Pulse Detail — Threat Intelligence

PULSE NAME

B2B2C Supply Chain Attack: Hotels Booking Accounts Compromised to Target Customers

WHITE PetrP.73 2025-12-24 Modified: 2025-12-24

214

IOCs

HIGH VOLUME

Since May 2025, a cyber threat actor has been engaged in a B2B2C supply chain attack focusing on compromising hotel booking management accounts, specifically targeting http://Booking.com customers. Nearly 1,000 fraudulent booking and hotel reservation domains have been generated to facilitate this operation. The attack is characterized by the use of urgent notifications, labeled as "verify or cancel," which direct users to external phishing sites. These sites are designed to dynamically load the victim's actual reservation details, effectively tricking users into disclosing sensitive payment information. The initial vector for this attack involved compromising hotel staff accounts to gain access to booking platform credentials. This operation aligns with previous phishing campaigns reported, such as the "I Paid Twice" campaign, indicating a potential connection between the attackers targeting hotel credentials and those executing the phishing attacks.

domain

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1078 T1199 T1204.002 T1566.002 T1583.001 T1584

Indicators of Compromise (214)

All domain

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	againcheck-booking.com	—	2025-12-24
domain	allsoppandallsoppgroup.quest	—	2025-12-24
domain	asclrt-feserlv-ypsay.icu	—	2025-12-24
domain	bk-for-glres.click	—	2025-12-24
domain	bnrty-gedmt-zqjl.click	—	2025-12-24
domain	book-octrate.com	—	2025-12-24
domain	booking-approval.top	—	2025-12-24
domain	bookingid291784671.sbs	—	2025-12-24
domain	bookresrvupdate.com	—	2025-12-24
domain	breserve-custommessagehelp.com	—	2025-12-24
domain	bronirovaniebooking1.icu	—	2025-12-24
domain	bybok-cont-tday.click	—	2025-12-24
domain	cardcheck1415-booking.com	—	2025-12-24
domain	cardid5185-booking.com	—	2025-12-24
domain	cardverify54951-booking.com	—	2025-12-24
domain	cardverify564301-booking.com	—	2025-12-24
domain	cardverify564891-booking.com	—	2025-12-24
domain	cardverify7651-booking.com	—	2025-12-24
domain	cardverify87951-booking.com	—	2025-12-24
domain	cardverify88151-booking.com	—	2025-12-24
domain	cdgairport.icu	—	2025-12-24
domain	cfie-gnest-hbenv.click	—	2025-12-24
domain	check-by-booking.com	—	2025-12-24
domain	checkcard1015-booking.com	—	2025-12-24
domain	checkcard1715-booking.com	—	2025-12-24
domain	checkguests-via-booking.com	—	2025-12-24
domain	checkinfo-booking.com	—	2025-12-24
domain	checkinfo-by-booking.com	—	2025-12-24
domain	checkininfo-by-booking.com	—	2025-12-24
domain	clipperhotel.icu	—	2025-12-24
domain	cmpelt-boolking-tday.com	—	2025-12-24
domain	cofm-sta-tda.buzz	—	2025-12-24
domain	cofn-resrv-compl.icu	—	2025-12-24
domain	compl-resrv.world	—	2025-12-24
domain	compl-tody-rsrv.click	—	2025-12-24
domain	complt-revesre-toda.click	—	2025-12-24
domain	confirmation-370388.com	—	2025-12-24
domain	confirmation-370391.com	—	2025-12-24
domain	confirmation-370395.com	—	2025-12-24
domain	confirmation-id.world	—	2025-12-24
domain	confirmation-id019.com	—	2025-12-24
domain	confirmation-id14332449.com	—	2025-12-24
domain	confirmation-id14332450.com	—	2025-12-24
domain	confirmation-id14332451.com	—	2025-12-24
domain	confirmation-id14332452.com	—	2025-12-24
domain	confirmation-id14332471.com	—	2025-12-24
domain	confirmation-id14332473.com	—	2025-12-24
domain	confirmation-id1437340.com	—	2025-12-24
domain	confirmation-id1437342.com	—	2025-12-24
domain	confirmation-id1437343.com	—	2025-12-24
domain	confirmation-id14373444.com	—	2025-12-24
