FBI seizes domains for Cracked.io, Nulled.to hacking forums

The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks.

While some of their members also engaged in ethical hacking discussions, the sites were widely regarded as a hub for cybercriminal activity.

They also hosted content related to software cracks, hacking tools like “configs” used by credential stuffing attack tools (e.g., OpenBullet and SilverBullet), and other illicit activities, including a “combo lists” marketplace with stolen credentials or databases.

When trying to open the sites, web browsers display “Error 1000. DNS points to prohibited IP” and Error 1016. Origin DNS error” messages.

Today, the FBI seized the forums’ domains and changed their name servers to ns1.fbi.seized.com and ns2.fbi.seized.com from their previous Cloudflare name servers.

Cracked.io’s staff published an announcement on their Telegram channel earlier today, blaming a data center issue for the ongoing access problems.

“There is an active issue in our data centre which the staff is working on. Hence services remain offline till the issue is resolved. We will get detailed report later,” they said.

“We can only hope it is resolved without further issue. No estimated time at this moment. The current status from data centre is that it may take up to 1 day.”

Today, the FBI also seized the domains used by:

• MySellIX (mysellix.io), a platform that allows users to create their own online stores, but which was also used by threat actors to sell stolen data, software keys, and compromised accounts, and
• StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider that some threat actors allegedly used for credential stuffing attacks.

An FBI spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

While the law enforcement agency has yet to share more information about this wave of seizures, all signs point to a crackdown on platforms involved in credential stuffing and stolen account credentials.