According to court records, the United States obtained authorization to seize the domains as part of an investigation of the spoofing service operated through the Lab-host.ru domain (LabHost), which resolves to a Russian internet infrastructure company. LabHost provided online infrastructure and interactive functionality for its subscription-based services. According to court records, customers of LabHost used its services to create and manage spoofed websites designed to look like the legitimate websites of businesses such as Amazon, Netflix, Wells Fargo, Bank of America, and Chase Bank. LabHost customers used the spoofed websites to lure unwitting victims into disclosing their personally identifiable information (PII)—e.g., date of birth, email address, password, address, and credit card information—on the websites the victims believed were legitimate.