From the perspective of rightsholders, blocking domains and IP addresses is necessary to counter a persistent threat from online piracy. In this context, they insist it is reasonable to force internet intermediaries to intervene, using blocking measures that also elevate the risk of unintended consequences and collateral damage.

With blocking demands moving towards a ‘real time’ requirement as standard, increasingly unsupervised blocking exposes third parties to a risk of becoming collateral damage in a war that already transcends national borders.

With no requirement to report incidents of overblocking, and third party claims routinely dismissed as unsubstantiated hearsay, the findings of a new study focused on Italy’s Piracy Shield platform provides an opportunity for reflection.

The peer-reviewed study reveals that broad-scope blocking significantly disrupts legitimate online services, renders IP address space unusable, undermines the operation of legitimate businesses, while posing a broader systemic risk encompassing national infrastructure.

Piracy Shield: Collateral Damage and Efficacy

The credentialed authors of the study , 90th Minute: A First Look to Collateral Damages and Efficacy of the Italian Piracy Shield are Raffaele Sommese , Anna Sperotto , Jeroen van der Ham , and Antonia Affinito at the University of Twente, Netherlands, and Antonio Prado , an independent consultant in Italy.

Motivated by the aggressive piracy countermeasures of Italy’s Piracy Shield, related collateral damage, and a lack of empirical data on the platform’s real-world impact, the study aims to provide the first data-driven investigation into the platform’s efficacy and unintended consequences.

Obtaining Data, Understanding Blocked Resources

In an environment that the researchers describe as favoring “enforcement efficiency over full transparency” access to relevant official data was an immediate challenge. Resources blocked by Piracy Shield are not published by telecoms regulator AGCOM and an unofficial list of blocking tickets available via ISP Infotech appear only in redacted form.

A Piracy Shield dataset leaked to GitHub, containing ~11,000 IP addresses and ~42,600 fully qualified domains (FQDN), provides the foundation for the study.

Of these domains, 18,849 (44.2%) were confirmed as still blocked, while 23,805 (55.8%) had been removed. Verified by the researchers as authentic after cross-referencing with Infotech data, the same dataset was independently reviewed by TorrentFreak in 2024 and is considered reliable.

Identification of the blocked resources and exploration of their characteristics, allowed the researchers to evaluate ownership, operational control, while inferrinng hosting and leasing activity; i.e IP addresses likely to belong to leased address space.

The researchers leveraged data provided by OpenINTEL to identify domains either hosted on blocked IP addresses or referring – via CNAME records – to blocked FQDNs. They also conducted their own scan of 1.8 billion FQDN extracted from Certificate Transparency logs to identify shared infrastructure and potential collateral damage.

Distribution of Blocked IPs and FQDNs

From February 2, 2024 to June 4, 2025, a total of 3,782 blocking requests (tickets) were issued to the Piracy Shield platform. Of those, 1,817 (48%) tickets targeted at least one FQDN and one IPv4 address, 1,719 (45%) targeted only FQDNs, and 246 (7%) targeted only IP addresses. The distribution of blocked IP addresses per country and FQDN per TLD are shown in the tables below:

Table II shows that 37.9% of the IP addresses blocked by Piracy Shield are hosted in the Netherlands followed by Germany (9.0%) and Romania (8.2%), with a relatively modest 843 IP addresses (7.7&) located to the United States.

“Interestingly, 2.5% of the blocked IPs are located in Italy, and 76.8% of the blocked IPs are within the European Union, where copyright owners may have better leverage to identify illegal streaming perpetrators and take them down,” the researchers note.

Distribution across the top 15 hosting infrastructures for the 10,918 IP addresses, by company, /24 networks (2,134 overall), and ASN (262 overall), is shown in the table below. (Note: As referenced in the study, a ‘/24 network’ is a Class C IPv4 network supporting 254 hosts)

“Interestingly, a single company – GZ Remittance— hosted more than 9.5% of all blocked resources, concentrated in just 15 distinct /24s. This may suggest that the company is highly favored by illegal streaming operators, who likely rotate through IPs to evade blocking. The same pattern is observable for NexonHost, which shows similar figures,” the study notes.

“OVH stands out for having the highest number of unblocked IPs – 41 in total, accounting for almost one third of all unblocked addresses. This suggests that shared resources may have been inadvertently affected, or that the infrastructure was later reused for benign purposes.”

IP Addresses and Leased Address Space

The researchers observed that of the 10,918 blocked IP addresses, 2,618 (24%) were linked to leased address space. This is significant; leased address space can be used as an evasion tactic and could lead to collateral damage when ‘pirate’ leases expire and IP addresses are made available under a new lease.

