FBI Uncovers 42,000 Phishing Domains Tied to LabHost ‘Phishing-as-a-Service’ Operation

The Federal Bureau of Investigation (FBI) has published a comprehensive list of 42,000 phishing domains tied to the now-dismantled LabHost phishing-as-a-service (PhaaS) platform, marking a significant development in the fight against global cybercrime.

The disclosure, released via an FBI FLASH alert on April 29, 2025, aims to arm cybersecurity professionals and organizations with crucial indicators of compromise, helping to bolster defenses against ongoing and future phishing threats.

LabHost: A Major Cybercrime Facilitator

LabHost, operational from November 2021 until its takedown in April 2024, was one of the largest and most sophisticated PhaaS providers.

At its peak, the platform boasted around 10,000 users worldwide and enabled cybercriminals to impersonate over 200 legitimate organizations-including major banks, government agencies, postal services, and streaming platforms.

For a monthly fee ranging from $179 to $300, subscribers gained access to customized phishing kits, infrastructure support, and advanced features such as adversary-in-the-middle proxy attacks to bypass two-factor authentication (2FA), as well as SMS-based phishing (smishing) services.

The scale of LabHost’s operations was staggering. According to the FBI, the platform’s infrastructure stored over one million user credentials and nearly 500,000 compromised credit cards, fueling widespread financial theft, fraud, and money laundering.

Investigators estimate that more than a million individuals worldwide may have fallen victim to these attacks.

International Takedown and Ongoing Risks

LabHost was dismantled in April 2024 following a coordinated international law enforcement operation involving agencies from 19 countries.

The crackdown resulted in 70 searches and 37 arrests, including key operators in the United Kingdom.

The FBI obtained the list of phishing domains and their creation dates directly from LabHost’s backend servers during the operation.

While many of the disclosed domains may no longer be active, the FBI urges organizations to review historical network logs for connections to these domains and to consider blacklisting them to prevent potential future threats.

The Bureau emphasizes that the list provides valuable intelligence for identifying past breaches, improving phishing detection models, and understanding adversary tactics.

Organizations detecting suspicious activity linked to these domains are encouraged to report findings to their local FBI field office and to take immediate incident response actions.

This unprecedented disclosure underscores the evolving and commercialized nature of cybercrime, as well as the importance of global collaboration in disrupting criminal infrastructure and protecting digital assets.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates

The post FBI Uncovers 42,000 Phishing Domains Tied to LabHost ‘Phishing-as-a-Service’ Operation appeared first on Cyber Security News.