~$ ./jackson.sh

This pirate TV website pretends to be news if you access it directly

Published Sunday, October 3, 2021

A clever way to hide an illegal website

Piracy is (ironically) a very large business. Nearly 40% of Indian video consumption consists of pirated content1. The United States leads the world in piracy site usage, generating over 12 billion visits in 20202. The world loves free media.

Because piracy is so popular, there is a constant cat-and-mouse game between intellectual property owners and pirates. IP holders have a powerful weapon: the Digital Millennium Copyright Act (DMCA) takedown. Often, it is served directly to the hosting providers used by piracy sites. These hosting providers receive immunity from copyright litigation through the DMCA, but must respond quickly to takedown notices to maintain their immunity. Despite this, piracy sites are abundant and easily findable through mainstream search engines. How is this possible?

Piracy sites employ a variety of tactics to avoid having the plug pulled by their hosting provider:

That last one is new to me. While researching for this article, I discovered a website called KimCartoon which uses all three of these tactics.

img.png

It hosts its directory of shows on the "kimcartoon.li" domain name. However, when you click on an episode something interesting happens.

First, it sends you to a redirect that changes the HTTP referrer.

img.png

Then, you arrive at a website which has the pirated TV episode and a very unusual URL:

img.png

The URL contains "how-coronavirus-differs-from-influenza-symptoms-to-watch-for-this-flu-season". What? This seems like a slug belonging to a news article, not an episode of The Simpsons? Weird. Let's open the same link in a private browsing window.

img.png

When I visit KissCenter.net without going through KimCartoon.li I get a fake news site that steals articles from Fox! This is bizarre but genius. Consider the following scenario:

  1. An IP protection firm trawls the internet for copyrighted media in order to report it to its client (a copyright holder).
  2. The IP firm finds KimCartoon, clicks an episode, and finds a violation of its client's copyright.
  3. A report is sent to the client so their compliance team can send a DMCA takedown request. It contains a link to KissCenter.net, which is where the IP firm found the violation.
  4. The compliance team clicks the link and finds only news! Furthermore, if they send the link in a complaint to the hosting provider anyways, the host can claim they only see news on the allegedly infringing URL.

This tactic of disguising piracy websites makes it nearly impossible to link directly to the infringing content, as it can only be accessed by going through another domain first. I would guess it's highly effective at keeping piracy websites online longer.

I thought this was funny and wanted to share. Hope you found it interesting.