DMCA Ignored becomes more and more popular

File and stream hosting right now

File and stream hosting right now

DMCA ignored has become so big that it can hardly be ignored anymore. By not ignored I mean that MPAA or RIAA won’t let this get through so easily anymore. GO Unlimited started with this trend about a year ago and today there are about 10 more hosters. Such providers are popular at the moment because uploaders don’t have to upload again and again when they are deleted. But the content owners are getting impatient and the copyright agencies are more and more under pressure.

More and more lawyers are called in to locate the operators. Namecheap and Cloudflare are lately also increasingly under pressure. The domain of Openload was suspended and blocked only a few days ago, GO Unlimited was removed from Cloudflare. Namecheap has blocked and removed several filehoster domains. Subpoenas from RIAA caused some filehosters to disappear from the scene. Also many Warez pages were under pressure or disappeared from the screen.

In Germany, however, the situation is still relaxed. Portals like Kinox, Movie4k, S.to or bs.to are still online today and accessible without problems. The question, however, is whether Tonic.to will also disclose the data through subpoenas. Up to now there was no case that a .to domain was removed from the net. It is also not known whether more domain registrars are under pressure or only the two US companies Cloudflare and Namecheap. Russian domain providers like .ru or .su or .to still seem to be safe at the moment. International domain providers are under increasing pressure from the Content MAFIAA.

Some DMCA ignored file hosters on ogboard.com

There are many hosting providers that ignore all the DMCA requests because in many countries it is not regulated by law. But if it comes to a subpoena, then even the biggest Bulletproof Hoster will get scared. Information can be forwarded quickly, without problems. It is a big dilemma for all hosting operators. I don’t suspect that OVH, Ecatel, Obenetwork or other providers would cooperate with DMCA at all. The reason is simple. Money rules. If you can earn money with cheap hardware, other things are not relevant anymore. Offshore hosting is expensive and lucrative. Anyway, we are curious about what will happen in the future. What are your opinions on this? If you have other information or discussions, you can comment here.

AS29073, the most fucked-up network ever

ipvolume.net (before quasi networks)

This network has existed for more than 10 years and is known for what they host. Over the weekend, I stumbled upon an interesting blog called “Bad Packets”, where a fellow named Troy has written about various unsavory goings on involving various networks. One network that he called out in particular was AS29073 (today AS202425), formerly called “Quasi Networks” and now “IP Volume”. on his blog, this fellow Troy has noted at length some break-in attempts originating from AS29073 and his inability to get anyone, in particular RIPE NCC, to give a damn. The Master Needler, A Conversation with Ripe, Quasi Networks responds as we witness the death of the master needler.

The fact that RIPE NCC declined to accept the role of The Internet Police didn’t surprise me at all… they never have and probably never will… but I decided to have a quick look at what this newtork was routing, at present, which can be easily see here: http://bgp.he.net/AS29073#_prefixes

So I was looking through the announced routes for AS29073, and it all looked pretty normal… a /24 block, check, a /24 block, check, a /21 block check… another /24 block, and then … WAIT A SECOND! HOLY MOTHER OF GOD! WHAT’S THIS??? 196.16.0.0/14 !!! So how does a little two-bit network with a rather dubious reputation and a grand total of only about a /19 to its name suddenly come to be routing an entire /14 block?? And of course, its a legacy (abandoned) Afrinic block.

BREIN is Taking Infamous ‘Piracy’ Hosting Provider Ecatel to Court (torrentfreak.com)

And of course, there’s no reverse DNS for any of it, because there is no valid delegation for the reverse DNS for any of it… usually a good sign that whoever is routing the block right now -does not- have legit rights to do so. (If they did, then they would have presented their LOAs or whatever to Afrinic and thus gotten the reverse DNS properly delegated to their own name servers.)