domain	confirmation-id14373445.com	—	2025-12-24
domain	confirmation-id14373446.com	—	2025-12-24
domain	confirmation-id14373447.com	—	2025-12-24
domain	confirmation-id14373448.com	—	2025-12-24
domain	confirmation-id14373449.com	—	2025-12-24
domain	confirmation-id14373450.com	—	2025-12-24
domain	confirmation-id1437351.com	—	2025-12-24
domain	confirmation-id1437352.com	—	2025-12-24
domain	confirmation-id1437353.com	—	2025-12-24
domain	confirmation-id1437355.com	—	2025-12-24
domain	confirmation-id190238.com	—	2025-12-24
domain	confirmation-id2199.com	—	2025-12-24
domain	confirmation-id2462.com	—	2025-12-24
domain	confirmation-id2509100.com	—	2025-12-24
domain	confirmation-id2509101.com	—	2025-12-24
domain	confirmation-id2509103.com	—	2025-12-24
domain	confirmation-id2509160.com	—	2025-12-24
domain	confirmation-id2509161.com	—	2025-12-24
domain	confirmation-id2509162.com	—	2025-12-24
domain	confirmation-id2509163.com	—	2025-12-24
domain	confirmation-id2509164.com	—	2025-12-24
domain	confirmation-id2509170.com	—	2025-12-24
domain	confirmation-id2509171.com	—	2025-12-24
domain	confirmation-id348.com	—	2025-12-24
domain	confirmation-id3638.com	—	2025-12-24
domain	confirmation-id3719.com	—	2025-12-24
domain	confirmation-id3938.com	—	2025-12-24
domain	confirmation-id4211.com	—	2025-12-24
domain	confirmation-id43891.world	—	2025-12-24
domain	confirmation-id44101.com	—	2025-12-24
domain	confirmation-id47183.world	—	2025-12-24
domain	confirmation-id52342623623.com	—	2025-12-24
domain	confirmation-id52363.com	—	2025-12-24
domain	confirmation-id534534.com	—	2025-12-24
domain	confirmation-id534575.com	—	2025-12-24
domain	confirmation-id543556.com	—	2025-12-24
domain	confirmation-id544313.com	—	2025-12-24
domain	confirmation-id5473226.com	—	2025-12-24
domain	confirmation-id554331.com	—	2025-12-24
domain	confirmation-id612452.com	—	2025-12-24
domain	confirmation-id61426346.com	—	2025-12-24
domain	confirmation-id6199.com	—	2025-12-24
domain	confirmation-id62342623.com	—	2025-12-24
domain	confirmation-id6328.com	—	2025-12-24
domain	confirmation-id633885.com	—	2025-12-24
domain	confirmation-id634885.com	—	2025-12-24
domain	confirmation-id635895.com	—	2025-12-24
domain	confirmation-id637885.com	—	2025-12-24
domain	confirmation-id647885.com	—	2025-12-24
domain	confirmation-id65091.world	—	2025-12-24
domain	confirmation-id67123.world	—	2025-12-24
domain	confirmation-id67831.world	—	2025-12-24
domain	confirmation-id6859838.com	—	2025-12-24
domain	confirmation-id7189.com	—	2025-12-24
domain	confirmation-id73245.com	—	2025-12-24
domain	confirmation-id75237236.com	—	2025-12-24
domain	confirmation-id7582.com	—	2025-12-24
domain	confirmation-id7650.com	—	2025-12-24
domain	confirmation-id7852.com	—	2025-12-24
domain	confirmation-id7853564.com	—	2025-12-24
domain	confirmation-id7899.com	—	2025-12-24
domain	confirmation-id8147.com	—	2025-12-24
domain	confirmation-id8491.live	—	2025-12-24
domain	confirmation-id8539.live	—	2025-12-24
domain	confirmation-id889424.com	—	2025-12-24
domain	confirmation-id891723.com	—	2025-12-24
domain	confirmation-id90153.com	—	2025-12-24
domain	confirmation-id901823.com	—	2025-12-24
domain	confirmation-id9056423.com	—	2025-12-24
domain	confirmation-id9318.com	—	2025-12-24
domain	confirmation-id9823.com	—	2025-12-24
domain	confirmation-id987933.com	—	2025-12-24
domain	confirmation18442.com	—	2025-12-24
domain	confirmation2857.com	—	2025-12-24
domain	confirmation29785.com	—	2025-12-24
domain	confirmation84216.com	—	2025-12-24
domain	confslmpleresrvatlon.com	—	2025-12-24
domain	customerbook.cfd	—	2025-12-24
domain	cz-room24.com	—	2025-12-24
domain	day-conf-compl.com	—	2025-12-24
