With the Super Bowl and 2026 Winter Olympics coinciding, all eyes have been on the world of sports in February. And with that comes some unfortunate realities: Scammers take advantage of seasonal events like this every way they can.
These events drove increased traffic to both legitimate and malicious gambling sites, as well as fake ticketing and streaming sites. Let’s take a look at what occurred in the lead-up to these events.
During the 2026 Olympic winter games, we’ve been tracking a surge in malicious activity, much of it centered on domains using Top-Level Domains like .store, .shop, and .online alongside the term "2026 Olympics." What we’ve seen includes what is likely a network of dropshipping websites pushing fraudulent merchandise. These pointed to what seemed to be a fake Facebook page of a legitimate German retailer.
One of these sites now points to a forbidden IP address and is actively blocked by Cloudflare, besides being marked a threat by DNSFilter. When comparing the fake site to the legitimate Olympic outlet, the differences don't stand out immediately. However, looking at generalized pricing, batch promises of “4-for-1 deals”, and a large variety of poorly photoshopped products that do not exist on the main store—it is simply a wolf in Olympic-ring colored clothing.
The largest traffic spike early in the Olympics period occurred on January 30th, driven by users visiting a fake Olympics site that redirected them to Google with a domain that included “nagolympic”. This domain, in addition to being flagged by DNSFilter, was caught in spam filters and uses the pattern of many burner domains.
There was a lot of anticipation ahead of the Big Game and the halftime show. So much so that there was a short-lived increase in traffic to malicious sites containing "badbunny" in the domain name, including a fraudulent merchandise site. This was observed on February 4th, four days before Super Bowl LX.
Traffic to malicious websites featuring "patriot" in their name (and specifically referencing the football team), often selling fake merchandise, spiked significantly (344%) above the average leading up to the AFC Championship game. Notably, at least three of these sites that previously displayed merchandise are now offline, returning an HTTP 503 Service Unavailable error.
During the NFL divisional round and championship weekend, we saw an increase in malicious sites with “stream” in the domain name. Compared to the average between November 2025 and February, the divisional round increased 116% and championship weekend increased 106%. However, similar spikes were seen in early December 2025, indicating that malicious streaming is an evergreen issue during the NFL season. These types of sites are often attempting to gather login data or execute malware in the background.
Traffic to a site with “big game” in the name peaked the day before the Super Bowl. Keywords found in these malicious domains associated with Super Bowl LX included:
While we often focus on betting and streaming during these events, merchandise has been the primary scam driver observed on our network over this period. This is likely due to the ease of creating fake drop ship sites promising inexpensive merchandise, such as a $30 Super Bowl ring replica.
While betting sites including the use of “super bowl” or “olympic” in the domain name were lower than we’ve seen before, we did see some spikes of malicious betting sites during the NFL playoffs. During the NFL playoffs, there was a 175% increase to fake betting sites over NFL wildcard weekend compared to the average since October.
Meanwhile, more gambling sites (not malicious in nature) were blocked in January during the NFL playoffs, and particularly high on January 30, but overall traffic remained steady. This indicates the increase is not just in betting, but particularly malicious betting.
Unfortunately, where there is money and high traffic, cybercriminals follow. The period immediately preceding the Super Bowl and the Olympics saw plenty of malicious sites attempting to capitalize on the frenzy. These bad actors often employ sophisticated tactics, including:
Malicious Streaming Services: Sometimes mimicking popular sites with a goal of collecting login information, while other times these sites promise premium content as malware executes in the background. Blocking torrenting and P2P sites can mitigate this issue.
Here are a few key things you can do to protect yourself:
Leverage DNS Filtering: Proactively block employees from accessing malicious sports betting, streaming, and phishing sites that capitalize on high-traffic events to protect your network and sensitive business data from malware and credential theft.
2026 is a year filled with plenty of high-profile sporting activities, and unfortunately that excitement leads to vulnerability, and ultimately to scams. On our network, we see an increase in phishing sites promising returns on sports bets and "great" deals on tickets and merchandise. But users also need to be on the lookout for malicious streaming services, offering free viewing of premium content.
Start your free trial of DNSFilter today.