Blog

COURT DOC: Justice Department Seizes Four Web Domains Used to Create Over 40,000 Spoofed Websites and Store the Personal Information of More Than a Million Victims

Default Author Image
April 22, 2024

“The Justice Department announced today the seizure of four domains used by the administrators and customers of a domain spoofing service. The domain seizures were authorized pursuant to seizure warrants issued in the Western District of Pennsylvania and were executed in coordination with the arrest of dozens of administrators and customers of the illicit service by foreign law enforcement agencies.”

“According to court records, the United States obtained authorization to seize the domains as part of an investigation of the spoofing service operated through the Lab-host.ru domain (LabHost), which resolves to a Russian internet infrastructure company. LabHost provided online infrastructure and interactive functionality for its subscription-based services. According to court records, customers of LabHost used its services to create and manage spoofed websites designed to look like the legitimate websites of businesses such as Amazon, Netflix, Wells Fargo, Bank of America, and Chase Bank. LabHost customers used the spoofed websites to lure unwitting victims into disclosing their personally identifiable information (PII) — e.g., date of birth, email address, password, address, and credit card information — on the websites the victims believed were legitimate. In turn, according to court documents, LabHost’s customers used the stolen PII to engage in unauthorized financial transactions at the expense of the victims. As outlined in court records, LabHost has been used to create over 40,000 spoofed websites, and its infrastructure has stored over one million user credentials and nearly 500,000 compromised credit cards.”

“The warrants authorized the seizure of the following four domains associated with application programming interface (API) services used to install spoofed websites and manage LabHost’s phishing and credential-theft operations: Instapi-1xoa93z90o348fz.co, Api2-4hdfix74ks.co, Api1-9kcpqcf7olw1w300w3m6.cc, and Api-d789342789342uy432hjf87df87dfk.cc. The four LabHost API domains were registered to NameSilo, LLC, a third-party webhosting service based in the United States. According to court records, the seized domains represented property used to commit violations of federal criminal law, including access device fraud, computer fraud, wire fraud, identity theft, and money laundering.”

“The effect of the domain seizures was to shut down the LabHost platform.” (Source: US Department of Justice)

Begin your free trial today.