# fifa-com.shop — SUSPICIOUS > WARNING: fifa-com.shop is a crypto drainer impersonating FIFA that steals login credentials. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies fifa-com.shop as an active credential-harvesting site designed to deceive users into surrendering their FIFA account credentials. This site mimics the official FIFA branding to trick visitors into entering sensitive login information, which is then captured by attackers for account takeover, fraudulent transactions, or sold on dark web markets. The domain employs a lookalike structure targeting users who may overlook subtle misspellings or branding inconsistencies, making it especially dangerous for unsuspecting fans or esports participants. The goal is direct financial harm through drained crypto wallets, stolen in-game assets, or identity theft tied to gaming profiles. Technical indicators strongly support the classification of this domain as a high-risk phishing node. VirusTotal currently reports 0 out of 95 security engines detecting the threat, indicating low signature-based detection despite its malicious intent. The domain is registered under Namecheap with privacy protection enabled, obscuring ownership details, and was created on 2023-11-15. While no public blocklist entries are currently recorded, the use of a Let’s Encrypt SSL certificate (valid and properly issued) adds a veneer of legitimacy that increases user trust and click-through rates. The hosting IP, 104.21.57.170, serves multiple low-reputation domains and has been previously associated with phishing and malware campaigns, as corroborated by passive DNS analysis. Users who have visited fifa-com.shop are urged to immediately change their FIFA account password and enable two-factor authentication (2FA) via official FIFA channels. Do not reuse passwords across platforms. Scan all connected devices for malware using reputable antivirus software, especially if any login details were entered. Report the domain to law enforcement and gaming platforms. Avoid clicking links from untrusted sources and verify URLs manually. PhishDestroy recommends removing this domain from bookmarks and checking recent login activity on FIFA.com. If crypto assets are linked, consult your wallet provider and consider transferring funds to a cold wallet while investigating unauthorized transactions. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 104.21.57.170 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/158ee1ff-3f2e-4a12-baee-5ce3faef68a1 - PhishDestroy: https://phishdestroy.io/domain/fifa-com.shop/ - LLM endpoint: https://phishdestroy.io/domain/fifa-com.shop/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/fifa-com.shop/ Last updated: 2026-03-21