Scam Domains Related to 2026 FIFA World Cup

    Wednesday, September 10, 2025 In: Threat Research Print

    Date: 09/10/2025

    Severity: High

    Summary

    Threat actors are registering domains resembling the 2026 FIFA World Cup to host suspicious or malicious content With ticket access rolling out in phases over a year in advance, attackers are ramping up early via fraudulent sites. A spike in FIFA-related domain registrations was observed in June 2025, a year ahead of the event. While not all are malicious, many show suspicious behavior like domain squatting, gambling, and pirated streaming.

    Indicators of Compromise (IOC) List

    Domains\URLs : 

    fifa888myz.com

    fifaol4.com

    fifazhibo.me

    indobetworldcup.world

    worldcup2026.tips

    worldcupbettingodds.icu

    zhibo-fifacwc.com

    520worldcup.com

    fifacwc-zq-shijubei.com

    klikfifafun.club

    zh-fifaclub-cwc.com

    apkmobileklikfifa.xyz

    ar-fifa.com

    ​​fr-ru-fifaclub.com

    IP Address : 

    13.248.169.48

    76.223.54.146

    104.21.96.1

    104.21.16.1

    104.21.112.1

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection  

    Domains\URLs : 

    dstipaddress IN ("104.21.96.1","104.21.16.1","13.248.169.48","76.223.54.146","104.21.112.1") or srcipaddress IN ("104.21.96.1","104.21.16.1","13.248.169.48","76.223.54.146","104.21.112.1")

    IP Address : 

    domainname like "fifacwc-zq-shijubei.com" or url like "fifacwc-zq-shijubei.com" or siteurl like "fifacwc-zq-shijubei.com" or domainname like "indobetworldcup.world" or url like "indobetworldcup.world" or siteurl like "indobetworldcup.world" or domainname like "klikfifafun.club" or url like "klikfifafun.club" or siteurl like "klikfifafun.club" or domainname like "520worldcup.com" or url like "520worldcup.com" or siteurl like "520worldcup.com" or domainname like "zh-fifaclub-cwc.com" or url like "zh-fifaclub-cwc.com" or siteurl like "zh-fifaclub-cwc.com" or domainname like "fifa888myz.com" or url like "fifa888myz.com" or siteurl like "fifa888myz.com" or domainname like "fifaol4.com" or url like "fifaol4.com" or siteurl like "fifaol4.com" or domainname like "fifazhibo.me" or url like "fifazhibo.me" or siteurl like "fifazhibo.me" or domainname like "worldcup2026.tips" or url like "worldcup2026.tips" or siteurl like "worldcup2026.tips" or domainname like "worldcupbettingodds.icu" or url like "worldcupbettingodds.icu" or siteurl like "worldcupbettingodds.icu" or domainname like "zhibo-fifacwc.com" or url like "zhibo-fifacwc.com" or siteurl like "zhibo-fifacwc.com" or domainname like "apkmobileklikfifa.xyz" or url like "apkmobileklikfifa.xyz" or siteurl like "apkmobileklikfifa.xyz" or domainnname like "ar-fifa.com" or url like "ar-fifa.com" or siteurl like "ar-fifa.com" or domainname like "​​fr-ru-fifaclub.com" or url like "​​fr-ru-fifaclub.com" or siteurl like "​​fr-ru-fifaclub.com"

    Reference:

    https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-09-09-scam-domains-related-to-2026-FIFA-World-Cup.txt


    Tags

    Threat ActorFIFAFake softwareGamblingSquattingPirated

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.