Is darkforums.su a scam?

Our automated security review flags darkforums.su as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.

Is darkforums.su safe to use?

No — darkforums.su scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.

Does darkforums.su have a valid SSL certificate?

Yes. darkforums.su presents a valid TLSv1.3 certificate issued by Let's Encrypt · E7, expiring in 51 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.

Is darkforums.su on any phishing or malware blacklists?

No. darkforums.su is not currently listed on the major browser blocklist feeds that modern browsers use.

Where is darkforums.su hosted?

darkforums.su resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.

How often is the darkforums.su report updated?

We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

DANGEROUS

Critical risk detected

Our security stack flagged multiple threat indicators on this website. Don't enter personal information, deposit money, or download files.

Security Review

Is darkforums.su legit or a scam?

Name: Is darkforums.su legit or a scam?
Item: darkforums.su
Rating: 2
Author: MalwareTips

Our verdict:Dangerous· 25/100

SafeSuspiciousDangerous

Active cybercrime forum hosting stolen corporate databases, breach data, and illegal marketplace activity with confirmed tracking by threat-intelligence agencies.

Top reasons

Confirmed cybercrime forum specializing in stolen databases and breach data distribution.Tracked by multiple threat-intelligence firms as a major hub for corporate data leaks.WHOIS identity hidden via paid privacy service; registration approximately 3 months old.

darkforums.suScanned 1h ago

Post Facebook

Trust score

DANGEROUS

Heuristics 79·MT 8

Category tags

cybercrime forumdata breach hubillegal marketplace#Data Harvester92% MT confidence

Technical red flags (1)

Impersonates OpenAI / ChatGPT

Positive signals (3)

Not on major blacklists Encrypted connection Clean server reputation

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence

—

Data unavailable

Domain Age

—

Registration date unknown

MT Intelligence

Dangerous

Critical likelihood · 92% confidence

MT Intelligence

Advanced threat intelligence

MT Security Analyst

Critical scam likelihoodengineMT · Guardiantrust8/100

MT AgentLive web researchVisual inspectionNetwork correlation

Confidence

DarkForums.su operates as a dedicated cybercrime forum launched in November 2022, functioning as a successor to other breach-trading platforms. The site hosts stolen corporate databases, stealer logs, malware, and illegal marketplace activity, with over 100,000 registered members and documented rapid growth in 2025. Multiple threat-intelligence firms (KELA, Searchlight Cyber, SOCRadar, GetDarkScout) actively track the forum as a major hub for leaked corporate data. Independent security researchers flagged the domain with high-risk warnings, citing the young registration, hidden WHOIS identity, and the forum's known role in distributing breach data. The site itself has suffered data breaches exposing its userbase, and operators have been documented with weak operational security. While the forum is not a scam targeting end-users directly, it is a confirmed illegal marketplace and data-distribution platform.

Full dossier

Analysis complete

Page Content

The page displays a functional forum interface with multiple sections: General Leaks, Hacking, Cracking, Tech Marketplace, and Premium Staff areas. The body text shows active discussion threads, user counts, and recent posts. A Telegram channel link is prominently featured for updates. The forum maintains a 'Scam Reports' section for users to report fraudulent activity within the community itself.

Infrastructure

Hosted on IP 104.21.50.249 with valid SSL (Let's Encrypt, 51 days to expiry). The IP has an abuse score of 0/100 but carries 7 historical abuse reports. The domain loads external resources including a Tor hidden service (.onion), Telegram, and Cloudflare analytics. No antivirus detections were recorded during this scan, though sandboxes flag specific threads as malicious due to hosted breach data and tools.

Domain History

Registered approximately 3 months ago (mid-2023 per evidence); WHOIS identity is hidden via paid privacy service. The forum is documented as a spin-off of D4RK4RMY/DarkArmy and spiritual successor to RaidForums/BreachForums. Operators historically included Lucifer/1ucif3r; current operators are listed as AnonOne and Knox. The forum suffered a significant data breach in 2023 that exposed most of its userbase.

Web Reputation

Independent security researchers and threat-intelligence agencies (KELA, Searchlight Cyber, SOCRadar, GetDarkScout) actively track DarkForums.su as a major hub for leaked corporate data. The domain is referenced in law enforcement and intelligence contexts for hosting high-profile breaches (HTMedica, Ledil Immobilier, and various corporate databases). Multiple independent review sites flagged the domain with warnings for young registration, hidden ownership, and illegal marketplace activity.

Risk Factors

Confirmed cybercrime forum specializing in stolen databases and breach data distribution.
Tracked by multiple threat-intelligence firms as a major hub for corporate data leaks.
WHOIS identity hidden via paid privacy service; registration approximately 3 months old.
Forum operators documented with weak operational security; userbase exposed in 2023 data breach.
Hosts illegal marketplace sections for malware, hacking tools, and stolen credentials.
Referenced in law enforcement and intelligence reports for distributing high-profile corporate breaches.
Multiple independent security researchers assigned high-risk warnings to the domain.

Positive Signals

Valid SSL certificate issued by Let's Encrypt.
Hosting IP abuse score is 0/100 (no current active abuse flagging).
Forum maintains internal 'Scam Reports' section to police fraudulent users within the community.