The study found that, on average, 7.5 IP addresses per /24 were blocked in leased address blocks, compared to just 4.5 IP addresses per /24 in non-leased blocks. This suggests that some pirates prefer leased address space, leading to potential collateral damage when blocked IP addresses are reassigned under a new lease. Interestingly, 453 IP addresses were leased for the first time after being blocked, signaling major Italian connectivity issues for the new operator of those IPs.

Furthermore, with assistance from IP leasing broker IPXO , the researchers were able to identify an additional 1,012 IP addresses spanning 121 /24 networks still subject to Piracy Shield blocking. Of these, 268 IP addresses (across 32 /24s) were no longer leased by the same companies, with 250 IP addresses (across 23 /24s) having been re-leased to different companies.

“These results highlight a significant risk of collateral damage for companies that may find part of their address space unusable when communicating with Italian customers,” the study notes.

Collateral Damage

The study uncovered significant and widespread collateral damage, mostly caused by IP address blocking.

During the study’s timeframe, 7,114 FQDNs were either completely or partially affected by Piracy Shield blocking, with 510 domains manually confirmed by the researchers as legitimate websites, unconnected to any streaming-related activity.

Of these, 373 domains were disrupted by IP address blocking, including personal branding pages, company profiles, hotels, restaurants, a car mechanic, a nunnery, retail shops, an accountant, and a telehealth missionary program. In three cases, blocking single IP addresses caused 60 collateral blocks each.

Between February 2024 and June 2025, 7,742 FQDNs were impacted by IP address-level blocking. In 7,232 of these cases, all hosting IPs of the affected FQDNs were blocked and in 302 cases a subset of their hosting IPs suffered disruption. Mail server IPs were blocked in 782 cases and disruption due to nameserver blocking was observed in 397.

In one case a single blocked Hetzner IP address disrupted 325 domains, one of which was operated by a Portuguese hosting provider that suffered 16 days of lost email connectivity with Italian customers. Anycast IP addresses belonging to DDoS protection providers including StormWall and DDoS Guard were also blocked and in Italy, nine domestic websites – including an Italian marketing company using an OVH IP address – remain unreachable.

On average, domains affected by Piracy Shield-related collateral damage remain impacted for ~320 days.

Conclusions and Discussion

The study’s findings validate warnings from Italy’s ISPs before Piracy Shield’s launch early 2024. In broad terms, there were two critical issues: 1) IP address blocking would cause collateral damage and 2) Blocking would prove ineffective while imposing an unacceptable burden on local ISPs.

“Our results on the collateral damages of IP and FQDN blocking highlight a worrisome scenario, with hundreds of legitimate websites unknowingly affected by blocking, unknown operators experiencing service disruption, and illegal streamers continuing to evade enforcement by exploiting the abundance of address space online, leaving behind unusable and polluted address ranges,” the researchers note.

With emphasis that the study offers a “conservative lower-bound estimate” that likely misses “cascading disruptions on other services like APIs, email, or databases that rely on direct IP connectivity”, the impact of Piracy Shield is likely understated.

“Technically, it risks systemic failure by blocking shared infrastructure like CDNs and DDoS protectors while polluting the IP address space for future, unsuspecting users. Operationally it imposes a growing, uncompensated burden on Italian ISPs forced to implement an expanding list of permanent blocks.”

Mitigation

The researchers make many solid recommendations, the majority of which have been aired dozens of times previously before being routinely rejected. With the support of evidence presented within this study, conducted by highly competent experts in relevant fields, it’s hoped that opportunities to mitigate damage will receive greater attention.

• IP-level blocking is indiscriminate, has consequences outweighing its benefit, and should not be used
• Many illegal streaming services operate within the EU; rightsholders’ legal action should target them there
• Resource owners should be notified immediately when their assets are blocked
• A fast unblocking mechanism must be made available
• AGCOM should publish a list of all blocked resources to enable third party review and remedial action
• Control of critical infrastructure under a single opaque platform remains ill-advised

To conclude, we hope that this work sparks a thorough discussion among Italian operators, AGCOM, and national policymakers on reconsidering the Piracy Shield initiative. This reflection must account for the significant collateral damage to legitimate infrastructure and the potential threat to national security the platform may pose. Ultimately, the challenge is not whether piracy should be fought, but how to do so without endangering the very principles and infrastructure that sustain the Internet as we know nowadays.

90th Minute: A First Look to Collateral Damages and Efficacy of the Italian Piracy Shield, published as part of the upcoming 21th International Conference on Network and Service Management , is available here (pdf)

From: TF , for the latest news on copyright battles, piracy and more.