CyberSecurityBoard
Sponsor Register Login

FBI shares massive list of 42,000 LabHost phishing domains

The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. The list can also be used by security teams to retrospectively scan logs from November 2021 to April 2024 to detect past connections to these domains and identify previously undetected breaches. Ultimately, the list can help cybersecurity professionals analyze domain patterns in PhaaS platforms, aid attribution and intelligence correlation, and provide realistic data for phishing detection model training. The published domains were registered between November 2021 and April 2024, the time of its seizure, and are being shared to increase awareness and provide indicators of compromise. Though it launched in 2021, it was in late 2023/early 2024 when LabHost turned into one of the major players in the PhaaS market, having surpassed established entities in popularity and attack volume. LabHost was a major PhaaS platform that sold access to an extensive set of phishing kits targeting U.S. and Canadian banks for between $179 and $300 per month. "FBI has not validated every domain name, and the list may contain typographical or similar errors from LabHost user input," explains the FBI. Although the LabHost operation is no longer active and the shared 42,000 domains are not likely currently used in malicious operations, there's still significant value for cybersecurity firms and defenders. In April 2024, a global law enforcement operation backed by investigations in 19 countries led to the dismantling of the platform, which at the time had 10,000 customers worldwide. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. First, the domain list can be used to create a blocklist to mitigate the risk of threat actors recycling or re-registering any of them in future attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 30 Apr 2025 16:05:16 +0000


Cyber News related to FBI shares massive list of 42,000 LabHost phishing domains

FBI shares massive list of 42,000 LabHost phishing domains - The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. The list can also be used by security teams to retrospectively ...
1 month ago Bleepingcomputer.com
42,000 Phishing Domains Linked to the LabHost PhaaS Service - “The platform enabled cyber criminals to impersonate more than 200 organizations, including major banks and government institutions, in an effort to collect personal information and banking credentials from unsuspecting victims ...
1 month ago Cybersecuritynews.com
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains - The two main advantages of detecting stockpiled domains are expanding coverage of malicious domains and providing patient-zero detections as attackers stock up on domains for future use. As of July 2023, our detection pipeline has found 1,114,499 ...
1 year ago Unit42.paloaltonetworks.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
FBI Director: FISA 702 warrant requirement 'de facto ban' The Register - FBI director Christopher Wray made yet another impassioned plea to US lawmakers to kill a proposed warrant requirement for so-called "US person queries" of data collected via the Feds' favorite snooping tool, FISA Section 702. This controversial ...
1 year ago Theregister.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
1 year ago Bleepingcomputer.com LockBit Noescape
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
1 year ago Bleepingcomputer.com LockBit Noescape
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
FBI: Royal ransomware asked 350 victims to pay $275 million - The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. In an update to the original advisory published in March with additional information ...
1 year ago Bleepingcomputer.com Blacksuit
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
BlackCat Ransomware Raises Ante After FBI Disruption - The U.S. Federal Bureau of Investigation disclosed today that it infiltrated the world's second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang's darknet website, and released ...
1 year ago Krebsonsecurity.com
Threat Actors Registered 26k+ Domains Mimic Brands to Trick Users - These malicious domains serve as landing pages for sophisticated smishing (SMS phishing) campaigns, where unsuspecting users receive text messages containing links to what appear to be legitimate services. The domains follow specific naming patterns ...
1 month ago Cybersecuritynews.com Cloak
FBI's latest defense of warrantless S. 702 snooping is China The Register - Analysis The FBI's latest PR salvo, as it fights to preserve its warrantless snooping powers on Americans via FISA Section 702, is more big talk of cyberattacks by the Chinese government. Wray cited an example he's used previously about how, last ...
1 year ago Go.theregister.com Volt Typhoon
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Over 800 Phony "Temu" Domains Lure Shoppers into Credential Theft - Stay alert against Temu phishing scams: Cybersecurity experts warn of scammers using fake giveaways to steal credentials. Over 800 new 'Temu' domains registered in the past 3 months. Temu is the latest brand chosen by scammers for their phishing ...
1 year ago Hackread.com
InfectedSlurs Botnet Spreads Mirai via Zero-Days - The payload targets routers and network video recorder devices with default admin credentials and installs Mirai variants when successful. Until November 9, 2023, the vulnerable devices being targeted were unknown. Since both the name and the version ...
1 year ago Akamai.com
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials - Security analysts note that these toll scam campaigns achieve approximately 5% success rates – substantially higher than traditional email phishing attacks – demonstrating the effectiveness of this multi-stage approach that combines SMS messaging ...
2 months ago Cybersecuritynews.com
Cloudflare loses 22% of its domains in Freenom.tk shutdown - A staggering 12.6 million domains on TLDs controlled by Freenom have been shut down and no longer resolve, leading to a significant reduction in the number of websites hosted by Cloudflare. The disappearance of these websites was spotted during our ...
1 year ago Netcraft.com
FBI warns of gift card fraud ring targeting retail companies - The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. Tracked as Storm-0539, this hacking group ...
1 year ago Bleepingcomputer.com
Researchers Hunted Malicious Stockpiled Domains DNS Records - Malicious stockpiled domains are the collection of domain names that threat actors acquire in advance for several types of future malicious activities like:-. While all these domains are often kept unused initially to evade detection, and then later ...
1 year ago Cybersecuritynews.com
How the FBI Infiltrated the Hive Ransomware Gang Systems - The FBI has recently infiltrated the systems of the Hive ransomware gang, one of the most sophisticated and successful global cybercrime gangs. This infiltration is a major victory for the FBI in its fight against ransomware, cybercrime, and other ...
2 years ago Bleepingcomputer.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
1 year ago Hackread.com
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack - The recent discovery of a website supply chain attack using the cdn. Polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become ...
11 months ago Imperva.com
Police takes down BulletProftLink large-scale phishing provider - The notorious BulletProftLink phishing-as-a-service platform that provided more than 300 phishing templates has been seized, the Royal Malaysian Police announced. The operation started in 2015 but came to researchers' radar later and became more ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)