The anime industry has experienced a surge in popularity, but this growth is not limited to legal streaming platforms.

A significant portion of the demand for anime arrives from unofficial channels, with several major pirate websites dedicated solely to anime content.

This includes HiAnime.to, which, with an estimated 150 million+ monthly visits is one of the most trafficked websites on the Internet. However, a message now displayed across the site’s main domains suggests that may be about to change.

“It’s time to say goodbye. And thank you for a wonderful journey with great moments,” the message reads, also shown on other official domains, such as HiAnime.me.

The HiAnime name first appeared under its current name in March 2024, as a rebranding of the Aniwatch website, which was known as Zoro.to before that. Since then, its popularity has continued to grow. Until now.

Fear, Uncertainty, and Doubt

While the goodbye message seems crystal clear, the site’s official Discord server and Reddit community don’t appear convinced. While it is unclear whether the operators are moderating these communities, the mods and admins caution people not to jump to conclusions.

“We are currently aware of the situation and are actively reviewing the matter. We are monitoring the situation and attempting to obtain further clarification as of the moment,” a status message in the Discord channel reads.

At the same time, a Reddit thread urges people not to panic and stop sharing unverified information.

Legal Pressure

At TorrentFreak, we can verify that the “goodbye” message posted on the official HiAnime domains reads like a shutdown notice. Time will tell whether the site will indeed remain offline. It’s also an option that it will rebrand yet again.

HiAnime has had its fair share of legal pressure over the past two years. The MPA’s Alliance for Creativity and Entertainment has targeted the site on multiple occasions, for example.

Earlier this month, the pressure further increased as the U.S. Trade Representative added HiAnime to its annual list of notorious piracy markets.

There is no evidence to suggest that the legal pressure has anything to do with the goodbye message on the site, but it would be a fitting explanation. If any new information comes in, we will update this article accordingly.

From: TF , for the latest news on copyright battles, piracy and more.

The anime industry has experienced a surge in popularity, but this growth is not limited to legal streaming platforms.

A significant portion of the demand for anime arrives from unofficial channels, with several major pirate websites dedicated solely to anime content.

This includes HiAnime.to, which, with an estimated 150 million+ monthly visits is one of the most trafficked websites on the Internet. However, a message now displayed across the site’s main domains suggests that may be about to change.

“It’s time to say goodbye. And thank you for a wonderful journey with great moments,” the message reads, also shown on other official domains, such as HiAnime.me.

The HiAnime name first appeared under its current name in March 2024, as a rebranding of the Aniwatch website, which was known as Zoro.to before that. Since then, its popularity has continued to grow. Until now.

Fear, Uncertainty, and Doubt

While the goodbye message seems crystal clear, the site’s official Discord server and Reddit community don’t appear convinced. While it is unclear whether the operators are moderating these communities, the mods and admins caution people not to jump to conclusions.

“We are currently aware of the situation and are actively reviewing the matter. We are monitoring the situation and attempting to obtain further clarification as of the moment,” a status message in the Discord channel reads.

At the same time, a Reddit thread urges people not to panic and stop sharing unverified information.

Legal Pressure

At TorrentFreak, we can verify that the “goodbye” message posted on the official HiAnime domains reads like a shutdown notice. Time will tell whether the site will indeed remain offline. It’s also an option that it will rebrand yet again.

HiAnime has had its fair share of legal pressure over the past two years. The MPA’s Alliance for Creativity and Entertainment has targeted the site on multiple occasions, for example.

Earlier this month, the pressure further increased as the U.S. Trade Representative added HiAnime to its annual list of notorious piracy markets.

There is no evidence to suggest that the legal pressure has anything to do with the goodbye message on the site, but it would be a fitting explanation. If any new information comes in, we will update this article accordingly.

From: TF , for the latest news on copyright battles, piracy and more.

The anime industry has experienced a surge in popularity, but this growth is not limited to legal streaming platforms.

A significant portion of the demand for anime arrives from unofficial channels, with several major pirate websites dedicated solely to anime content.

This includes HiAnime.to, which, with an estimated 150 million+ monthly visits is one of the most trafficked websites on the Internet. However, a message now displayed across the site’s main domains suggests that may be about to change.

