Cybercrime Forum XSS Returns on Mirror and Dark Web Day After Seizure

Cybercrime Forum XSS Returns on Mirror and Dark Web Day After Seizure

On July 23, 2025, as reported by Hackread.com, the cybercrime community lost one of its oldest and most notorious forums, XSS, after law enforcement authorities seized the site and arrested its suspected administrator in Ukraine.

The arrest led to the seizure of the forum’s main domain, XSS.IS, which now displays a notice from Europol, French and Ukrainian authorities. However, the forum’s dark web (.onion) and mirror domains did not show a seizure notice but instead returned a 504 Gateway Timeout error.

As of July 24, Hackread.com can confirm that the XSS forum is back online via both its mirror and .onion domains. While it is unclear whether this is a honeypot set up by authorities, one of the forum’s administrators has posted claiming the infrastructure was not affected by the seizure and that a replacement is in progress.

XSS admin explaining the situation – The original message was published in the Russian language, we translated it to English for our readers via AI (Image credit: Hackread.com)

Some users on the forum remain skeptical, suggesting the administrator account that posted the update may now be controlled by law enforcement as part of a honeypot to track visitors.

Still, a full return of XSS would not be surprising. Previously, BreachForums’ seized domain was reclaimed by its administrators, the ShinyHunters group, right under the FBI’s nose. The forum remained operational for nearly a year before being shut down, with administrators citing a MyBB vulnerability used to track users, amid growing law enforcement pressure on both forum staff and members.

At the time of writing, both the XSS forum’s .onion and clearnet mirror domains are online. Heavy activity is visible on the .onion domain, with users discussing the situation and speculating about the forum’s future. Moderators have advised users to access the site only through the .onion domain for signing in.

Cybercrime Forum XSS Returns on Mirror and Dark Web 1 Day After Seizure
One of the XSS mods urging users to only use the forum’s .onion domain – The original message was published in the Russian language, we translated it to English for our readers via AI (Image credit: Hackread.com)

The quick reappearance of XSS raises more questions than answers. While its domains are back online and activity has resumed, doubts remain about who controls the forum and whether it can regain full functionality. While law enforcement continues to target cybercrime infrastructure, XSS’s future hangs in the balance.




Source link