Researchers at Tokyo Metropolitan University in Japan have introduced PhishLumos, an automated threat detection system designed to map and dismantle phishing campaigns by analyzing network infrastructure rather than webpage content. Led by Associate Professor Daiki Chiba, the research team engineered the platform to counter a persistent cybersecurity challenge: cloaking techniques that mask malicious payloads from conventional scanners. Rather than treating content obfuscation as an evasion tactic, PhishLumos utilizes it as an activation signal. Upon detecting cloaking indicators, the system scans backend infrastructure, including IP allocations, server configurations, and routing pathways. These digital fingerprints are aggregated into a structured Knowledge Base graph, reconstructing the complete architecture of a phishing operation and linking seemingly unrelated domains to their originating network. During a six-month operational trial, the system processed an initial set of 600 seed URLs and subsequently identified more than 190,000 associated endpoints. Independent verification confirmed that 92 percent of these newly discovered links were malicious. PhishLumos also reduced average campaign detection time by eight days compared to manual analysis by cybersecurity experts. By bypassing frontend content review, the platform significantly outperformed traditional content-centric detection models, which are increasingly ineffective against rapidly generated and dynamically altered phishing sites. The development addresses a critical gap in modern digital defense. Phishing remains a high-volume threat that undermines consumer trust and financial security by impersonating verified institutions. Conventional defense strategies rely heavily on page-level analysis, a method that struggles to scale against automated attack generation. PhishLumos shifts this operational model by exploiting the inevitable network traces left during infrastructure deployment. The resulting Knowledge Base framework allows security operators to visualize attack clusters, predict related infrastructure, and disrupt campaigns before they scale. Validated through extensive real-world testing, PhishLumos establishes a scalable framework for infrastructure-driven threat intelligence. Its capacity to automate network mapping and accelerate detection timelines provides organizations with a robust, forward-looking defense against increasingly sophisticated cybercriminal operations.