“It’s time to say goodbye. And thank you for a wonderful journey with great moments,” the message reads, also shown on other official domains, such as HiAnime.me.

The HiAnime name first appeared under its current name in March 2024, as a rebranding of the Aniwatch website, which was known as Zoro.to before that. Since then, its popularity has continued to grow. Until now.

Fear, Uncertainty, and Doubt

While the goodbye message seems crystal clear, the site’s official Discord server and Reddit community don’t appear convinced. While it is unclear whether the operators are moderating these communities, the mods and admins caution people not to jump to conclusions.

“We are currently aware of the situation and are actively reviewing the matter. We are monitoring the situation and attempting to obtain further clarification as of the moment,” a status message in the Discord channel reads.

At the same time, a Reddit thread urges people not to panic and stop sharing unverified information.

Legal Pressure

At TorrentFreak, we can verify that the “goodbye” message posted on the official HiAnime domains reads like a shutdown notice. Time will tell whether the site will indeed remain offline. It’s also an option that it will rebrand yet again.

HiAnime has had its fair share of legal pressure over the past two years. The MPA’s Alliance for Creativity and Entertainment has targeted the site on multiple occasions, for example.

Earlier this month, the pressure further increased as the U.S. Trade Representative added HiAnime to its annual list of notorious piracy markets.

There is no evidence to suggest that the legal pressure has anything to do with the goodbye message on the site, but it would be a fitting explanation. If any new information comes in, we will update this article accordingly.

From: TF , for the latest news on copyright battles, piracy and more.

After spending just 20 minutes watching piracy-related uploads on Instagram during the past few weeks, the hard reality of the Indian piracy scene is impossible to ignore.

In the wake of enforcement action against iBomma, a sprawling streaming platform supposedly blocked back in 2022, it transpires that people refer to the site’s operator using his real name. The media describe Immadi Ravi as a piracy ‘kingpin’, yet to his hyper-enthusiastic fan base, he’s somewhat of a hero, someone to admire and defend.

Since the 39-year-old is reportedly still behind bars following his arrest at the hands of the Hyderabad Cyber Crime Police during November, the defense aspect may yet find itself put to the test.

iBomma Down, Bappam TV Down, Other Platforms Too

On November 15, Telangana police arrested Ravi after reportedly monitoring his activities for the previous three months. The authorities say he operated iBomma from the Caribbean but managed to apprehend him in Kukatpally, Hyderabad, after learning he’d be flying in from France. Ravi reportedly fled the country on October 1 after a case was filed against him.

At a post-arrest press conference attended by movie suits, directors, producers, and actors, the name and reputation of iBomma founder were placed on the line and then dragged through the mud.

The claim that Ravi had amassed the personal data of around 5 million users, provided a backdrop of data theft and cybercrime to which other details were soon revealed.

Ravi’s 21,000-title pirate movie library was slammed for its major contribution to the losses suffered by the industry. In 2024 alone, losses reportedly amounted to 3,700 crore; in U.S. dollars, that’s a significant amount of money: US$428 million, give or take.

Getting Rich, Making Mistakes

A student of computer science, Ravi reportedly pocketed Rs 30 crore (US$3.2 million) for himself, deposited in 35 bank accounts, held in cryptocurrency, and otherwise spent to fund a lavish lifestyle.

Yet, while massively successful, police implied that he wasn’t universally smart. When allegedly purchasing the initial iBomma domain from Njalla, the privacy-focused registrar founded by The Pirate Bay’s Peter Sunde, Ravi reportedly provided his real personal details and paid using a personal debit card.

“Since he used his own credentials, he cannot deny ownership of the domain,” ACP Srinivasulu said, perhaps forgetting that when acquiring a domain from Njalla, the service retains legal ownership – customers simply get to use them.

With the two named pirate operations out of action, other sites reportedly went dark too. That’s not unusual, since panic tends to spread rapidly when police start knocking on doors. In the early stages, it can be impossible for outsiders to differentiate between cautious downtime and the effects of a full blown raid. That doesn’t prevent people from trying to connect the dots, however.

iBomma and Bappam TV – Or Potentially More?

