Sports-Betting Platforms Hit by Spike in Bot Attacks During FIFA World Cup
Sports-betting platforms have experienced a sharp increase in bot attacks during the 2026 FIFA World Cup, according to new threat research released by DataDome. The company said one major European betting platform recorded nearly 19 million blocked requests during a three-week period in June.
DataDome reported blocked traffic for the platform averaged about 200,000 requests per day in early June before increasing steadily throughout the month. On June 10, the day before the tournament’s opening match, the platform experienced what DataDome described as a flash distributed denial-of-service (DDoS) attack that generated 786,000 requests in 87 seconds, peaking at nearly 18,000 requests per second.
According to the report, DataDome detected and blocked both the sustained attack campaign and the flash DDoS attack in real time. The company’s Galileo threat research team analyzed the incident and said the attack relied on known proxy infrastructure.
The report attributes most of the attack traffic to Russia-based hosting provider Biterika Group LLC. DataDome said the provider accounted for 76.4% of attack traffic across 625 autonomous systems involved in the campaign. The remaining autonomous systems each contributed less than 7% individually.
DataDome also reported that more than 91% of traffic originating from Biterika over a seven-day period was identified as fraudulent based on the company’s telemetry. The report noted that Biterika was previously associated with a DDoS attack against two media organizations in June 2025.
According to the analysis, 99.79% of the attack traffic targeted web endpoints, while 0.21% targeted login pages and 0.01% targeted account creation endpoints. DataDome said its Turing artificial intelligence model mitigated more than 10 million requests associated with the sustained attack campaign since June 1.
The company said its detection process combined IP reputation intelligence, TLS fingerprinting, header analysis and behavioral analysis to identify the flash DDoS attack. For the broader attack campaign, DataDome said its AI model generated detection rules from time-based traffic patterns to mitigate requests over an extended period.
The report concludes that major sporting events can create periods of increased attack activity for sports-betting platforms and states that flash DDoS attacks and longer-running attack campaigns require different detection approaches. DataDome also said known proxy infrastructure and anomalous traffic patterns can provide early indicators of malicious activity.
To view the complete report, go here.