Get complimentary access to the Gartner report, Emerging Tech: Top Use Cases in Preemptive Cyber Defense

Across 1623 suspicious domains, majority used keywords highly relevant to the event, (e.g., “olympic”, “olympics”, “la28”, “milanocortina”). Alongside, several hundred domains, from legacy .com/.org to newer TLDs (“.shop”, “.store”, “.ai”, “.world”, “.app”, “.cloud”, “.top”, “.xyz”, “.games”, “.global”) were seen.

While the threat infrastructure for the Winter Olympics is imminent with 79 domains, we observe a growing focus on the Summer Games with 14 domains. Crucially, the largest category remains generic, with 1,529 domains, indicating a generalized, exploitable threat that can be leveraged at any time.

Domain registrations peaked from December 2025 through February 2026, especially for 2026 and 2028 event strings (e.g., “2026‑olympics[.]store”, “2026olympics[.]store”, “2028olympics.*”). Additionally, newly registered domains referencing future Olympic cycles (2030–2038), including examples such as 2030frenchalpsolympics[.]com, 2034olympics[.]com, and 2038winterolympics[.]com, suggest speculative brand targeting and potential pre-positioned infrastructure for long-term monetization or opportunistic abuse.

There was a noticeably heavy concentration in generic commercial TLDs, “.com”, “.net”, “.org” remaining dominant (e.g., 2030olympics[.]com, olympicrapidrestoration[.]com, montrealolympics[.]com). Aggressive use of low‑cost and newer TLDs, “.shop”, “.store”, “.xyz”, “.world”, “.global”, “.live”, “.online”, “.cloud”, “.top” and “.buzz” are frequent for merchandise or outreach‑themed strings (e.g., 2026‑olympics[.]store, olympicp[.]shop, olympicoutreach[.]click, milanocortinaolympics[.]store).

Country‑specific or niche TLDs (“.ai”, “.sk”, “.ca”, “.amsterdam”, “.app”) appear in higher‑value or tech‑focused strings such as 2028summerolympics[.]ai, olympiccasinoonline[.]sk, mfcolympics[.]ca, olympicplaza[.]amsterdam, longevityolympics[.]app. From a PreCrime perspective, short‑life, low‑cost TLDs with events alongside commerce keywords score higher than purely informational .org domains.

PreCrime analytics on this corpus supports several IOC/brand‑protection and cybercrime scenarios:

A coordinated cluster of suspicious domains is impersonating Milano Cortina 2026 Winter Olympics retail activity. Multiple domains associated with this cluster share the common page title “Milano Cortina 2026: Winter Olympics 2026.” The infrastructure is fronted by IP address 104[.]18[.]19[.]207, operating behind Cloudflare CDN services, indicating the use of reputable content delivery networks to enhance legitimacy and resilience.

A certain set of domains seen within the dataset attempted to attract users with sleek, event-driven e-commerce storefront centered around “USA Hockey Olympic Gold Champions” merchandise, immediately tying the brand to Olympic success and national pride.

Other 7 identified domains target a specific audience who prefer high-value accommodation searches during peak travel demand. An important observation within this campaign cluster is the preference for standard, high-trust Top-Level Domains (TLDs) such as “.com” over “.xyz”, to increase the likelihood of user trust, especially when combined with event-specific keywords (e.g., “LA,” “Olympic,” “luxury rentals”). As from a user psychology perspective, “.com” domains are strongly associated with established businesses and legitimate commercial operations.