Describing a globe-trotting life and visits to new countries every week, Hyderabad Additional Commissioner of Police told reporters that Ravi regularly traveled overseas, including to meet with representatives of 1win and 1xBet, the gambling companies said to benefit from his pirate site businesses.

Officially reported as the operator of iBomma and Bappam TV, widespread unofficial claims state that Ravi was also behind pirate streaming platform MKVCinemas. The site reportedly went dark around the same time as iBomma and Bappam TV.

In a timely announcement issued Thursday, the Alliance for Creativity and Entertainment says it was responsible for the ‘dismantling’ of MKVCinemas and the shutdown of a “high-traffic drive-to-drive cloning tool” frequently used by piracy services in India and Indonesia.

“Collectively, the MKVCinemas domains accounted for 142.4 million global visits between 2024 and 2025. The piracy tool received 231.4 million visits in the same time period,” the ACE announcement reads.

“Following an extensive investigation, ACE identified the operator in Bihar, India, who agreed to shut down the operation and transfer 25 associated domains.”

Searching For Answers

There are at least dozens and conservatively well in excess of 100 MKVCinemas-branded domains, so when no domains are mentioned by name, determining which sites were shut down can prove challenging.

Ultimately, we were able to identify all 25 domains mentioned by ACE and a few others, all confirmed as linked to each other.

At the time of writing, eight domains have been fully transferred to ACE, but the number will almost certainly increase in the coming hours.

So are there any proven, likely, or even circumstantial links between MKVCinemas and iBomma?

Circumstantial Isn’t Good Enough, But India is a Very Big Place

We already knew that ACE was interested in MKVCinemas back in April 2025, as much was revealed in the documents supporting its application for a DMCA subpoena in the United States.

In India, ZeeTV obtained a blocking injunction ( CS(COMM) 650/2022 ) against iBomma in 2022, which included an order to cancel registration of the domain zee5.org, which appears to have been designed to irritate more than anything else.

Whether ACE or ZeeTV discovered anything useful via the DMCA subpoena and injunction is unknown. That being said, a detail in the ACE statement seems like it could be important.

“Following an extensive investigation, ACE identified the operator in Bihar, India .”

In the wake of Ravi’s arrest, actor Konidela Chiranjeevi (known locally as Mega Star), fellow actor Nagarjuna Akkineni, and film director SS Rajamouli, met with Hyderabad city police commissioner VC Sajjanar. According to Indian Express , the men expressed their gratitude, with Chiranjeevi noting how movies had “suffered greatly” while pirates took money from the industry’s pockets.

“I heard a 22-year-old from Bihar was earning huge money through piracy. It’s unbearable,” he said.

Hardly conclusive, but we suspect things may be a little more bearable now.

From: TF , for the latest news on copyright battles, piracy and more.

After spending just 20 minutes watching piracy-related uploads on Instagram during the past few weeks, the hard reality of the Indian piracy scene is impossible to ignore.

In the wake of enforcement action against iBomma, a sprawling streaming platform supposedly blocked back in 2022, it transpires that people refer to the site’s operator using his real name. The media describe Immadi Ravi as a piracy ‘kingpin’, yet to his hyper-enthusiastic fan base, he’s somewhat of a hero, someone to admire and defend.

Since the 39-year-old is reportedly still behind bars following his arrest at the hands of the Hyderabad Cyber Crime Police during November, the defense aspect may yet find itself put to the test.

iBomma Down, Bappam TV Down, Other Platforms Too

On November 15, Telangana police arrested Ravi after reportedly monitoring his activities for the previous three months. The authorities say he operated iBomma from the Caribbean but managed to apprehend him in Kukatpally, Hyderabad, after learning he’d be flying in from France. Ravi reportedly fled the country on October 1 after a case was filed against him.

At a post-arrest press conference attended by movie suits, directors, producers, and actors, the name and reputation of iBomma founder were placed on the line and then dragged through the mud.

The claim that Ravi had amassed the personal data of around 5 million users, provided a backdrop of data theft and cybercrime to which other details were soon revealed.

Ravi’s 21,000-title pirate movie library was slammed for its major contribution to the losses suffered by the industry. In 2024 alone, losses reportedly amounted to 3,700 crore; in U.S. dollars, that’s a significant amount of money: US$428 million, give or take.