I’ve seen this movie before. You all have. This gives every indication of being just another sad chapter in the ongoing mass pillaging of unused Afrinic legacy IPv4 space, by various actors with evil intent. They already documented this hightly unfortunate fad right here on multiple occasions: November, August

This incident is a bit different from the others however, in that it -does not- appear that the 196.16.0.0/14 block has been filed to the brim with snoeshoe spammers. Well, not yet anyway. But if in fact the stories are correct, and if AS29073 does indeed have a history of hosting outbound hacking activities, then the mind reels when thinking about how much mischief such bad actors could get into if given an entire /14 to play with. (And by the way, this is a new world’s record I think, for largest singe-route deliberate hijack. I’ve seen plenty of /16 go walkabout before, and even a whole /15. But an entire /14?? That is uniquely brazen.)

ipv4 from quasi networks

In addition to the above, and the points raised within teh Bad Packets blog (see links above) I found, via passive DNS a number of other causes for concern about AS29073, to wit: pastebin.com/feCztMn0

(In addition to the above, I’ve also found plenty of additional domain names associated with AS29073 which incorporate the names “Apple” “AirBnB”, “Facebook”, and “Groupon”, as well as dozens of other legitimate companies and organizations.) I confess that I have not had the time to look at any of the web sites that may or may not be associated with any of the above FQDNs, but the domain names themselves are certainly strongly suggestive of (a) the possible hosting of child porn and also and separately (b) the possible hosting of phishing sites. So, given the history of this network (as is well documented on the Bad Packets blog) and given all of the above, and given what would appear to be the unauthorized “liberation” of the entire 196.16.0.0/14 block by AS29073, one cannot help but wonder Why does anybody still even peer with these jerks?

The always helpful and informative web site bgp.he.net indicates that very nearly 50% of the connectivity currently enjoyed by AS29073 is being provided to them by Level3. I would thus like to ask Level3 to reconsider that peering arrangement in light of the above facts, and especially in light of what would appear to be the unauthorized routing of the 196.16.0.0/14 block by AS29073. Surprisingly, given its history, AS29073 apparently has a total of 99 different peers, at present, and I would likewise ask all of them to reconsider their current peering arrangements with this network. I am listing all 99 peers below.

Before I get to that however, I’d liek to also note that there currently exists, within the RIPE Routing Registry, the following route object:

ipvolume.net hosted websites

route: 196.16.0.0/14
origin: AS29073
mnt-by: QUASINETWORKS-MNT
mnt-by: EC42500-MNT
mnt-routes: EC42500-MNT
mnt-routes: M247-EU-MNT
created: 2017-03-28T21:47:03Z
last-modified: 2017-08-11T19:58:39Z
source: RIPE

I confess that I am not 100% sure of the exact semantics of the “mnt-routes” tag, but it would appear from the above that the UK’s M247 network (AS9009)… which itself is not even peering with AS29073… appears to have, in effect countersigned the above RIPE route object, vouching for its correctness and authenticity as they did so. Why they would have done that, especially given that they themselves are not even peering with AS29073, is, I confess, beyond me. But I would love to have them explain it, or even try to explain it. It’s enigmatic, to say the least. Anyway, the “created” date in the above record seems to be consistant with that actual start of the announcement of 196.16.0.0/14 by AS29073, which the RIPE Routing History tool says occured sometime in March of this year.

One additional (and rather bizzare) footnote to this whole story about the 196.16.0.0/14 block has to do with the entity that allegedly -is- the current rightful owner of the block (as far as Afrinic is concerned). That entity is designated by the Afrinic handle ORG-IA41-AFRINIC and that in turn has an admin-c and tech-c of NAIT1-AFRINIC. The record for that handle is as follows:

Ecatel.net

person:          Network and Information Technology Administrator
address:        Unit 117, Orion Mall, Palm Street
address:        Victoria, Mahe
address:        Seychelles (SC)
phone:          +972-54-2203545
e-mail:          info at networkandinformationtechnology.com
nic-hdl:         NAIT1-AFRINIC
mnt-by:        MNT-NETWORKANDINFORMATIONTECHNOLOGY
changed:      info at networkandinformationtechnology.com 20150725
source:         AFRINIC

Upon fetching the current WHOIS record for networkandinformationtechnology.com I found it more than passing strange that all of the contact details therein are associated *not* with anything in Africa, nor even anything in the home country of AS29073 (Netherlands) but rather, the address and ophone numbers therein all appear to be ones associated with a relatively well known Internet attorney in Santa Monica, Califiornia by the name of Bennet Kelly. As it happens, in the distant past (about 10 years ago) I personally crossed swords with this particular fellow. He may

bad packets biggest enemy

be a lot of things, but it never seemed to me that stupid was one of them. And indeed the domain name networkandinformationtechnology.com and all of its connections to the 196.16.0.0/14 block appear to date from 2015… long before AS29073 started routing this block (which only started in March of this year).

