FBI seizes domains for Cracked.io, Nulled.to hacking forums
The FBI has seized the domains of the notorious hacking forums Cracked.io and Nulled.to, both known for their involvement in cybercrime, password theft, cracking, and credential stuffing attacks.
January 29, 2025 19:17
While some members engaged in ethical hacking discussions, the sites were largely seen as hubs for cybercriminal activities.
These platforms hosted content related to software cracks, hacking tools such as "configs" used in credential stuffing attacks (e.g., OpenBullet and SilverBullet), and other illicit operations, including a marketplace for "combo lists" containing stolen credentials or databases.
Users attempting to access these sites now encounter error messages like "Error 1000. DNS points to prohibited IP" and "Error 1016. Origin DNS error."
As of today, the FBI has taken control of these domains and changed their name servers from Cloudflare to ns1.fbi.seized.gov and ns2.fbi.seized.gov.
Cracked.io's administrators addressed the issue on their Telegram channel earlier today, attributing the outage to a data center problem.
"There is an active issue in our data center which the staff is working on. Hence, services remain offline until the issue is resolved. We will receive a detailed report later," they stated.
"We can only hope it is resolved without further complications. No estimated time for resolution at the moment. The current status from the data center suggests it may take up to one day."
In addition to Cracked.io and Nulled.to, the FBI has also seized domains used by:
MySellIX (mysellix.io) and SellIX (sellix.io), platforms that enabled users to set up online stores, which cybercriminals allegedly exploited to sell stolen data, software keys, and compromised accounts.
StarkRDP (starkrdp.io), a Windows RDP virtual hosting provider reportedly used by threat actors for credential stuffing attacks.
An FBI spokesperson was unavailable for immediate comment when contacted by BleepingComputer earlier today.
While the agency has yet to release official details on this series of seizures, all indications sggest a broader crackdown on platforms facilitating credential stuffing and the sale of stolen account credentials.