Getting Rich, Making Mistakes

A student of computer science, Ravi reportedly pocketed Rs 30 crore (US$3.2 million) for himself, deposited in 35 bank accounts, held in cryptocurrency, and otherwise spent to fund a lavish lifestyle.

Yet, while massively successful, police implied that he wasn’t universally smart. When allegedly purchasing the initial iBomma domain from Njalla, the privacy-focused registrar founded by The Pirate Bay’s Peter Sunde, Ravi reportedly provided his real personal details and paid using a personal debit card.

“Since he used his own credentials, he cannot deny ownership of the domain,” ACP Srinivasulu said, perhaps forgetting that when acquiring a domain from Njalla, the service retains legal ownership – customers simply get to use them.

With the two named pirate operations out of action, other sites reportedly went dark too. That’s not unusual, since panic tends to spread rapidly when police start knocking on doors. In the early stages, it can be impossible for outsiders to differentiate between cautious downtime and the effects of a full blown raid. That doesn’t prevent people from trying to connect the dots, however.

iBomma and Bappam TV – Or Potentially More?

Describing a globe-trotting life and visits to new countries every week, Hyderabad Additional Commissioner of Police told reporters that Ravi regularly traveled overseas, including to meet with representatives of 1win and 1xBet, the gambling companies said to benefit from his pirate site businesses.

Officially reported as the operator of iBomma and Bappam TV, widespread unofficial claims state that Ravi was also behind pirate streaming platform MKVCinemas. The site reportedly went dark around the same time as iBomma and Bappam TV.

In a timely announcement issued Thursday, the Alliance for Creativity and Entertainment says it was responsible for the ‘dismantling’ of MKVCinemas and the shutdown of a “high-traffic drive-to-drive cloning tool” frequently used by piracy services in India and Indonesia.

“Collectively, the MKVCinemas domains accounted for 142.4 million global visits between 2024 and 2025. The piracy tool received 231.4 million visits in the same time period,” the ACE announcement reads.

“Following an extensive investigation, ACE identified the operator in Bihar, India, who agreed to shut down the operation and transfer 25 associated domains.”

Searching For Answers

There are at least dozens and conservatively well in excess of 100 MKVCinemas-branded domains, so when no domains are mentioned by name, determining which sites were shut down can prove challenging.

Ultimately, we were able to identify all 25 domains mentioned by ACE and a few others, all confirmed as linked to each other.

At the time of writing, eight domains have been fully transferred to ACE, but the number will almost certainly increase in the coming hours.

So are there any proven, likely, or even circumstantial links between MKVCinemas and iBomma?

Circumstantial Isn’t Good Enough, But India is a Very Big Place

We already knew that ACE was interested in MKVCinemas back in April 2025, as much was revealed in the documents supporting its application for a DMCA subpoena in the United States.

In India, ZeeTV obtained a blocking injunction ( CS(COMM) 650/2022 ) against iBomma in 2022, which included an order to cancel registration of the domain zee5.org, which appears to have been designed to irritate more than anything else.

Whether ACE or ZeeTV discovered anything useful via the DMCA subpoena and injunction is unknown. That being said, a detail in the ACE statement seems like it could be important.

“Following an extensive investigation, ACE identified the operator in Bihar, India .”

In the wake of Ravi’s arrest, actor Konidela Chiranjeevi (known locally as Mega Star), fellow actor Nagarjuna Akkineni, and film director SS Rajamouli, met with Hyderabad city police commissioner VC Sajjanar. According to Indian Express , the men expressed their gratitude, with Chiranjeevi noting how movies had “suffered greatly” while pirates took money from the industry’s pockets.

“I heard a 22-year-old from Bihar was earning huge money through piracy. It’s unbearable,” he said.

Hardly conclusive, but we suspect things may be a little more bearable now.

From: TF , for the latest news on copyright battles, piracy and more.

After spending just 20 minutes watching piracy-related uploads on Instagram during the past few weeks, the hard reality of the Indian piracy scene is impossible to ignore.

In the wake of enforcement action against iBomma, a sprawling streaming platform supposedly blocked back in 2022, it transpires that people refer to the site’s operator using his real name. The media describe Immadi Ravi as a piracy ‘kingpin’, yet to his hyper-enthusiastic fan base, he’s somewhat of a hero, someone to admire and defend.

