their interest in SiamBit was raised due to complaints from companies in the movie industry. In its statement published yesterday, the anti-piracy group said that copyright infringement charges are expected in the next few days.

From: TF , for the latest news on copyright battles, piracy and more.

The Alliance for Creativity and Entertainment regularly announces site closures following enforcement action. Over the past seven years, hundreds of sites have fallen, but the supply of new threats currently seems inexhaustible.

The level of detail ACE makes available to the public varies, but it appears to be affected by several variables. Details of settlements are rare, as one might expect. Names of site operators even more so. In many cases, even the domain names of shuttered platforms receive no specific mention, at least beyond recognizable branding.

Perhaps the most interesting aspect of information that ACE doesn’t officially release is the scale of presumably successful enforcement actions that receive no mention at all. The reasons for that are open for speculation but, since the complexity of the piracy landscape has grown out of all proportion in the last few years, there’s no shortage of options.

Yet Another New Batch Arrives

If ACE maintained a single public list of domains directly taken over, redirected, or otherwise commandeered, tracking them would be straightforward. As things stand the whole process is fragmented and, at any one point, the full picture isn’t always available from DNS, WHOIS, or similar records.

For example, a series of domains that recently began redirecting to the ACE portal don’t currently list the MPA as the domain owner. They include watchgameofthrones.co, watchfriendshd.com, watchhowimetyourmother.co, watchthesimpsons.co, and watchparksandrecreation.co.

At the time of writing, none of these domains use the MPA’s DNS servers either, which may (or may not) change in the days and weeks ahead. Indeed, it’s not unheard of for sites to redirect themselves to ACE for no obvious reason. In any event, visitors to these domains are currently redirected to the ACE portal, with an interesting anti-piracy side effect observed elsewhere.

People who visit Google hoping to ‘watch parks and recreation’ or ‘watch how I met your mother’ find themselves overwhelmed with former pirate links, all leading to ACE. In some cases, the links even outrank legal platforms like Amazon.

Other domains provably taken over in the past few days include typhoonlabs.tv and typhoonlabs.net. Both list the MPA as owner and both use the movie industry group’s DNS servers. However, back in November, the MPA was listed as the new owner of the domains when they were still assigned to the former owner’s DNS servers.

We can’t explain why that was the case and we don’t know why there hasn’t been an announcement regarding these seizures. One possibility is the existence of around 30 typhoonlabs and typhoonlabsiptv-branded domains still in rotation which may (or indeed may not) be connected to a similar service.

Since announcing the demise of one platform risks driving traffic to another with a similar name. In some cases, making no announcement at all may be the best option. Situations like this can’t be uncommon when attempting to tackle piracy on a global scale and may explain why so many cases go unreported.

MPA’s Domain Collection

Thanks to record numbers of domains being handed over to the MPA, the Hollywood group’s domain portfolio is larger today than ever before. The prospect of the collection growing exponentially isn’t off the table either.

While many pirate sites previously operated without issues from a single domain, today it’s not unusual for sites to have dozens, for reasons that include redundancy, obfuscation, and circumvention of measures such as ISP blocking and search engine downranking.

In contrast, some of the most iconic domains under MPA control, such as isohunt.com and hotfile.com, stand out in their own right, each with their own place in history. Spotting them among the other 3,100+ domains, reported by a Whoxy reverse WHOIS search, is still relatively easy. It’s unlikely to remain that way for long.

From: TF , for the latest news on copyright battles, piracy and more.

Pirate sites were early adopters of cryptocurrency. The Pirate Bay, for example, started accepting bitcoin donations in 2013.

At the time, a single bitcoin was worth roughly $120, just a fraction of today’s price of $43,000. If The Pirate Bay had kept all donations received it would have millions in bitcoin today.

Movie2K was another pirate site that showed an early interest in bitcoin. In its heyday, the site was the dominant pirate streaming portal in German-speaking countries. It generated a healthy revenue stream, part of it held in bitcoin.

Movie2K Bitcoin Loot

The operator of the site never got to spend most of it though. The site surprisingly shut down in the spring of 2013. Many suspected that legal troubles had plagued the site, something confirmed years later when Dresden police announced several arrests .

It was rare to see new activity in an already-dated dossier, but the biggest surprise followed later when the police announced that $29.7m in bitcoin had been secured from the site’s operators.

This ‘seizure’ was one of the largest of its kind but the authorities estimated that the operators had more bitcoin stashed away, much more. Today, new information released by Dresden police shows that the assumption was correct.

50,000 Bitcoin Secured

Following an investigation carried out by the Dresden General Prosecutor’s Office, the Saxony State Criminal Police, and the local tax authority (INES), nearly 50,000 bitcoin were ‘provisionally’ secured earlier this month. The haul is worth more than $2 billion at today’s exchange rate.

Never before has this much bitcoin been secured by German authorities; it’s also one of the largest crypto hauls worldwide.

“The Bitcoins were seized after the accused voluntarily transferred them to official wallets provided by the [Federal Criminal Police Office]. This means that a final decision has not yet been made about the utilization of the Bitcoins,” police write .

Operators Bought Bitcoin

The German authorities received help from forensic experts at the FBI to secure these assets. According to publicly released information, the operators earned money through advertising and dodgy subscription scams.

