Underground IPTV Network Uncovered by Threat Intelligence Tool Silent Push

Analysts at the threat intelligence tool Silent Push purport to have uncovered a substantial illicit IPTV network operation. Spanning over a thousand domains and ten thousand IP addresses, the said network allegedly infringes upon content rights held by Amazon, Netflix, Disney, Premier League and other major entities. Interestingly, the delineation of an individual and associated companies in Afghanistan comes as quite the revelation.

Internet platform research and inquiry processes can be immensely labor-intensive. Silent Push, a threat intelligence tool, integrates multiple investigation tools within a user-friendly graphical interface that far exceeds the capabilities of its individual components. It provides the ability to connect historical data to create the bigger picture even when certain evidence is absent on the active internet.

Basic tasks such as WHOIS lookups are streamlined with the platform, and the visual presentation is greatly enhanced. Conveniently, the entire infrastructure supporting IPTV networks can be mapped out with only a handful of technical identifiers. The tool’s ability facilitates beyond normal parameters.

The findings of an investigation released recently purport to define a large IPTV network and an associated individual at the center of operations. The probe initiated with a domain name – premiumplustv[.]xyz, which had been flagged as a host for infringing content. With the utilization of certain techniques, the service was related to a network of 10,000 IP addresses and 1,100 domains.

Among this network, one domain was particularly notable. The xuione[.]com domain represents a significant IPTV service that is implicated in supporting numerous unauthorized content schemes. Information available indicated that the registrant was located in Herat, Afghanistan. In a peculiar turn of events, all Afghan references were eliminated from the records in March 2025. An individual, presumably having a close connection with the illicit IPTV network, was fingered during the process.

The aforementioned service is suspected of unauthorized content exploitation from the world’s top entertainment and sports brands. Much of the methodologies employed to carry out the investigation into the piracy network and to establish the individual’s identity cannot be disclosed to the public.

In the end, the xuione[.]com domain was linked to IP address 158.220.114[.]199, reportedly used by a number of supposed IPTV-related services such as streamxpert[.]net, jvtvlive[.]xyz, and tiyanhost[.]com. The last one, tiyanhost[.]com, is a business entity based in Herat, Afghanistan.

Websites associated with XuiOne display a WhatsApp number carrying an Afghan country code, found to be directly linked to the same individual, researchers believe. Over time, and with more data assembled, researchers began to confidently assess this person’s role in the operations of the pirated network.

It is not clear what more evidence was accrued, but it’s plausible that this information is already being disseminated to anti-piracy companies and other involved parties. As of now, to our understanding, the service is still active.

Enforcing action in Afghanistan could face numerous hurdles, given the country’s not very advanced technical infrastructure. The service in question has demonstrated a substantial presence within Europe.

While web-based investigative databases are a valuable tool, their accuracy can occasionally be questionable and throw off the investigators. Regardless, the discovery of this IPTV network highlights the capabilities of tools like Silent Push in identifying and tracking illegal operations online.