Since the 39-year-old is reportedly still behind bars following his arrest at the hands of the Hyderabad Cyber Crime Police during November, the defense aspect may yet find itself put to the test.

iBomma Down, Bappam TV Down, Other Platforms Too

On November 15, Telangana police arrested Ravi after reportedly monitoring his activities for the previous three months. The authorities say he operated iBomma from the Caribbean but managed to apprehend him in Kukatpally, Hyderabad, after learning he’d be flying in from France. Ravi reportedly fled the country on October 1 after a case was filed against him.

At a post-arrest press conference attended by movie suits, directors, producers, and actors, the name and reputation of iBomma founder were placed on the line and then dragged through the mud.

The claim that Ravi had amassed the personal data of around 5 million users, provided a backdrop of data theft and cybercrime to which other details were soon revealed.

Ravi’s 21,000-title pirate movie library was slammed for its major contribution to the losses suffered by the industry. In 2024 alone, losses reportedly amounted to 3,700 crore; in U.S. dollars, that’s a significant amount of money: US$428 million, give or take.

Getting Rich, Making Mistakes

A student of computer science, Ravi reportedly pocketed Rs 30 crore (US$3.2 million) for himself, deposited in 35 bank accounts, held in cryptocurrency, and otherwise spent to fund a lavish lifestyle.

Yet, while massively successful, police implied that he wasn’t universally smart. When allegedly purchasing the initial iBomma domain from Njalla, the privacy-focused registrar founded by The Pirate Bay’s Peter Sunde, Ravi reportedly provided his real personal details and paid using a personal debit card.

“Since he used his own credentials, he cannot deny ownership of the domain,” ACP Srinivasulu said, perhaps forgetting that when acquiring a domain from Njalla, the service retains legal ownership – customers simply get to use them.

With the two named pirate operations out of action, other sites reportedly went dark too. That’s not unusual, since panic tends to spread rapidly when police start knocking on doors. In the early stages, it can be impossible for outsiders to differentiate between cautious downtime and the effects of a full blown raid. That doesn’t prevent people from trying to connect the dots, however.

iBomma and Bappam TV – Or Potentially More?

Describing a globe-trotting life and visits to new countries every week, Hyderabad Additional Commissioner of Police told reporters that Ravi regularly traveled overseas, including to meet with representatives of 1win and 1xBet, the gambling companies said to benefit from his pirate site businesses.

Officially reported as the operator of iBomma and Bappam TV, widespread unofficial claims state that Ravi was also behind pirate streaming platform MKVCinemas. The site reportedly went dark around the same time as iBomma and Bappam TV.

In a timely announcement issued Thursday, the Alliance for Creativity and Entertainment says it was responsible for the ‘dismantling’ of MKVCinemas and the shutdown of a “high-traffic drive-to-drive cloning tool” frequently used by piracy services in India and Indonesia.

“Collectively, the MKVCinemas domains accounted for 142.4 million global visits between 2024 and 2025. The piracy tool received 231.4 million visits in the same time period,” the ACE announcement reads.

“Following an extensive investigation, ACE identified the operator in Bihar, India, who agreed to shut down the operation and transfer 25 associated domains.”

Searching For Answers

There are at least dozens and conservatively well in excess of 100 MKVCinemas-branded domains, so when no domains are mentioned by name, determining which sites were shut down can prove challenging.

Ultimately, we were able to identify all 25 domains mentioned by ACE and a few others, all confirmed as linked to each other.

At the time of writing, eight domains have been fully transferred to ACE, but the number will almost certainly increase in the coming hours.

So are there any proven, likely, or even circumstantial links between MKVCinemas and iBomma?

Circumstantial Isn’t Good Enough, But India is a Very Big Place

We already knew that ACE was interested in MKVCinemas back in April 2025, as much was revealed in the documents supporting its application for a DMCA subpoena in the United States.

In India, ZeeTV obtained a blocking injunction ( CS(COMM) 650/2022 ) against iBomma in 2022, which included an order to cancel registration of the domain zee5.org, which appears to have been designed to irritate more than anything else.

Whether ACE or ZeeTV discovered anything useful via the DMCA subpoena and injunction is unknown. That being said, a detail in the ACE statement seems like it could be important.

