Online scams continue to evolve, targeting millions of unsuspecting users every year. The FBI scam list is one of the most trusted tools available to the public for identifying domains linked to phishing and cyber fraud. With phishing attacks becoming more organized, this official list provides valuable insight into how online criminals operate and how to stay protected.
In this post, ScamReader.info has compiled the FBI phishing domain list into an easy-to-read, downloadable format for research and public awareness. The list originates from verified FBI alerts and law enforcement records made publicly available to help curb cybercrime and assist users in identifying fraudulent domains before they cause harm.
Download the Complete FBI Scam List (TXT File) Here
Due to its length(over 42,000 verified phishing domains), the full FBI scam list is available as a downloadable file to prevent slow page loading.
Click here to download the full FBI scam list .TXT file.
This format allows for easy searching and offline reference using any text editor or spreadsheet tool.
What Is the FBI Scam List?
The FBI scam list is a curated compilation of web domains that the Federal Bureau of Investigation has linked to fraudulent activities such as phishing, data theft, and financial scams. These domains have been flagged or seized during investigations involving organized cybercrime networks and online fraudsters.
This particular update (October 2025) focuses on thousands of phishing websites that were part of a major international takedown targeting an illicit operation known as LabHost. This entity was one of the most notorious Phishing-as-a-Service (PhaaS) platforms in the world.
The Connection Between LabHost and the FBI Phishing Domain List
Many of the phishing domains included in this FBI scam list were linked to LabHost, an underground service that provided cybercriminals with everything they needed to launch large-scale phishing campaigns.
Between 2021 and April 2025, LabHost operated as a full-service phishing-as-a-service (PhaaS) platform, offering illegal tools and infrastructure to criminals worldwide. For a monthly subscription fee(typically US$179/month or US$249/month) customers gained access to:
- Professionally designed phishing kits, including fake login pages mimicking popular services like Amazon, Netflix, Wells Fargo, Bank of America, and Chase Bank.
- Automation tools for mass-sending phishing emails or SMS messages.
- Data harvesting systems that automatically capture victims’ login credentials, 2FA codes, and card details.
- Hosting and campaign management tools to keep the fake sites online and active.
Essentially, LabHost made phishing easy and scalable, enabling even unskilled individuals to deploy convincing scams in minutes.
According to the U.S. Department of Justice (DOJ) and Europol, LabHost’s infrastructure was used to support over 40,000 phishing campaigns targeting victims across North America, Europe, and Australia. The FBI and partner agencies launched a coordinated takedown in April 2025, resulting in:
- The arrest of at least 37 suspects in multiple countries, including Labhost’s creator, Zak Coyne, a Russian national.
- The seizure of four main domains, including lab-host.ru, under U.S. federal warrants.
- The dismantling of hundreds of servers that hosted stolen data and spoofed websites.
The seized LabHost domains, along with thousands of phishing sites linked to its customers, now appear in the updated FBI phishing domain list (October 2025) uploaded above.
Why LabHost Was Dangerous
LabHost was designed to mimic legitimate web services at a massive scale. Through its system, scammers could create fake versions of online banking portals, payment gateways, and e-commerce sites. Victims would receive an email or SMS prompting them to “verify” their account or make a payment, leading them to a cloned website that looked completely authentic.
Once users entered their login details or card information, the data was instantly sent to the scammer’s dashboard within the LabHost control panel. Some kits even captured two-factor authentication codes in real-time, allowing fraudsters to bypass additional security layers.
The FBI, together with the UK Metropolitan Police, Europol, and law enforcement agencies from Canada, Australia, and the United States, disrupted the platform in April 2025. This coordinated operation marked one of the largest phishing-as-a-service takedowns in history.
How This Relates to the FBI Alerts
The FBI’s public alerts serve as early warnings about ongoing or emerging cyber threats. Following the LabHost disruption, the Bureau published several notices highlighting the scale of the operation and advising individuals to verify any suspicious messages, especially those claiming to represent financial institutions.
The FBI alerts emphasized that even after the takedown, some domains or cloned services may still exist under new names or mirror sites. Therefore, users are urged to avoid any domains referencing “labhost” or similar naming patterns, as these may still be associated with residual phishing infrastructure or imitation services.
Purpose of Sharing This FBI Phishing Domain List
The primary purpose of publishing this FBI scam list on ScamReader.info is to raise awareness and promote proactive protection. With over 42,000 domains included, this dataset serves as both a reference and a warning for internet users, researchers, and cybersecurity analysts.
It allows users to:
- Check whether a suspicious domain has been reported by the FBI.
- Study the common naming patterns used by phishing sites.
- Learn how cybercriminals leverage services like LabHost to target individuals.
- Support ongoing public education against online fraud.
How the FBI Compiles and Releases These Alerts
The FBI phishing domain database is built using data collected from active investigations and cyber intelligence partnerships. It also incorporates reports from the Internet Crime Complaint Center (IC3).
Once the domains are confirmed to be malicious, they are shared with the public, ISPs, and cybersecurity companies. This action ensures rapid takedowns. The FBI then issues official alerts to guide users, organizations, and network administrators on how to avoid related scams.
This October 2025 update includes entries tied to LabHost and several other international phishing operations dismantled over the past year.
How to Use the FBI Scam List
The domains included in this FBI phishing list should never be visited directly. Even if the sites are offline, some may still host dangerous redirects or malware payloads.
Instead, users should:
- Copy and search the domain safely using a threat intelligence platform.
- Report active phishing domains to ScamReader.info.
- Educate others about the tactics used in these scams.
Stay Informed with FBI Alerts
ScamReader.info regularly tracks new FBI alerts and cybercrime investigations. Users can revisit this page for future updates. They can also subscribe to our newsletter for monthly summaries on major scam takedowns and phishing trends.
Recent alerts include:
- Fake cryptocurrency investment platforms.
- Phishing campaigns impersonating online banks and delivery companies.
- Data harvesting operations run via compromised WordPress sites.
Final Thoughts
The takedown of LabHost and the release of this FBI scam list mark a major victory against global phishing networks. But the fight is far from over. Scammers continuously adapt, using new platforms and domains to deceive the public.
Stay vigilant, check for official FBI alerts, and always verify any domain or message before sharing personal information. Together, we can reduce the reach and success of phishing operations worldwide.