So, my best guess about this whole confuseing mess is that the -original- legitimate owners of the 196.16.0.0/14 block most probably sold it on, in a legitimate transaction, to some other party in 2015, where that other party was/is represented by Mr. Bennet Kelly, Esq. And my guess is that neither he nor the new owners, who he represents, even know that their expensive /14 has gone walkabout, as of March of this year. I will be trying to make contact with Mr. Kelley today to discuss this with him and will post a follow-up if any new and interesting information arises from that conversation.

Peers of AS29073:
pastebin.com/prV5YNCh

The Kinox.to Group

bitshare.com

Many from the scene, especially from Germany, know the Kinox.to group and the old Kino.to. Kinox and Movie4k all originate from Kino.to and Movie2k. There have been rumours and speculations about who the operators might be. Since the foundation of the portals, the German authority has been working to remove them from the net. It is assumed that the largest Warez and Stream portals in Germany belong to the same operators. These sites are Kinox.to, Movie4k.to, Boerse.to and Mygully.com. They have the same Cloudflare connections and even before they knew that many of the sites are on the same servers. Among other things it was also said that they belonged to ddl-warez.to and also these web pages are operated by the same persons. For years Kino.to was the most famous stream portal in Germany and left the biggest headlines behind. The revenues were in millions in one month. Everything about Kinox, Kino.to and its history can be read on Tarnkappe (German), or Torrentfreak (English).

My blog post is not about the Warez portals themselves. It’s about the phenomenon of their hosting providers that were used in the past. There used to be very large stream and file hosting sites. These called themselves as follows: Bitshare.com, Duckload.com, Freakshare.com, Archiv.to, Freeload.to and others. The business model of Kino.to at that time was not only to run a stream portal, but to run several portals. It even went so far that own hosting and stream hosters were founded to earn money through premium. It was a real business where you could earn a lot of money. That’s exactly what happened. They had reached their goal and thus also the great attention.

Many still have a big question mark. How could a new portal like Kinox.to be created after Kino.to was taken off the net and the companies were arrested after about two days? It went relatively fast and the copy of Kino.to appeared after two days out of nowhere and was able to get the throne. It is speculated that Kinox.to belongs to the same operators and until today it was suspected that the real operators were caught although they were not caught or only a part of it?

akrino inc

Even later, after Kinox.to went online, the same DDoS protection from Akrino Inc was used as it was for Kino.to. Akrino Inc was a private and expensive DDoS protection in the form of a reverse proxy that could only be obtained through Russian Business Network contact. Through an inquiry at RIPE you got the mail from Akrino, but you didn’t always get an answer from them.

Then there’s another question I’m asking myself today. Why are Bitshare.com and Freakshare.com still online today? The subpages are no longer available but you can still see the start page today. Both portals have been inactive for more than 5 years but are still online. Such portals were a part of the old Kino.to team and were still online after the bust of Kino.to. The German authorities used to think that after the arrest of Kino.to several portals would go offline which didn’t happen. Some hosting operators were arrested who cooperated with Kino.to and also later cooperated with the German GVU. Kino.to was in its time a real company with many employees and partners. There were even some Hetzner employees who cooperated with Kino.to to earn some money. Archiv.to had all its storage servers at Hetzner. An employee of Hetzner who also knew what was distributed on Archiv.to cooperated. Russian Business Network cooperated with various hosting services that were used. Ecatel, Dragonara and Akrino were all involved.

cloudflare scan

The Kreshnik and Kastriot Selimi brothers from Kosovo are suspected of having run the Kinox.to group. But I still suspect that both brothers are innocent and not the right operators. The German police accuse the brothers of violence, weapons, coercion, arson and threats. But if you look at the pictures of the two brothers, this can hardly be possible. They simply look like two innocent nerds. The German police themselves do not know who the operators are. They speculate and wait until the operators make a mistake, which they didn’t make after Kino.to went offline. They search for the Selimi brothers and the Warez pages are still online today. Many things don’t make sense and it is questionable how Germany operates against them. Much is veiled and lied. Therefore these Warez pages are a phenomenon today. Many suspect honeypots behind the portals and don’t even want to work with them anymore.