“Following an extensive investigation, ACE identified the operator in Bihar, India .”

In the wake of Ravi’s arrest, actor Konidela Chiranjeevi (known locally as Mega Star), fellow actor Nagarjuna Akkineni, and film director SS Rajamouli, met with Hyderabad city police commissioner VC Sajjanar. According to Indian Express , the men expressed their gratitude, with Chiranjeevi noting how movies had “suffered greatly” while pirates took money from the industry’s pockets.

“I heard a 22-year-old from Bihar was earning huge money through piracy. It’s unbearable,” he said.

Hardly conclusive, but we suspect things may be a little more bearable now.

From: TF , for the latest news on copyright battles, piracy and more.

Anti-piracy groups provide regular reminders that pirate sites expose users to malware and related security risks. In some cases, no action is required for users to come to harm, all they have to do is visit a malicious site.

While not the most common route of infection, under the right circumstances that can indeed happen. Yet something we saw for ourselves this week may go even further than that.

When blocking measures are deployed against dozens of sites, there’s a period of uncertainty in which many pirates are traditionally less cautious about visiting alternative sites. For those who benefit from internet users clicking first and thinking later, there’s arguably no better time to target pirates. In the context of recent developments, targeting pirates before they even set foot on a pirate site, using a distraction they may already be familiar with, is something we haven’t seen before.

So why now?

Fewer Options For UK Pirates

Around early September, Cloudflare suddenly began blocking pirate sites in the UK . Cloudflare’s unique position in the market is certainly not lost on the major movie and TV studios, and it’s a matter of record that they view voluntary cooperation as the best way forward.

What prevented Cloudflare from digging a trench in opposition to site-blocking hasn’t been revealed. However, since adversarial cases at the High Court tend to get quite noisy, and Cloudflare appears to have been added to existing, long-running blocking injunctions rather more quietly, something else may have happened.

If the instructions are the same as those issued to ISPs, Cloudflare’s blocking targets include dozens of branded pirate streaming sites, in some cases clustered under common control or ownership, plus the countless domains they have already deployed and are yet to deploy, to circumvent UK site blocking measures.

Exploiting The Fallout from Blocking Measures

During mid-November, an existing blocking injunction was updated with the addition of approximately 150 fully qualified domain names (FQDNs), which precisely identify resources using their hostnames, domain names, and top-level domains. The ‘pirate brands’ involved are as high profile as they come: Sflix, GoMovies, 123movies, Solarmovies, Fmovies, Soap2Day, Hurawatch, and Bflix, plus more recent upcoming brands such as Boomflix and Moonflix.

Early this month, a notice from the MPA referencing High Court injunction application IL-2021-000027 was posted by Cloudflare to the Lumen Database. Originally granted in 2021, a note on Lumen suggests that the High Court issued an order on December 8, 2025, presumably to formalize Cloudflare’s role in blocking associated domains.

While we were carrying out tests and making inquiries to determine Cloudflare’s response, a familiar notice appeared in connection with a domain that felt familiar. In the company of Sflix, MyFlixer, Bflix and Flixbaba, Flixerplus stood out no more than Cucuflix or Flixmomo.

For UK pirates tired of ISP blocking, now with added Cloudflare and the joy of intermittent VPN blocking on top, it may even represent hope. Unfortunately, the notice below suggests otherwise.

Aside from some unusual additional characters, the Error HTTP 451 notice is similar to previous blocking notices published by Cloudflare for the same reasons. A cautious hover over the link to the order on the Lumen Database revealed nothing untoward either.

Yet, near the bottom, why would Cloudflare “Thank you for your !” ?

Not a Cloudflare Notice, But a Serious Distraction

While the Flixerplus domain has a relatively small online footprint, it’s not new. This means it doesn’t trigger precautionary security features that deny access to DNS for newly registered domains. The WHOIS records raise no alarms either.

The 451 notice being served over HTTP, instead of HTTPS, is a big red flag, however. The same goes for the questionable domains the site attempts to access in the background, and what appears to be an iframe loading a script (or scripts) from an external source. As far as we can tell, regular anti-virus vendors have yet to detect this.

