# booking.com-conflrm-spain.com — MALICIOUS

> booking.com-conflrm-spain.com is a fake Booking.com confirmation page hosting a phishing scam. Blocked by OpenPhish after only 4 days online.

## Summary
PhishDestroy identifies booking.com-conflrm-spain.com as an active phishing site masquerading as a Booking.com reservation confirmation portal for Spain. This domain employs visual mimicry and urgency-based lures to trick users into surrendering login credentials or payment data. The risk level is elevated due to active hosting, recent creation, and multiple blocklist hits, indicating a live campaign with high potential for credential theft and financial fraud.  

This domain was flagged by 14 out of 95 VirusTotal security vendors, blocked by both OpenPhish and PhishingArmy, and registered on April 07, 2026 through DYNADOT LLC. It resolves to IP 104.21.22.146 and uses a Let’s Encrypt SSL certificate to appear legitimate. The domain’s age of just four days and immediate inclusion on two major blocklists signal a rapidly deployed, high-turnover phishing operation targeting travel-related trust and haste.  

Users should avoid clicking any link to booking.com-conflrm-spain.com and should report the domain to their email provider and browser. If credentials were entered, immediately change passwords on Booking.com and enable two-factor authentication. Monitor financial accounts for unauthorized charges and consider a credit freeze. Always verify booking confirmations by logging in directly via the official Booking.com domain, never through emailed or texted links.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-04-07 09:55:23
- Registrar: DYNADOT LLC
- IP: 104.21.22.146

## Detection Status
- VirusTotal: 14 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["OpenPhish", "PhishingArmy"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/domains/booking.com-conflrm-spain.com
- PhishDestroy: https://phishdestroy.io/domain/booking.com-conflrm-spain.com/
- LLM endpoint: https://phishdestroy.io/domain/booking.com-conflrm-spain.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/booking.com-conflrm-spain.com/
Last updated: 2026-04-08