For more than a week, Verizon customers have been unable to access several popular pirate sites. The IP-addresses of sites such as NYAA and Mangadex are null-routed instead. While the blocks appear to be intentional, Verizon is keeping its motivation quiet. So why are these sites blocked and has it got anything to do with piracy? Could it be related to Russian CDN provider DDoSGuard, which the sites have in common?
A week ago, complaints started pouring in that Verizon is actively blocking pirate sites. The issue was widely discussed on social media as well, where some suggested that pirate site blocking has officially arrived in the US.
At first sight, it indeed seems this way. Popular sites such as NYAA and Mangadex are unreachable. The same applies to Kemono.party and many others.
Users who try to access the sites get an error message in their browsers instead, noting that the domain names are unreachable. The big question is why these domains are being blocked.
Not a Simple Error
To find out more we reached out to Verizon through the official press channels last week, but without any response. That leaves us with no other option than to simply report what we know and what this could potentially mean.
At this point, it’s clear that Verizon has known about the issue for over a week. Aside from reaching out ourselves, we heard from several Verizon subscribers who contacted the company. They were told that the issue was being investigated.
This suggests that it’s more than a simple routing error or misconfiguration. That would have been fixed by now. There is more going on here, it seems.
The Russian Connection
The blocked sites we know of have things in common in that they’re all pirate sites. Some operate in the anime/manga niches, but others such as vojvodinanet.com are inaccessible too. In addition, all sites use the same CDN and DDoS protection service, DDoS-Guard.
DDoS-Guard is a Russian CDN provider that’s considered a safe haven for pirate sites. A few months ago the company was reported to the US Government by Hollywood’s MPA, which said that DDoS-Guard is not responsive to takedown requests.
In addition to pirate sites, scammers, spammers, and other types of abuse also take place through DDoS-Guard. We don’t know if this is more prevalent than on comparable services, but it’s an important element to keep in mind.
Piracy Block or Collateral Damage?
NYAA and Mangadex have similar but different DDoS-Guard IP-addresses. NYAA uses 184.108.40.206 and Mangadex resolves to 220.127.116.11. Both IP addresses are blocked by Verizon and all traffic is sent into a black hole.
However, it is worth noting that other sites use these same addresses as well. This includes xn--bstchange-hib.com, which is a phishing site. Many other domains have their hosting accounts suspended, while ipts-money.site is linked to a dubious Ethereum and Bitcoin giveaway site.
Looking through the list we see several abuse-related domain names linked to those IP-addresses. For example, znot-stresser.com sounds a lot like a DDoS tool. That domain is currently offline but the list of questionable names doesn’t instill much confidence.
It is certainly possible that the NYAA and Mangadex IP-addresses are being blocked due to collateral damage because other sites of services are using those IPs for nefarious purposes. Large network providers regularly block malicious IP-addresses, so that wouldn’t be unusual.
Not a Typical Pirate Site Block
Verizon’s ‘looking glass‘ reveals that, in North America, the blocked IP-addresses are null routed to AS65512. This essentially means that all traffic goes into a black hole, which is a typical way to handle abuse.
This is certainly not how other ISPs block pirate sites. That often happens through a relatively simply DNS blockade. And when that happens, users often see a message explaining why the site is blocked.
In this case, users who try to access NYAA or Mangadex simply get an error message in their browser explaining that the domains are unreachable. Again, this applies to all sites that use these IP-addresses.
History of (Un)intentional Pirate Site Blocking
This isn’t the first time that pirate sites have found themselves mysteriously blocked. A few years ago, Cogent suddenly blocked several Cloudflare IP-addressed that were linked to The Pirate Bay and other pirate sites.
Cogent’s blockade was eventually linked to a court order, which required the Internet backbone provider to block several IP-addresses. Many of the pirate sites subsequently went down as collateral damage.
Comcast also has a history of unintentional blocking. Ten years ago the ISP’s users were unable to access The Pirate Bay. However, the company swiftly reached out to The Pirate Bay and resolved the issue within a few hours after it became public.
Verizon Has the Answers
To us, it seems unlikely that Verizon has unilaterally started blocking pirate sites – that all happen to use DDoS-Guard – without a court order. But it’s possible. Or perhaps there is a court order?
Verizon is the only one with the answers here but, for now, the company is silent.
Many thanks to TorrentFreak for the breaking news.