← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
The World Cup Fraud Infrastructure is Nearly Three Times Larger Than We First Reported
WHITE PetrP.73 2026-05-21 Modified: 2026-05-21
27
IOCs
MEDIUM VOLUME
The expanded investigation into World Cup phishing infrastructure has revealed a significantly larger and more complex web of fraudulent domains than previously reported. Initially, 79 domains were identified, but further research has expanded that count to at least 222 domains operating across 203 unique IP addresses, which marks an increase of approximately 2.8 times in domain numbers and over 14 times in hosting footprint. The campaign is characterized by at least four separate operator clusters, indicating a distributed network of cybercriminals rather than a single, centralized threat actor.
world cupaprilflaremarchstrongflare academycloudflareemailreadflare platformfirstfraudspaceshipdemomexicofootprintfebruary
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 27 total)
All FileHash-SHA1 IPv4 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 1b02595c66a13a4a5a523a76de25803bdb950623 2026-05-21
FileHash-SHA1 3b8bb7631b39f455d31544b55ba97b49ab1888c1 2026-05-21
FileHash-SHA1 fb0498ab592232747a4d90aa150ee4e0506869ca 2026-05-21
FileHash-SHA1 fc1db8def38bb08010bb8f8ac14d5e498ff8ff43 2026-05-21
References (1)
↗ https://flare.io/learn/resources/blog/world-cup-fraud-infrastructure-three-times-larger-than-original-reporting