FBI seizes domains for Cracked.io, Nulled.to hacking forums

The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks.

While some of their members also engaged in ethical hacking discussions, the sites were widely regarded as a hub for cybercriminal activity.

They also hosted content related to software cracks, hacking tools like "configs" used by credential stuffing attack tools (e.g., OpenBullet and SilverBullet), and other illicit activities, including a "combo lists" marketplace with stolen credentials or databases.

When trying to open the sites, web browsers display "Error 1000. DNS points to prohibited IP" and Error 1016. Origin DNS error" messages.

Today, the FBI seized the forums' domains and changed their name servers to ns1.fbi.seized.gov and ns2.fbi.seized.gov from their previous Cloudflare name servers.

Cracked.io's staff published an announcement on their Telegram channel earlier today, blaming a data center issue for the ongoing access problems.

"There is an active issue in our data centre which the staff is working on. Hence services remain offline till the issue is resolved. We will get detailed report later," they said.

"We can only hope it is resolved without further issue. No estimated time at this moment. The current status from data centre is that it may take up to 1 day."

Today, the FBI also seized the domains used by:

MySellIX (mysellix.io) and SellIX (sellix.io), two platforms that allow users to create their own online stores that threat actors also used to sell stolen data, software keys, and compromised accounts, and StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider that some threat actors allegedly used for credential stuffing attacks.

An FBI spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

While the law enforcement agency has yet to share more information about this wave of seizures, all signs point to a crackdown on platforms involved in credential stuffing and stolen account credentials.