By ByteBot
The Department of Justice seized nearly 400 domains illegally streaming the 2026 FIFA World Cup, announcing the takedown under Operation Offsides on June 29. That’s five times the scale of the 2022 Qatar crackdown, when 78 domains were taken down. But the headline number undersells the more important story: those free streams aren’t just legally questionable — they’re actively dangerous, and the people using them rarely hear that part.
What Happened
The National Intellectual Property Rights Coordination Center (NIPRCC) and Homeland Security Investigations (HSI) led the operation, filing a seizure warrant in the Eastern District of Virginia. Investigators identified the domains with help from FIFA, NBCUniversal, Warner Bros., beIN Media, the UFC, and the Motion Picture Association’s Alliance for Creativity and Entertainment (ACE).
The seized domains span .com, .name, and .org — all maintained by U.S.-based registries Verisign and the Public Interest Registry, which made the takedowns fast. Servers and supporting infrastructure in Peru and Bulgaria were also targeted, with additional enforcement actions in Croatia, Romania, Poland, and Colombia through the International Computer Hacking and Intellectual Property (ICHIP) network.
How Domain Seizures Work
When a court issues a seizure warrant for a domain, the U.S. government directs Verisign (for .com/.net) or the Public Interest Registry (for .org) to change the domain’s nameservers. Traffic that previously reached the piracy site now resolves to seizedservers.com — the standard DOJ landing page confirming the seizure.
The Eastern District of Virginia is the default venue for IP enforcement cases. It sits near federal agencies, has judges experienced in intellectual property law, and processes these warrants quickly. For .com domains specifically, it’s the most efficient legal path available.
The Malware Risk Nobody’s Talking About
HSI’s warning deserves more attention than it’s getting: the streams can expose viewers to malware and connections capable of stealing financial data. Security researchers have found that illegal streaming platforms carry malware risk roughly 65 times higher than legitimate sites. Roughly half of tested illicit streaming apps contain malware — credential stealers, banking trojans, spyware, and remote access tools.
During the World Cup specifically, threat intelligence researchers flagged active campaigns deploying banking malware through fake ticket sites, alongside credential theft targeting Peacock and streaming accounts. Someone clicking a free stream link to avoid an $11 monthly subscription is taking on meaningfully more financial risk than the subscription costs.
This is the bigger issue, not the copyright angle — which exposes individual viewers to essentially no personal legal risk. The malware angle exposes them to real financial harm. Enforcement agencies have started leading with this messaging, and they’re right to.
Why This Doesn’t Solve the Problem
Domain seizures are an important disruption tool, but a limited one. Piracy operators register backup domains in advance and rotate to them when a primary gets seized. Country-code TLDs like .to, .tv, and .cc sit outside U.S. jurisdiction. Telegram channels notify subscribers of new links within hours of a takedown.
The $67 billion annual loss to global IPTV piracy provides enormous financial incentive to rebuild fast. Enforcement is evolving in the right direction — increasingly targeting payment processors, advertising networks, and the individuals operating these services rather than just domains. Seizing 400 domains is a meaningful disruption. It is not a solution.
How to Watch Legally
For the 2026 World Cup, English-language rights belong to FOX (broadcast) and the Fox Sports app. Spanish-language coverage is on Telemundo — 92 of 104 matches free over-the-air — and Peacock Premium ($10.99/month) for all 104 matches live. Peacock Premium Plus ($16.99/month) is the only streaming option with Dolby Vision HDR and Atmos.
The Bigger Picture
The jump from 78 domains in 2022 to nearly 400 in 2026 reflects a real investment in enforcement infrastructure — six-country coordination, relationships with major rights holders, and an established legal playbook. The next phase, targeting payment systems and operators directly, will be harder but more durable. Domain seizures win news cycles. Payment disruption wins the war.
