216.73.217.80

Thousands of Fake Hotel Domains Used in Massive Phishing Campaign

· Published 11/11/2025 18:26 · Modified 12/11/2025 02:40

Export JSON

Essential information

Published
11/11/2025 18:26
Modified
12/11/2025 02:40
Tags
2025-11-11 domain registration malspam phishing
Related entities
200 observables, 6 techniques (mitre), 5 others

Description

A Russian-speaking threat actor has orchestrated a large-scale campaign targeting travelers by registering over 4,300 domain names since early 2025. The sophisticated operation impersonates major travel brands like Airbnb and Booking.com to steal payment card data. The sites use customized pages based on unique URL strings, fake CAPTCHA systems, and multilingual translations to appear legitimate. The campaign employs malicious emails with links that redirect through multiple sites before reaching the page. The attacker consistently registers new domains, focusing on specific registrars and using naming conventions that incorporate travel-related terms and hotel names. The kit includes real-time data collection and Russian language elements in the source code.

External references