What happened
A major sports piracy network linked to PirloTV was disrupted in an enforcement action targeting 44 domains.
PirloTV is a network of websites that aggregates and embeds links to unauthorized live sports streams. The platform primarily focuses on soccer and replays feeds from licensed broadcasters depending on the event.
The platform does not directly stream content itself. Instead, it acts as an aggregation network for unauthorized live sports streams and is known for shifting to new domains after takedown actions.
The Alliance for Creativity and Entertainment worked with UEFA, UC3, and Mexican authorities to shut down the 44 domains. Collectively, the targeted domains generated more than 950 million visits worldwide each year.
Roughly 230 million of those annual visits came from Mexico alone. The service primarily targeted viewers across Latin America, with especially strong audiences in Mexico and Colombia. It also attracted traffic from Spain and the United States.
The action took place ahead of the UEFA Champions League final on May 30. With the FIFA World Cup underway, disrupting PirloTV domains could also affect the broader sports piracy ecosystem in Latin America.
PirloTV appears capable of quickly moving to new domains. At the time of reporting, some domains indexed by public search engines still offered illegal sports streams, including multiple live streams from channels such as ESPN, Fox Sports, TNT Sports, DSports, and TyC Sports.
UEFA became the first sports rights holder to join the Alliance for Creativity and Entertainment in October 2025. Since then, the organizations have worked together to identify operators, map piracy networks, investigate infrastructure, and coordinate with local law enforcement agencies.
The latest PirloTV action also marks ACE’s first collaboration with Mexico’s Institute of Industrial Property under a newly signed memorandum of understanding focused on strengthening anti-piracy cooperation.
Who is affected
PirloTV operators and users of the 44 seized domains are directly affected.
Sports fans who relied on PirloTV to access unauthorized streams may lose access to those domains, though the platform’s history of moving to new domains suggests replacement sites may appear.
Sports leagues, broadcasters, and rights holders are also affected because piracy networks undermine licensed distribution, advertising, subscriptions, and regional broadcasting agreements.
The broader digital enforcement ecosystem is affected because the action involved cooperation among ACE, UEFA, UC3, Mexican authorities, and Mexico’s Institute of Industrial Property.
Why CISOs should care
This is not a traditional enterprise breach, but it still matters for security leaders because piracy ecosystems often overlap with broader cyber risk. Unauthorized streaming sites can expose users to malicious ads, scams, credential theft, fake updates, and unsafe downloads.
For CISOs, the workplace risk is practical. Employees using corporate devices or networks to access piracy sites can introduce exposure through malicious redirects, browser abuse, suspicious extensions, and unwanted software.
The incident also shows how domain seizure and infrastructure mapping are used to disrupt online abuse networks. Similar methods are often applied against phishing, botnet, malware, and fraud infrastructure.
The platform’s ability to move to new domains reinforces a familiar defender challenge: takedowns can create disruption, but adversaries may rebuild quickly unless operators, infrastructure, monetization paths, and distribution channels are addressed together.
3 practical actions
- Block known piracy and unauthorized streaming domains: PirloTV domains generated large volumes of traffic and may continue shifting to new domains. CISOs should use DNS filtering, secure web gateways, and threat intelligence feeds to block known piracy and high-risk streaming domains on corporate networks.
- Warn employees about illegal streaming risks on work devices: Unauthorized sports streaming sites can expose users to malicious ads, fake updates, suspicious extensions, and credential theft. Security awareness should make clear that corporate devices should not be used for piracy or untrusted streaming.
- Monitor for risky browser and network behavior around streaming sites: Some PirloTV-linked domains remained indexed and active after the takedown. Security teams should watch for unusual redirects, unwanted browser extensions, suspicious downloads, and repeated access to newly registered streaming domains.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.