IOC Radar
TLP:WHITE6 IOCs

Operation FanTrap: Inside the FIFA 2026 Fraud Ecosystem

CY
Cyble
Published June 18, 2026Original Report

Threat Actors

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYPlayINFRASTRUCTUREstreameast.imsportshub.fantotalsportek.onlineCAPABILITYPlayVICTIMunknown
Adversary(1)
Infrastructure(6)
Capability(1)
Victim

Attack Flow7 steps · MITRE ATT&CK mapped

Resource DevelopmentTA0042·T1580
1/7
Acquire Infrastructure
ActionRegister fraudulent domains
Threat actors registered nearly 4,000 FIFA-themed domains to impersonate official sites and services.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise6

TypeIndicatorConfidenceScoreFirst Seen
Domainstreameast.im
intel-blogmalwarenetwork
High
58
Jun 19, 26
Domainsportshub.fan
intel-blogmalwarenetwork
High
58
Jun 19, 26
Domaintotalsportek.online
intel-blogmalwarenetwork
High
58
Jun 19, 26
Domainfootballnewslive.online
intel-blogmalwarenetwork
High
58
Jun 19, 26
Domainepicsports.in
intel-blogmalwarenetwork
High
58
Jun 19, 26
Domainfootybite.vc
intel-blogmalwarenetwork
High
58
Jun 19, 26

IOC Relationship Graph

IOC Relationship Graph6 total IOCs
Domain
Domain6Actors1Malware1REPORTOperation FanTrap: Inside PlayPlay
scroll to zoom · drag to pan · click IOC to open