Over the past few weeks, football organizations and broadcasters around Europe have been obtaining and/or renewing permission to block access to unlicensed online streams.
The Premier League obtained an injunction extension late July, and was closely followed by pay-TV broadcaster Sky which had specific IPTV providers in mind for its blocking measures. The Union of European Football Associations (UEFA) also obtained a High Court blocking injunction last month, after obtaining similar permission in previous years.
The details of these orders, and others obtained by broadcasters elsewhere in Europe, are not made public, but their purpose is well known. The aim is to prevent (or at least disrupt) access to servers that are connected to the supply of infringing streams. In many cases these servers are either operated by IPTV providers themselves or affiliated third-parties. Beyond that, their functions and locations are rarely mentioned in public.
Inside a Live UEFA-linked Blocking Order
Given the international nature of UEFA competitions including the Champions League and Europa League, blocking orders are obtained via approved systems in various EU Member States. That may involve a court appearance or a presentation of facts to an administrative body with the authority to approve ISP blocking measures.
A blocking order authorized through one of these processes was recently made available to TorrentFreak. It describes the need for blocking measures in some detail along with a list of IP addresses to be blocked by internet service providers in an EU Member State, to protect local broadcasters licensed to air UEFA tournaments.
The order adds to mounting evidence that while rightsholders can certainly monitor IP addresses used during a match, the IP addresses they initially intend to block are known well in advance. This means the IP addresses will be immediately blocked by ISPs when games begin, regardless of whether they actually stream a particular match or event.
The ‘Pirate’ IP Addresses
Tests on a selection of the IP addresses listed for blocking didn’t always produce the same results across various IP geolocation services. However, when there were large geographical differences of opinion, ping timing mostly settled the dispute. The image below indicates the supposed locations of the IP addresses/servers listed in the order (ipinfo.info data) and shows that many are ostensibly located within Europe itself.
Based on the locations returned for the IP addresses in the order, around 30% are linked to hosts/service providers in the Netherlands, 14% linked to hosts in Germany, 10% in Bulgaria, with Sweden and Ukraine accounting for around 7% each.
Outliers include an IP address supposedly linked to a server hosted in Azerbaijan (Asia), or potentially Sweden, depending on opinion, plus IP addresses linked to Jordan but geolocated in Europe. Other IP addresses apparently do link to servers in Iran (Middle East) while others linked to Hong Kong (Asia) are both disputed and undisputed, depending on the location service used.
Multiple listings for the same ISP/IP range are excluded from the table below, while we excluded another allegedly-infringing IP address for wasting the time of the ISPs ordered to block it. As explained here, IP addresses in the range 172.19.X.X are reserved for local use, so including them in a blocking order won’t help to reduce piracy.
The fact that the IP address was submitted to the authorities and then somehow passed their scrutiny suggests that appropriate checks aren’t being carried out. How many more of these errors exist is unknown because the system operates that way by design.
The inclusion of any service provider in the list below is solely due to their link with the IP addresses submitted for blocking and not an indication of wrongdoing. Rightsholders are responsible for making ISPs aware of allegedly infringing activity and ISPs have no duty to proactively monitor customers
| IP Addr | Region | Country | City/Town | ISP/Operator |
|---|---|---|---|---|
| 45.xx.x.x | Asia | Azerbaijan (Disputed/.SE) | Qaraçuxur | TVNET Solution |
| 45.xx.x.x | Europe | UK | London | TCK OOO |
| 45.xx.x.x | Europe | Netherlands (Disputed/.DE) |
Amsterdam (Ping suggests .NL not .DE) |
Ipxo** (See note below) |
| 46.xx.x.x | Europe | UK/Ukraine | London/Mariupol | Ipxo** |
| 169.xx.x.x | Europe | Germany | Frankfurt | Datacamp |
| 193.xx.x.x | Europe | Poland | Gdansk | HITME.PL |
| 193.xx.x.x | Europe | Sweden***(Disputed/.NL) | Stockholm (Ping suggests .SE, not .NL) |
TVNET Solution |
| 141.xx.x.x | Europe | France | Gravelines | OVH SAS |
| 37.xx.x.x | Europe | Bulgaria | Sofia (Multiple IPs) | Host9x Web |
| 141.xx.x.x | Europe | Germany | Limburg | OVH SAS |
| 194.xx.x.x | Asia | Hong Kong | Cent/West | 369 IntoNet |
| 45.xx.x.x | Europe | Netherlands (Disputed/UK) | Amsterdam (Ping suggests .NL not .UK) |
IT Web |
| 103.xx.x.x | Europe | Germany | Frankfurt | UK2/GZ Remittance |
| 95.xx.x.x | Europe | UK | Maidenhead | Iomart Hosting |
| 143.xx.x.x | Europe | Netherlands | Amsterdam | Datacamp |
| 62.xx.x.x | Europe | Netherlands | Naaldwijk | WorldStream |
| 149.xx.x.x | Europe | Netherlands (Disputed/.MX) | Amsterdam (Ping suggests .NL not .MX) |
Cogent Comms. |
| 45.xx.x.x | Europe | Netherlands (Disputed) | Amsterdam/Ukraine (Tests inconclusive) | Sollutium EU |
| 95.xx.x.x | Europe | UK | Maidenhead | Iomart Hosting |
| 89.xx.x.x | Europe | Germany | Frankfurt | Datacamp |
| 82.xx.x.x | Europe | Netherlands | Amsterdam | Parsun Network |
| 176.xx.x.x | M/East | Jordan (Disputed) | Amman | Ipxo** |
| 193.xx.x.x | M/East | Iran | Tehran | IR Research Org |
| 185.xx.x.x | NAM | U.S. (Disputed/.UA) | New York | Virtual Systems* (See below) |
| 149.xx.x.x | NAM | U.S. | Los Angeles | LogicWeb |
* The entry 185.xxx. geolocates to the U.S. There are claims its true location is Kyiv, Ukraine.
**IPXO is a marketplace for IP addresses (see here) IP address geolocation data may indicate two locations; e.g the entry above beginning 46.XXX locates to both Mariupol, Ukraine, and also the UK (AS49999)
*** The entry 193.xxx. geolocates to the Netherlands. Sweden seems more likely based on ping data
While records exist to link IP addresses to the companies/entities with ultimate control, mapping IP addresses to physical locations is an inexact science. Even companies operating in the ‘IP to location’ market supply data with caveats, so the same also applies to the information listed above.
There are disputes over the true locations of many IP addresses in the list, and it’s likely that at least some of that confusion exists for that very purpose. In respect of blocking an IP address, none of it really matters in the end, but bouncing between the UK, U.S, and Ukraine can make a traceroute look pretty.
Basic tests on these and related IP addresses reveal that around a third most likely act as reverse proxies (ports 80, 443, 8081) while others suggest the presence of software linked to encoders, playlists and other related tools.
Full IP addresses were used in our tests but are limited here to the first octet.
