The FBI’s Internet Crime Complaint Center (IC3) has shared a list of over 42,000 domain names linked to LabHost, one of the largest phishing-as-a-service (PhaaS) platforms worldwide that was dismantled in April 2024.
LabHost allowed cybercriminals and scammers access to extensive sets of phishing kits, which could be used to impersonate more than 200 organizations, including banks, streaming services, postal services, and government institutions.
The platform offered users access to a range of phishing services, such as customized phishing pages, adversary-in-the-middle proxy connections to obtain two-factor authentication (2FA) codes, smishing services, and stolen credential management.
LabHost collected sensitive and personally identifiable information (PII), login credentials, and credit card information. Once a victim clicked a phishing page link and entered their details, LabHost servers received the captured information and delivered it to the customer.
The PhaaS platform’s infrastructure was used by approximately 10,000 users and stored over one million user credentials and nearly 500,000 compromised credit cards. This enabled scammers to commit identity theft, financial fraud, and money laundering.
Law enforcement agencies identified over 42,000 unique domains that were used to scam people. According to the FBI’s cyber division, the domains were registered between November 2021 and April 2024 and impacted over one million victims worldwide.
“FBI has not validated every domain name, and the list may contain typographical or similar errors from LabHost user input. The information is historical in nature, and the domains may not currently be malicious,” the FBI warns in a press release.
The full list of domain names used by LabHost users can be found at IC3. The FBI says it’s releasing this information to maximize awareness and provide indicators of compromise (IoC) that may be used by recipients for research and defense.
Your email address will not be published. Required fields are markedmarked