domain	fastcheck-booking.com	—	2025-12-24
domain	fday-clfrm-grlsv.click	—	2025-12-24
domain	fnly-yor-okay.com	—	2025-12-24
domain	fufick.icu	—	2025-12-24
domain	gcjonf-rsrlv-tody.click	—	2025-12-24
domain	gjhj4nhj5v.click	—	2025-12-24
domain	grclno-flirem-tery.icu	—	2025-12-24
domain	grindlservice.com	—	2025-12-24
domain	grindlyservice.world	—	2025-12-24
domain	gsert-cont-onday.icu	—	2025-12-24
domain	guestcheck-booking.com	—	2025-12-24
domain	guestinfo-booking.com	—	2025-12-24
domain	gvntl-svplie-gerlvl.icu	—	2025-12-24
domain	heclrcv-vopl-ypfau.icu	—	2025-12-24
domain	holder4820-booking.com	—	2025-12-24
domain	holderid4120-booking.com	—	2025-12-24
domain	hotel-pinomar.world	—	2025-12-24
domain	hoteleybookedes2025.com	—	2025-12-24
domain	htday-clonf-rlsv.click	—	2025-12-24
domain	htrvf-eftlet-gefecs.click	—	2025-12-24
domain	id-553136.world	—	2025-12-24
domain	id154321.icu	—	2025-12-24
domain	id29945.com	—	2025-12-24
domain	id498996.com	—	2025-12-24
domain	idcard1215-booking.com	—	2025-12-24
domain	idholder1235-booking.com	—	2025-12-24
domain	inforecheck-by-booking.com	—	2025-12-24
domain	internationalguestservices.com	—	2025-12-24
domain	it-room24.com	—	2025-12-24
domain	it-rooms24.com	—	2025-12-24
domain	iurtey-gkafn-trh.icu	—	2025-12-24
domain	mayairbnbdata.info	—	2025-12-24
domain	maydatarenew.com	—	2025-12-24
domain	mfohur-tnus-ypfay.icu	—	2025-12-24
domain	octorate-confirm.com	—	2025-12-24
domain	octoreslvatlon.com	—	2025-12-24
domain	passverify-booking.com	—	2025-12-24
domain	rebook-page.click	—	2025-12-24
domain	rebook-room.click	—	2025-12-24
domain	recheck-booking.com	—	2025-12-24
domain	reconfrim881722.world	—	2025-12-24
domain	reservation-booking.icu	—	2025-12-24
domain	reservation-confirmed.sbs	—	2025-12-24
domain	reservation-id25673.world	—	2025-12-24
domain	reservation-id64553.quest	—	2025-12-24
domain	reservation-id93100413.com	—	2025-12-24
domain	reserveworkshved.com	—	2025-12-24
domain	resvr-confrm-id4567241.click	—	2025-12-24
domain	resvr-confrm-id4567244.click	—	2025-12-24
domain	rleghlt-smrlite-cfmng.com	—	2025-12-24
domain	rsrlv-comf-ystd.click	—	2025-12-24
domain	shvedworkaet.top	—	2025-12-24
domain	simlperesrlvatlonhotel.com	—	2025-12-24
domain	simmpel-resrvtion.com	—	2025-12-24
domain	simpl-reservatron.com	—	2025-12-24
domain	simple-bookingit.com	—	2025-12-24
domain	slvtq-keltr-mufhr.click	—	2025-12-24
domain	smple-reserv.com	—	2025-12-24
domain	smpleresrvtiongeust.com	—	2025-12-24
domain	soppll-jendh-rglslrlv.com	—	2025-12-24
domain	sovay-dgelrv-somhrm.icu	—	2025-12-24
domain	sseplt-adrer-asp.icu	—	2025-12-24
domain	supl-rtyez-imm.icu	—	2025-12-24
domain	svtergh-shtpl-mntek-rtees.rest	—	2025-12-24
domain	themyrtlebeachresort.icu	—	2025-12-24
domain	themyrtlebeachresorts.info	—	2025-12-24
domain	thfey-glpmlt-fdou.icu	—	2025-12-24
domain	uk-rooms24.com	—	2025-12-24
domain	updatedata85945.com	—	2025-12-24
domain	verficaion-reserv213552.com	—	2025-12-24
domain	verficatiuon-reservaon.com	—	2025-12-24
domain	verficaton-resevaion251134.com	—	2025-12-24
domain	verif-hillpark-hotel.com	—	2025-12-24
domain	verificaion-reserv213552.com	—	2025-12-24
domain	verification12415-booking.com	—	2025-12-24
domain	verificationid-booking.com	—	2025-12-24
domain	verify-bypass-booking.com	—	2025-12-24
domain	verify312051-booking.com	—	2025-12-24
domain	verify31451-booking.com	—	2025-12-24
domain	verifybook-booking.com	—	2025-12-24
domain	verifyid5465-booking.com	—	2025-12-24
domain	visitorroom4873456.com	—	2025-12-24
domain	xhtef-clqui-sebs.click	—	2025-12-24

References (1)

↗ https://dti.domaintools.com/b2b2c-supply-chain-attack-hotels-booking-accounts-compromised-to-target-customers/