URLScan reveals some of the broader picture. URLQuery reveals that the same attack also exists elsewhere , in connection with similarly branded sites.

DNS providers have already taken action against an underlying network, but whether that will have enough impact is currently unknown.

At the time of writing, Cloudflare has not responded to our request for comment. As for Flixerplus, it may stick around for a while. Unlike the domains Cloudflare will likely be required to block, Flixerplus doesn’t appear to be listed for blocking in the UK, or indeed anywhere else.

From: TF , for the latest news on copyright battles, piracy and more.

Anti-piracy groups provide regular reminders that pirate sites expose users to malware and related security risks. In some cases, no action is required for users to come to harm, all they have to do is visit a malicious site.

While not the most common route of infection, under the right circumstances that can indeed happen. Yet something we saw for ourselves this week may go even further than that.

When blocking measures are deployed against dozens of sites, there’s a period of uncertainty in which many pirates are traditionally less cautious about visiting alternative sites. For those who benefit from internet users clicking first and thinking later, there’s arguably no better time to target pirates. In the context of recent developments, targeting pirates before they even set foot on a pirate site, using a distraction they may already be familiar with, is something we haven’t seen before.

So why now?

Fewer Options For UK Pirates

Around early September, Cloudflare suddenly began blocking pirate sites in the UK . Cloudflare’s unique position in the market is certainly not lost on the major movie and TV studios, and it’s a matter of record that they view voluntary cooperation as the best way forward.

What prevented Cloudflare from digging a trench in opposition to site-blocking hasn’t been revealed. However, since adversarial cases at the High Court tend to get quite noisy, and Cloudflare appears to have been added to existing, long-running blocking injunctions rather more quietly, something else may have happened.

If the instructions are the same as those issued to ISPs, Cloudflare’s blocking targets include dozens of branded pirate streaming sites, in some cases clustered under common control or ownership, plus the countless domains they have already deployed and are yet to deploy, to circumvent UK site blocking measures.

Exploiting The Fallout from Blocking Measures

During mid-November, an existing blocking injunction was updated with the addition of approximately 150 fully qualified domain names (FQDNs), which precisely identify resources using their hostnames, domain names, and top-level domains. The ‘pirate brands’ involved are as high profile as they come: Sflix, GoMovies, 123movies, Solarmovies, Fmovies, Soap2Day, Hurawatch, and Bflix, plus more recent upcoming brands such as Boomflix and Moonflix.

Early this month, a notice from the MPA referencing High Court injunction application IL-2021-000027 was posted by Cloudflare to the Lumen Database. Originally granted in 2021, a note on Lumen suggests that the High Court issued an order on December 8, 2025, presumably to formalize Cloudflare’s role in blocking associated domains.

While we were carrying out tests and making inquiries to determine Cloudflare’s response, a familiar notice appeared in connection with a domain that felt familiar. In the company of Sflix, MyFlixer, Bflix and Flixbaba, Flixerplus stood out no more than Cucuflix or Flixmomo.

For UK pirates tired of ISP blocking, now with added Cloudflare and the joy of intermittent VPN blocking on top, it may even represent hope. Unfortunately, the notice below suggests otherwise.

Aside from some unusual additional characters, the Error HTTP 451 notice is similar to previous blocking notices published by Cloudflare for the same reasons. A cautious hover over the link to the order on the Lumen Database revealed nothing untoward either.

Yet, near the bottom, why would Cloudflare “Thank you for your !” ?

Not a Cloudflare Notice, But a Serious Distraction

While the Flixerplus domain has a relatively small online footprint, it’s not new. This means it doesn’t trigger precautionary security features that deny access to DNS for newly registered domains. The WHOIS records raise no alarms either.

The 451 notice being served over HTTP, instead of HTTPS, is a big red flag, however. The same goes for the questionable domains the site attempts to access in the background, and what appears to be an iframe loading a script (or scripts) from an external source. As far as we can tell, regular anti-virus vendors have yet to detect this.

URLScan reveals some of the broader picture. URLQuery reveals that the same attack also exists elsewhere , in connection with similarly branded sites.

DNS providers have already taken action against an underlying network, but whether that will have enough impact is currently unknown.