If you scan the Cloudflare name servers or the SSL, you will see how many domains are actually involved with Kinox. Of course this does not mean that all domains are involved. It only means that on the same name there are also domains that others use. But certain domains stand out and one can only think that they must have almost a connection. Like on the photo with crypt.to.

What my thoughts on the whole Kinox Group are, I’ll keep my hands off it. A whole group of operators cooperating with RBN. Have fingers on almost all Warez pages. In principle they control the whole German Warez scene. Be it a hosting operator, proxy provider, stream hoster or just a DDL site. It could also be that a Hetzner employee runs the whole site if they were already involved before? They always say your friend is the biggest enemy and I think it is the same with all these Warez pages. I guess Kinox is run by someone the police would never think. What is your opinion about these portals?

Now it happened with Openload

wjunction users

What I had suspected for months has now also happened with Openload, Streamango and Streamcherry. Rapidvideo had given the go-ahead and now another one follows. It will not be the first hoster to make this decision. There will be some more to follow, I’m sure. Openload announced yesterday around midnight to completely remove their Pay-Per-View system. Users who should have more than 20$ on their account still have the possibility to pay out. Payouts can still be made until April 30th.

Many Wjunction users thank Openload for years of loyalty and a service they could offer. There has never been such a stream host in the streaming scene as Openload. Years ago Streamcloud was number one with an Alexa rank of 500 and Openload made it to the top up to Alexa 105 with 230 million unique visitors per month. Openload accounted for 0.8% of worldwide traffic on the Internet. Openload caused more traffic than HULU or HBO Go. After such a big announcement of Openload, many loyal users and big uploaders will have to put an end to the service. However, it probably doesn’t mean the end of Openload. If a company gets a monopoly position, it is still needed, even if it doesn’t offer anything. Through years of offering, there are uploaders who have become accustomed to the service. Especially visitors. Watch the video of Sandvine to see the Global Traffic Consumption. Global Internet Phenomena report 2018.

wjunction right now

This decision only leads to the drastic changes in the file hosting scene that I wrote some time ago. Big law changes in Europe, the eCPM are extremely pushed down. Adblocker user numbers have almost doubled the last five years. This also means that Pay-Per-Download and View is simply no longer profitable for webmasters today. Small hosting providers like Vidoza or GOUnlimited can still hold their own relatively well. The reason is simple, because the traffic from these sites is not as high as the traffic from Rapidvideo and Openload. The bigger the traffic, the less you earn through the eCPM of the advertisers. Also Vidoza and GOUnlimited have to decide sometime. What we can think, however, is that PPS will be up to date again. Previously there was only PPS on Duckload, Archiv.to, Freakshare or Bitshare. At some point there came a new trend reversal with PPV which seems to disappear again and PPS becomes in.

If an experienced hosting provider like Openload has decided for something like this, there must be reasons for it. This does not happen without a reason.

the new openload? verystream.com

But it was interesting in the thread of Openload itself. A user shared a page called Verystream.com. The site is exactly the same as Openload and you can import the links from Openload to Verystream without having to upload them. It looks like Verystream belongs to Openload. However, so far there has been no official confirmation nor is there an official support thread on Wjunction from this website. That’s why we can only speculate at this time.

The operators of GOUnlimited can now benefit from this whole thing. In a short period of time Rapidvideo and Openload have simultaneously stopped the PPV. GOUnlimited benefits from the whole thing and now has to cope with the massive traffic. This is how the admin of GOUnlimited on Wjunction describes the whole thing. I had already wondered about this hoster before how it is possible to ignore so many deletion requests from companies in the USA. GOUnlimited ignores almost all DMCA requests. We are curious about the whole development and so it looks as if GOUnlimited will take the monopoly at the moment. We hope the best and much success for the whole stream and filehoster webmasters.

affiliate threads @ wjunction

Many uploaders of Wjunction are very suspicious of this whole thing of GOUnlimited. There is almost no trust in the service because they suspect that GOUnlimited would eventually disappear from the net. GOUnlimited moves very deep in the grey area. So far, amazingly enough, the whole scene is very quiet. Many webmasters have not responded to Openload’s action. Maybe many welcome it because they can intercept the traffic as well as GOUnlimited does? Or are there already fierce discussions that some operators should follow? We will see what else will happen. On my blog you will stay up to date. In the comments you can give your opinion.

