Nearly 400 illegal World Cup 2026 streaming sites taken offline by US DOJ

US DOJ has seized nearly 400 domains

The sites were being used to illegally stream World Cup games

Users of the sites were exposed to malware, data theft, and other threats

Almost 400 domains have been seized as part of Operation Offsides - a coordinated global effort to take down sites illegally streaming the FIFA World Cup 2026.

The sites were seized by the US Justice Department's Criminal Division for violating copyright and intellectual property law.

The takedowns were coordinated by members of the International Computer Hacking and Intellectual Property (ICHIP) network.

US and friends enforce the offside rule

Many of the seized domains now display a banner explaining that the website was seized as part of Operation Offsides. “This action was taken to protect consumers and enforce intellectual property rights worldwide,” the banner states.

Back in May 2026, the FBI warned that thousands of domains were being registered ahead of the World Cup, with most set up with the intention to scam fans looking for cheap tickets, access to streaming services, and those looking for discounted merchandise. It appears that Operation Offside was focused on disrupting streaming sites in particular, rather than taking down the wider scam networks associated with these domains.

“We have seized hundreds of domains, used to illegally stream World Cup matches for profit, to disrupt the international networks that profit from the global popularity of the World Cup,” said Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division.

“This operation illustrates the Department’s respect for intellectual property rights and the responsibility of the United States as a host nation to protect the FIFA World Cup from criminals. The Criminal Division will continue to disrupt and, where appropriate, seek to prosecute these sites and the subjects responsible for this criminal activity.”

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In many cases, the networks of fake domains offering cheap or free access to streaming services are run by cybercriminals deliberately operating at a loss in order to attract users to their services. In return for accessing the streaming site, the domain will use the user’s local network as an exit node for the cybercriminal network, obscuring their traffic and making it appear legitimate.

Unfortunately for the user, who may think they have just found free access to every World Cup game, their network and IP address could be used to distribute malware, cybercriminal communications, and illegal content such as stolen data and exploitative materials - including child sex abuse material.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.