It’s not unusual for piracy groups to have dozens of domains in storage for when things go wrong, but none has a bigger collection than Hollywood itself.
The MPA still owns isoHunt’s domain following its legal defeat a decade ago, alongside other spoils of war following battles with Popcorn Time, YTS/YIFY (the real ones), Hotfile and Openload. These examples represent just a handful of domains from a collection that has exploded since the 2017 launch of the Alliance for Creativity and Entertainment.
Over the past few days, another dozen or so domains boosted the existing haul of several hundred domains that no longer play a part in the piracy landscape.
IPTV Targets Shutdown, Domains Stripped
As reported last November, DMCA subpoena applications filed in the United States revealed that ACE had developed an interest in pirate IPTV service MagisTV.
Early December 2022, ACE/MPA quickly took control of two domains – Magisglobal.net and Magistvapk.com – presumably as part of its ongoing investigation. During the last week or so, several additional domains were taken over, including magistvcostarica.com, magistvglobal.com, magistvparaguay.com, magistvbolivia.com, magistvbrasil.com,, magistvchile.com, magistvcolombia.com and magistv.global.
Late last week, signs pointed to yet another IPTV takedown. A service that had been variously known as Opt TV, Optimum IPTV, Opt Hosting and Opt Hosting IPTV, was suddenly identifiable as another ACE casualty. Offering a reported 1,300 channels, including PPV events, international and 24/7 channels, Opt IPTV had been available across multiple devices for as little as $8 per month.
With key domains opt.tv and opthosting.com now redirecting to the ACE anti-piracy portal, that rodeo is probably over. Whether the same is true for another domain redirecting to ACE is less clear, but this one is markedly different from those usually associated with ACE work.
Seizures and Redirects
One of the clearest signs that ACE has shut down a pirate site or service is the appearance of a seizure banner on the platform’s homepage. The text is unmistakable and largely self-explanatory.
In the majority of cases, a WHOIS lookup reveals that domains are now operated by the Motion Picture Association. This removes all doubt over a domain’s status but in some cases, domains are never transferred. In January 2021, ACE announced the closure of Megadede; the site’s domains were never transferred yet still redirect to ACE.
There are also cases where piracy domains redirect to ACE for no apparent reason, the MPA previously informed us. That raises the question of what alliance4creativity.xyz is all about and why it currently redirects to the official portal at alliance4creativity.com after being registered last month.
Domain Shows No Sign of MPA/ACE Ownership
Domains under full MPA/ACE control usually have a particular signature. With MarkMonitor listed as the registrar, the Motion Picture Association, Inc. is openly displayed as the registrant along with one of two specific email addresses. The domains also use the MPA’s name servers at ns3 and ns4.films.org and ultimately are directed to Amazon-owned IP addresses.
Alliance4creativity.xyz has different characteristics. It was registered with Namesilo on March 27 with PrivacyGuardian.org hiding the registrant’s details. The domain uses Cloudflare for hosting and DNS, and uses ProtonMail as its email provider. It transitions seamlessly to the real ACE portal like the official domains do, despite having none of their technical characteristics.
The MPA informs TF that they’re investigating the domain, so we hope to get a comment in due course. However, if this turns out to be an imposter domain, the potential for abuse can’t be understated. ACE has a pretty fearsome reputation woven into its branding so if people believe that they’re being contacted by the real ACE, that could lead them to do extraordinary things.
How Bad Could it Get?
Only MPA/ACE can clear up the true status of this unusual domain, but given the current climate of phishing, extortion, blackmail and similar online exploitation, considering the potential implications is useful since the same tactics are widely deployed elsewhere.
If a victim can be convinced they’re speaking to a specific person or entity, the potential for abuse is almost limitless. Considering that pirates represent obvious targets, a smart opening move in a hypothetical scenario would be to ensure no one else gets involved by insisting on confidentiality. From there, a malicious actor could attempt to ‘seize’ domains, extract a settlement, or resort to basic blackmail.
None of that would help ACE and could even make enforcement efforts more difficult in the future. There may also be a more benign explanation but only ACE/MPA and the domain owner are in a position to confirm that. We’ll update this article as soon as we know more.
Update: TF received an email from the domain owner who claims to buy ‘important domains’ to resell. We asked what use the domain could be put to and we’re waiting for a response.