More information can also be found on Tarnkappe. But only in German.

Drastic changes for filehosters

openload.co

In the next few years we will experience a revolution in the Internet. I am very convinced of that. Not in the sense of the whole Internet, but in the file hosting industry. Articles 13, 17, 11, Adblocker and advertising companies force filehosters to make massive changes. You guys have to understand the whole thing with articles 13, 17 and 11 all changed again. Adblock numbers have increased rapidly because even the stupidest users use Adblockers today. Advertising companies have pushed the CPM so hard that PPD (Pay Per Download) is no longer profitable today. Only PPS (Pay Per Sale) is profitable. Not only that, the advertising companies are forced today by some governments that they require personal data. There has never been such pressure before. Here for example you can read more. As if this wasn’t enough, the most used browser called Google Chrome has now brought an update that even blocks most pop-ups and ads. That was another slap in the face for all filehosters who actually need income to finance their servers.

We have to admit, we don’t live in golden times anymore where we could earn more than 100$ as webmaster for 20k impressions a day. Today it is for 20k impressions from the same countries with 100 times less CPM only maybe 10$. That is 90% less than 8 – 10 years ago in the file sharing scene. The times when streamhosters like Streamcloud, Duckload, Archiv.to, Filebase, Freeload and many other providers could earn a golden nose is no longer possible today. Also the Movshare group like Nowvideo, Videoweed or the group with Fileserve could enrich itself. Filehoster services such as Uploaded, Share-Online and Rapidgator can actually only keep themselves in the stable level through premium revenue. Even these sites would not be able to achieve anything without the revenue. At the moment there are 4 factors that put extreme strain on filehosters. Uploaded is also massively under pressure and will no longer be able to withstand this. Even a secure place like Switzerland is no longer as secure as it used to be.

A court decision for Rapidshare is still awaited

What filehosters are putting under extreme pressure at the moment:

  • Articles 13, 17, 11 put the file hosters under extreme pressure. This new law has caused extreme upheaval in some countries. Countries like Switzerland are also affected. There, for example, is Uploaded.
  • Adblockers have increased dramatically and the CPM are no longer profitable for filehosters. Bandwidth is still too expensive in Europe even if server prices have become cheaper over the last 10 years. Only PPS is profitable and no longer PPD.
  • Advertising companies like PropellerAds, PopAds that were once safe started using KYC. (Know Your Customer). Now it is mandatory to collect data and personal data from website operators because certain governments require it due to the high pressure. And no filehoster wants to give away data even if the site is on a legal level. Megaupload was also legal and Kim Schmitz was still fucked in the ass.
  • All over the world 80% Google Chrome is used on PCs and this browser will bring a big anti-advertisement update this summer.

Also Rapidshare had his company in Switzerland like Uploaded. Even though Switzerland may be a safe place because of the lax Internet laws, it could be dangerous for uploaded.

Rewards at Openload

On Wjunction some topics are hotly discussed as to why payments are no longer so regular. Many uploaders and well-known uploaders complain about the current situation and some even fear about its existence, because otherwise they could not earn anything more. Wjunction is still a webmaster forum for file sharing services. There are still many uploaders and official threads for filehosters. But also in this forum the activity has drastically decreased if you compare the numbers of the last 8 years. There are always new filehosters that open new topics on Wjunction but close later again because they are simply mistaken in this industry. Today there is only a small amount of successful filehosters left. Exactly because of the reasons that were listed above. It is said again and again that Openload delivers the payouts more and more late. Uploaded delays the payouts also massively and also in other filehoster topics rumors circulate again and again that payouts are delayed. Are some filehosters in a bottleneck? Some uploaders from the scene do not want to realize what is happening or do not understand the current situation. However, it is obvious what is happening here. The internet is changing again due to laws and the technology you have to adapt to.

We are curious how big providers like Rapidvideo, Openload, Vidoza will react and what the next steps will be. Here you can discuss what you think about the current situation. It is also very obvious that currently the Warez Scene is slightly inactive. Since the boom of Netflix and Spotify there are sites that are simply too unattractive for the world. Maybe it’s just in today’s digitalization? Because people are too lazy? I will keep you up to date on everything here on my blog.