# booking.com-conflrm-apart-spain.com — MALICIOUS > PhishDestroy identifies booking.com-conflrm-apart-spain.com as a credential-harvesting site mimicking Booking.com. ## Summary PhishDestroy identifies booking.com-conflrm-apart-spain.com as a high-risk credential-harvesting domain masquerading as a Booking.com apartment rental confirmation page. The page is designed to trick users into entering login credentials or payment details under the guise of an urgent reservation update. Security researchers have confirmed that this domain impersonates legitimate Booking.com infrastructure, leveraging social engineering tactics to exploit user trust in well-known travel platforms. This domain was flagged by 18 out of 95 VirusTotal security vendors, indicating significant malicious intent. It was registered through DYNADOT LLC on April 7, 2026—suggesting a recently deployed attack infrastructure. Additionally, this domain appears on four independent security blocklists, including OpenPhish, PhishingArmy, OISD, and CERT-PL. The domain resolves to IP address 172.67.163.119 and holds a Let’s Encrypt SSL certificate to enhance its perceived legitimacy. While Let’s Encrypt certificates are not inherently malicious, their presence on low-reputation domains is commonly exploited by attackers to evade detection by casual users. Users should immediately cease all interactions with booking.com-conflrm-apart-spain.com and avoid entering any personal or payment information. If you have already visited the site, do not submit credentials or financial data. Review your accounts for unauthorized activity and change passwords on all travel-related platforms, especially if the same credentials were reused. Report the domain to your email provider, antivirus software, and the platform it mimics (e.g., Booking.com). To reduce future exposure, enable multi-factor authentication (MFA) on all sensitive accounts and use a password manager with domain verification. Consider scanning your device for malware and monitor financial statements for suspicious transactions. ## Threat Details - Verdict: MALICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registered: 2026-04-07 09:55:20 - Registrar: DYNADOT LLC - IP: 172.67.163.119 ## Detection Status - VirusTotal: 18 vendors flagged - Google Safe Browsing: clean - Blocklists: 4 hits Lists: ["OpenPhish", "PhishingArmy", "OISD", "CERT-PL"] ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/booking.com-conflrm-apart-spain.com - PhishDestroy: https://phishdestroy.io/domain/booking.com-conflrm-apart-spain.com/ - LLM endpoint: https://phishdestroy.io/domain/booking.com-conflrm-apart-spain.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/booking.com-conflrm-apart-spain.com/ Last updated: 2026-04-08