Cybercriminals have launched a complicated multi-vector assault marketing campaign focusing on followers and groups forward of the 2025 Belgian Grand Prix, scheduled for July 27 on the iconic Spa-Francorchamps circuit.
The risk actors have deployed an arsenal of ways together with phishing emails, fraudulent ticket web sites, malicious streaming platforms, and counterfeit merchandise scams to take advantage of the worldwide enthusiasm surrounding Components 1’s premier racing occasion.
The marketing campaign’s basis was established via a big safety breach that occurred in early 2024, when risk actors efficiently compromised the official Belgian Grand Prix e-mail account.
This preliminary foothold enabled attackers to conduct large-scale phishing operations with enhanced credibility, as fraudulent communications appeared to originate from reliable race organizers.
Phishing e-mail pattern despatched to followers (Supply – Cloudsek)
The compromised infrastructure has since been leveraged to distribute misleading emails promising discounted tickets and unique entry to unsuspecting Components 1 fans.
CloudSEK analysts recognized a dramatic surge in malicious area registrations particularly crafted to impersonate official Components 1 and Spa-Francorchamps web sites.
The researchers documented 16 suspicious domains, with 14 registered between 2024 and 2025, indicating a coordinated preparation section main as much as the race weekend.
Faux merchandise web site (Supply – Cloudsek)
These domains serve a number of malicious functions, together with internet hosting phishing pages designed to reap private and cost data, distributing malware disguised as ticket PDFs or streaming purposes, and spreading misinformation to generate fraudulent income.
Infrastructure Evaluation and Area Spoofing Ways
The risk actors have demonstrated subtle area spoofing methods, registering variations that intently mimic reliable Components 1 terminology and branding.
Evaluation of the malicious infrastructure reveals a strategic method to area choice, with registrations accelerating within the months previous the Belgian Grand Prix.
Area NameRegistrarCreation DateExpiration DateDomain AgeRegistrar CountryCHEERGRANDPRIX.COMNetwork Options, LLC2025-06-062026-06-06Newly RegisteredUSAF1GRANDPRIXNEWS.COMMoniker On-line Companies LLC2024-06-062025-06-061 12 months OldUSAFORMULAGRANDPRIX.COMOVH, SAS2025-05-312026-05-31Newly RegisteredFranceGRANDPRIXJOBS.COMNameCheap, Inc.2025-05-232026-05-23Newly RegisteredUSAGRANDPRIXQUADS.COMHOSTINGER operations, UAB2025-06-262026-06-26Newly RegisteredLithuaniaGRANDPRIXSTORE.NETLiquidNet Ltd.2025-06-112026-06-11Newly RegisteredUKGRANDPRIXWATCHSHOP.COMTUCOWS, INC.2025-06-262026-06-26Newly RegisteredCanadaHOLIDAYGRANDPRIX.COMSquarespace Domains II LLC2025-06-012026-06-01Newly RegisteredUSAONLINEGRANDPRIX.NETNameCheap, Inc.2025-07-072026-07-07Newly RegisteredUSAREDBULLUSGRANDPRIX.COMGname 240 Inc2025-06-032026-06-03Newly RegisteredSingaporeS1GRANDPRIX.COMName.com, Inc.2025-06-282026-06-28Newly RegisteredUSASELENAGRANDPRIX.COMONLINE SAS2025-06-052026-06-05Newly RegisteredFranceSHOP-GRANDPRIX.COMNameCheap, Inc.2025-07-162026-07-16Newly RegisteredUSAVOLTGRANDPRIX.COMWild West Domains, LLC2007-04-092026-04-0917+ Years OldUSAWEBGRANDPRIX.COMTUCOWS, INC.2024-07-012026-07-011 12 months OldCanadaWORLDGRANDPRIX.COMMegazone Corp., dba HOSTING.KR2002-05-052026-05-0522+ Years OldSouth Korea
The attackers have strategically distributed their infrastructure throughout a number of registrars together with NameCheap, Community Options, and OVH to evade detection and complicate takedown efforts.
This diversification technique, mixed with using legitimate-sounding domains, creates a formidable problem for each safety groups and potential victims trying to differentiate genuine platforms from malicious options.
The timing of those registrations, clustered across the race announcement and ticket gross sales durations, demonstrates cautious planning and market consciousness by the risk actors.
Combine ANY.RUN TI Lookup along with your SIEM or SOAR To Analyses Superior Threats -> Attempt 50 Free Trial Searches