Interestingly, the site operators didn’t necessarily get paid in bitcoin; they purchased the coins. They started converting their revenue to bitcoin in 2012 when it was worth just a few dollars per coin.

Looking back, this must be one of the best investments ever made, although the operators don’t get to enjoy it. As noted by Tarnkappe , a 40-year-old German and a 37-year-old Polish man remain under investigation for copyright infringement and money laundering.

It’s not clear whether the authorities believe that all Movie2K bitcoin have now been secured, or if they have even more in their sights.

From: TF , for the latest news on copyright battles, piracy and more.

Despite MPA/ACE having enough investigators to field both teams in a football match, while players argue with an in-house referee in multiple languages, the state of piracy in North Africa and the Middle East presents a considerable challenge.

At the time of writing, over 150 deliberately confusing domains and subdomains, linked to around three dozen illicit football streaming sites, are redirecting to the ACE anti-piracy portal. The domains started to redirect on Saturday, still hadn’t finished on Sunday, and may not even be finished now.

No Announcement From ACE Just Yet

Faced with a risk of sudden domain suspensions, ISP blocking, or domains being penalized in search results due to persistent copyright complaints, it’s common for pirate sites to have a few domains at their disposal. There’s also a growing trend of sites with common ownership operating from dozens of confusingly-similar domains by design.

This strategy has the potential to complicate enforcement, including a not-insignificant chance of sites continuing under the guise of different ownership, even when on paper an entire operation has already been shut down. There are signs that some overseas site operators are finding opportunities by generating chaos on the surface, while remaining completely organized behind the scenes.

None of this provides immunity from enforcement measures, but confirming compliance becomes more complex.

The Football Piracy Ring

For the sake of clarity, subdomains and other distractions have been stripped from this sample of domains currently redirecting to the ACE portal.

livehd7.club, livekooora.tv, livekoora.io, live-koora-online.tv, live-kooora-tv.com, live-kooora-tv.net, live-koora.tv, kingshoot.club, kingfoot.live, kooora4.us, kooragoal.club, koora4live.club, koora2day.net, kora365.online, kooralive.io, kooora365.live, kora-tv.online, kora-online-tv.com, koraextra.club, koratvonline.net, kora-live.plus, kora-star-tv.live, kora-goal.net

One of the above domains, kooora4.us, shows how small changes can help to muddy the waters. The word ‘kura’ is Arabic for ball while ‘koora’ is broadly understood as relating to football; in this case, an extra ‘o’ appears in the mix while other domains contain one or two.

SimilarWeb data shows that traffic increased for kooora4.us during October at a time when traffic for a similarly-named domain was in steep decline.

Similar behavior can be seen across dozens of similar domains, although not always under common ownership or even in direct response to enforcement measures. Now redirecting to ACE, kooora4.us received 277.6K visits in December 2023, a peak now unlikely to return.

Kooragoal.club, another domain that began redirecting over the weekend, also increased its traffic in October before a decline set in the following month.

A quarter of kooragoal.club’s traffic came from Egypt, which along with Saudi Arabia and UAE, appears regularly in traffic reports for similar domains.

Most also receive traffic from countries including the United States, but the clear focus is North Africa and the Middle East, putting the sites firmly the crosshairs of ACE member, beIN Sport.

In November 2022, ACE settled with the operator of a series of websites with similar names, appearance, and functionality, to those that began redirecting this weekend.

While their operator agreed to shut them down, ACE acknowledged the existence of additional sites, noting that enforcement actions would continue.

Mirrored Fortunes & Those That Can Slip Away

At the time of writing, kooragoal.club (above) and kora-goal.net (below, right) are both redirecting to the ACE portal, having generated 1.16 million and 120.5K visits respectively during the period Oct 2023 to Dec 2023.

The chart to the right also includes kora-goal.com, which is currently operational and showing progress that closely mirrors the decline of kooragoal.club.

Both domains display a shift in fortune in early November before meeting in traffic terms in December, with kora-goal.com taking over as kooragoal.club prepared itself for redirection to ACE. Whether kora-goal.com is destined for new anti-piracy ownership or will go on to further boost its traffic is unclear.

Kooralive.io Had Significant Traffic

Between October and December 2023, kooralive.io received almost 2.1 million visits, so ACE will be pleased that its growth has already been curtailed. The interesting thing here is that kooralive.io had around 250K visits in October and then, almost if someone had simply flicked a switch , in November its traffic suddenly skyrocketed to around 1.8 million visits.

In at least some cases, this was achieved by redirecting traffic from other domains/subdomains operated by the same owner, to other domains/subdomains also owned by the same owner, which then redirected to subdomains on kooralive.io. Similar behavior can be observed on other domains which, unsurprisingly, are also operated by the same owner.

Getting Rid of the Roots

In addition to the domains listed as redirecting at the start of this article, it remained a question whether other domains with common ownership would also suffer the same fate, even if some had fallen out of use.

While ultimately it could prove impossible to weed out every last domain, showing links between the domains was surprisingly straightforward, and as far as we can see (a handful of outliers aside) all currently redirect to ACE.

Whether any agreement reached with the operator of the sites has enough teeth to prevent a resurgence is unknown.

At least for now, however, the removal of dozens of domains seems significant enough for a quick celebration before getting back to the job, which apparently never ends.

From: TF , for the latest news on copyright battles, piracy and more.