The U.S. Justice Department’s Criminal Division has seized nearly 400 web domains used for illegally streaming matches at the FIFA World Cup.
These websites provided visitors with unauthorized real-time streams of 2026 World Cup matches, in violation of U.S. copyright law.
The action was coordinated with international partners through the International Computer Hacking and Intellectual Property (ICHIP) Network of U.S. prosecutors, with authorities targeting servers and domains in Peru and Bulgaria, as well as in Croatia, Romania, Poland, and Colombia.
“This website has been seized by law enforcement authorities as part of Operation Offsides, a coordinated global effort led by the National Intellectual Property Rights Coordination Center with international law enforcement and private sector partners,” a banner displayed on the seized domains reads.
“This action was taken to protect consumers and enforce intellectual property rights worldwide.”
Law enforcement agents identified the seized domains using leads provided by U.S. authorities, with assistance from FIFA (Fédération Internationale de Football Association), beIN Media Group, NBCUniversal, the Motion Picture Association’s Alliance for Creativity and Entertainment (ACE), Ultimate Fighting Championship (UFC), and Warner Bros.
“These streamers not only violate copyright laws but also expose viewers to potential threats — including malware attacks and unsecure connections that can compromise personal and financial data,” said Special Agent in Charge Eric Weindorf of ICE Homeland Security Investigations (HSI) Washington Field Office on Friday.
The Friday announcement comes after the FBI warned in May of fake websites impersonating FIFA ahead of the 2026 World Cup, to sell fake tickets and hospitality packages, steal personal and financial information, and push other scams and fraud attempts related to the event.
Last week, ACE, UEFA, UC3, and Mexican authorities shut down 44 domains part of a major sports piracy ring linked to the illegal PirloTV streaming platform. Collectively, these domains generated more than 950 million visits every year, including around 230 million visits from Mexico alone.
PirloTV aggregates and embeds links to unauthorized live sports streams, primarily soccer, and is notorious for aggressively migrating to new domains following takedown actions by authorities.
“The service primarily targeted viewers throughout Latin America, with particularly strong audiences in Mexico and Colombia, while also attracting significant traffic from markets such as Spain and the United States,” ACE said at the time.
PirloTV is reportedly used to watch World Cup 2026 matches on mobile devices, as platform-specific access restrictions and broadcasting rights fragmentation complicate legal access to the content.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