At the time of writing, Cloudflare has not responded to our request for comment. As for Flixerplus, it may stick around for a while. Unlike the domains Cloudflare will likely be required to block, Flixerplus doesn’t appear to be listed for blocking in the UK, or indeed anywhere else.

From: TF , for the latest news on copyright battles, piracy and more.

Anti-piracy groups provide regular reminders that pirate sites expose users to malware and related security risks. In some cases, no action is required for users to come to harm, all they have to do is visit a malicious site.

While not the most common route of infection, under the right circumstances that can indeed happen. Yet something we saw for ourselves this week may go even further than that.

When blocking measures are deployed against dozens of sites, there’s a period of uncertainty in which many pirates are traditionally less cautious about visiting alternative sites. For those who benefit from internet users clicking first and thinking later, there’s arguably no better time to target pirates. In the context of recent developments, targeting pirates before they even set foot on a pirate site, using a distraction they may already be familiar with, is something we haven’t seen before.

So why now?

Fewer Options For UK Pirates

Around early September, Cloudflare suddenly began blocking pirate sites in the UK . Cloudflare’s unique position in the market is certainly not lost on the major movie and TV studios, and it’s a matter of record that they view voluntary cooperation as the best way forward.

What prevented Cloudflare from digging a trench in opposition to site-blocking hasn’t been revealed. However, since adversarial cases at the High Court tend to get quite noisy, and Cloudflare appears to have been added to existing, long-running blocking injunctions rather more quietly, something else may have happened.

If the instructions are the same as those issued to ISPs, Cloudflare’s blocking targets include dozens of branded pirate streaming sites, in some cases clustered under common control or ownership, plus the countless domains they have already deployed and are yet to deploy, to circumvent UK site blocking measures.

Exploiting The Fallout from Blocking Measures

During mid-November, an existing blocking injunction was updated with the addition of approximately 150 fully qualified domain names (FQDNs), which precisely identify resources using their hostnames, domain names, and top-level domains. The ‘pirate brands’ involved are as high profile as they come: Sflix, GoMovies, 123movies, Solarmovies, Fmovies, Soap2Day, Hurawatch, and Bflix, plus more recent upcoming brands such as Boomflix and Moonflix.

Early this month, a notice from the MPA referencing High Court injunction application IL-2021-000027 was posted by Cloudflare to the Lumen Database. Originally granted in 2021, a note on Lumen suggests that the High Court issued an order on December 8, 2025, presumably to formalize Cloudflare’s role in blocking associated domains.

While we were carrying out tests and making inquiries to determine Cloudflare’s response, a familiar notice appeared in connection with a domain that felt familiar. In the company of Sflix, MyFlixer, Bflix and Flixbaba, Flixerplus stood out no more than Cucuflix or Flixmomo.

For UK pirates tired of ISP blocking, now with added Cloudflare and the joy of intermittent VPN blocking on top, it may even represent hope. Unfortunately, the notice below suggests otherwise.

Aside from some unusual additional characters, the Error HTTP 451 notice is similar to previous blocking notices published by Cloudflare for the same reasons. A cautious hover over the link to the order on the Lumen Database revealed nothing untoward either.

Yet, near the bottom, why would Cloudflare “Thank you for your !” ?

Not a Cloudflare Notice, But a Serious Distraction

While the Flixerplus domain has a relatively small online footprint, it’s not new. This means it doesn’t trigger precautionary security features that deny access to DNS for newly registered domains. The WHOIS records raise no alarms either.

The 451 notice being served over HTTP, instead of HTTPS, is a big red flag, however. The same goes for the questionable domains the site attempts to access in the background, and what appears to be an iframe loading a script (or scripts) from an external source. As far as we can tell, regular anti-virus vendors have yet to detect this.

URLScan reveals some of the broader picture. URLQuery reveals that the same attack also exists elsewhere , in connection with similarly branded sites.

DNS providers have already taken action against an underlying network, but whether that will have enough impact is currently unknown.

At the time of writing, Cloudflare has not responded to our request for comment. As for Flixerplus, it may stick around for a while. Unlike the domains Cloudflare will likely be required to block, Flixerplus doesn’t appear to be listed for blocking in the UK, or indeed anywhere else.

From: TF , for the latest news on copyright battles, piracy and more.