A research paper analyzing 260 unique free live-streaming (FLS) sports domains uncovered systemic security risks, including drive-by downloads delivering persistent malware, and widespread privacy violations, including invasive device fingerprinting that disregards privacy regulations such as the EU’s General Data Protection Regulation (GDPR).
Canadian academic researchers mapped the platform ecosystem’s resilient infrastructure, identifying eight clusters of co-owned domains. These findings implied that effective countermeasures must target the centralized infrastructure and ephemeral nature of the FLS ecosystem beyond traditional blocking
While other studies have investigated the risks associated with general digital piracy, and have mapped the FLS ecosystem to document the presence of malware and performance issues, the researchers observed that the challenges inherent to the FLS ecosystem have been largely underexplored in a longitudinal study.
Researchers decided to focus on direct harms to the millions of consumers who engage with these sites, such as malware attacks and invasion of privacy, which have received less scrutiny than the harms that piracy inflicts upon rights holders.
One reason is that many of these illegal sites are of a ‘pop-up’ nature, only existing during an event. Not only does this exploit the sense of urgency felt by consumers; it also reduces the likelihood of detection by automated Web crawlers.
Statistical analysis
The researchers performed a broad analysis of security threats across hundreds of FLS sites, revealing a diverse and adaptive landscape of attacks ranging from phishing schemes to sophisticated malware delivery. They also documented the specific post-infection behavior of malware delivered via FLS platforms, detailing their persistence mechanisms and data exfiltration techniques.
They conducted a multi-vantage point analysis of the FLS tracking ecosystem from four distinct geographic regions, demonstrating that invasive device fingerprinting is applied uniformly with a disregard for regional privacy laws like the GDPR; and used publisher-specific IDs to uncover eight clusters of co-owned FLS domains, revealing their consolidated and resilient illicit infrastructure.
Research findings
The researchers found that FLS users are exposed to a diverse range of security and privacy threats. About 17.5% of the FLS aggregators had more than 10 million visits between April and June 2025, with approximately 60% averaging 3.83 million site visits.
They found that malicious JavaScript was the most prevalent threat, detected on 32.6% of sites distributing UEFA Champions League (UCL) content, and 28.6% of sites distributing National Hockey League Stanley Cup Playoffs content.
Advertising exploits
The FLS ecosystem’s primary revenue model is aggressive advertising, which exposes users to a chaotic and high-risk environment.
Abut 12% of sites under study used scripts containing logic to detect ad-blockers and to block video playback. Manual inspection revealed that virtually any interaction with a page—clicking the video player, adjusting volume, or even clicking empty space—triggered a barrage of pop-up ads. These redirects led to a wide range of high-risk destinations, including gambling sites, adult content, and cryptocurrency scams.
Privacy violation
FLS sites also make extensive use of tracking cookies without user consent. Analysis of the 260 FLS domains identified over 1,500 unique third-party trackers, with some individual sites setting as many as 70 trackers. Concerningly, not a single FLS site in our dataset provided a clear cookie consent banner or a readily accessible privacy policy.
By analyzing Google Publisher IDs, researchers found that llegal FLS operators manage consolidated portfolios of domains to target specific user communities and, crucially, to ensure service continuity as if one domain is targeted by a takedown notice during a game, the underlying infrastructure remains intact, and users can be shifted to co-owned backup domains.
Methodologies are detailed in the study (linked below)
Why it matters
While free live sports streaming (FLS) service platforms are widely perceived as risky, the specific threats they pose have lacked large-scale empirical analysis. This paper represents a comprehensive study of the FLS ecosystem, conducted during two major international sporting events (UEFA Champions League playoffs and NHL Stanley Cup Playoffs, 2024–2025 season).
The analysis of advertising models recalls similar findings by the Digital Citizens Alliance, in a report published in 2021 called Breaking (B)ads, which found that ad revenue accrued by illegal operations was in the billions of dollars.
Further reading
An In-Depth Measurement of Security and Privacy Risks in the Free Live Sports Streaming Ecosystem. Research paper. Published January 1, 2026. by Nithiya Muruganandham, Sina Keshvadi (Department of Engineering, Thompson Rivers University, Kamloops, BC, Canada), and Yogesh Sharma (Faculty of Engineering and Applied Science, University of Regina, Regina, Saskatchewan, Canada). Published via Journal of Cybersecurity and Privacy, MPDI