AI Recommendation

Do not visit or interact with this site. DarkForums.su is a confirmed cybercrime forum used for trading stolen data, breach information, and illegal tools. Visiting the site exposes you to malware, phishing, and criminal activity. If you have concerns about data breaches affecting you, monitor your accounts through official channels and use identity-protection services instead.

Scam network detected

2 linked domains correlated

DarkForums operates multiple mirror domains (.st, .ac) to maintain availability. The forum is part of a broader cybercrime ecosystem including successor platforms to RaidForums and BreachForums. Operators maintain presence on Telegram for community coordination. The .onion hidden service (darkfoxaqhfpxkrbt7vxns2z2u2k72sgmqbzeorupaiottw3ecm2wgyd.onion) provides additional access routes.

darkforums.stdarkforums.ac

Next-gen fraud intelligence

Evidence-backedCross-checked

Website Preview

LIVE RENDER

darkforums.su

1Impersonates OpenAI / ChatGPT

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for darkforums.su, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration

No public record found

Could not match the site to a registered company — common for small sites.

Clone check

Not a clone

No well-known site's layout or branding detected here.

Typosquat check

No look-alike match

The domain doesn't resemble any well-known brand's spelling.

Web mentions

3 scam reports

Key findings

7 headline facts from open-web research

DarkForums.su is an active English-language cybercrime forum launched in November 2022 as a spin-off of D4RK4RMY/DarkArmy; spiritual successor to RaidForums/BreachForums focused on data breaches, stolen databases, stealer logs, malware, and
Domain registered approximately 3 months ago (per VirusTotal and Scamadviser as of mid-2026); WHOIS identity hidden; Scamadviser trust score 0 with warnings for young domain, hidden owner, and allowance of software/game downloads.
Forum itself suffered a data breach/leak in 2023 that exposed most of its userbase; operators (historically Lucifer/1ucif3r, now AnonOne and Knox) described as having weak operational security.
Multiple threat intelligence reports (KELA, Searchlight Cyber, SOCRadar, GetDarkScout) track it as a major hub for leaked corporate data with rapid growth in 2025 after BreachForums disruptions; over 100k members and high activity reported.
Forum maintains a dedicated "Scam Reports" section for reporting scamming users/sellers; some administrator exit-scam rumors circulated in 2025 but forum remains operational with multiple mirror domains (.st, .ac, etc.).
ANY.RUN and other sandboxes flag specific threads/links from the domain as malicious activity (often due to hosted breach data or tools); no widespread reports of the site itself delivering malware to visitors.
Referenced in law enforcement/intel contexts for hosting leaks (e.g., HTMedica, Ledil Immobilier, various corporate databases) but not directly attributed as a scam operation targeting end-users.

Scam reports (3)

Direct quotes from public scam databases, forums, and news.

Scamadviseropen
"the website might be a scam as we found several negative indicators for darkforums.su"
Reddit r/ScamCheckeropen
"darkforums.su is likely unsafe, check details in screenshot. Risk Level: High Risk."
Gridinsoftopen
"Darkforums.su Scam Check: Blacklist Warning (18/100 Trust Score)"

Research summary

Narrative write-up from our AI analyst, grounded on the facts above

Our research identified three independent security assessments flagging DarkForums.su as a high-risk cybercrime forum. independent review aggregator reported multiple negative indicators including young domain registration and hidden WHOIS identity, assigning a trust score of 18/100. Reddit's ScamChecker community classified the site as 'High Risk.' Gridinsoft's analysis confirmed the blacklist warning with an 18/100 trust score. Threat-intelligence agencies (KELA, Searchlight Cyber, SOCRadar, GetDarkScout) actively track the forum as a major hub for leaked corporate data, with documented references to high-profile breaches and over 100,000 registered members. The forum is referenced in law enforcement and intelligence contexts for distributing stolen corporate databases.

Security Scans

Blacklist Check

Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Sandbox Render

Sandbox capture incomplete — no traffic recorded

Requests made0

Unique IPs0

Countries0

Detected brandsNone

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found

No clear contact details on the page

Emails on site's domainNone

Phone numbers2023-2025 10

Postal addressNot listed

Linked social profiles3

Signal Summary

Several contact red flags

No contact email found anywhere on the page.
No postal address visible on the page.
Page impersonates OpenAI / ChatGPT on a non-official domain.

Phone number listed (2023-2025 10).
Links to 4 social profiles.

Domain & Encryption

Encryption Certificate

StatusValid

ProtocolTLSv1.3

IssuerLet's Encrypt · E7

ExpiresJul 30, 2026 (51d)

Self-signedNo

Hosting & Technology

HostingCloudflare, Inc.

Server locationUS

Web servercloudflare

Redirect Chain

Hops

Cross-domain

Lookalike

Punycode

1301http://darkforums.su/
2200https://darkforums.su/

Server Reputation

Hosting

CountryUnknown

NetworkUnknown

IP addressUnknown

Abuse Intelligence

Confidence score0%

Reports on file7

ISPCloudflare, Inc.

Usage typeContent Delivery Network

Scam-Type Likelihood

1 scam-type patterns detected

Scam-Type Likelihood

1 of 13 categories showed signals

We check every URL against 13 distinct scam categories so the verdict tells you not just how risky the page is, but what kind of risk it carries. Each meter pulls from page signals, web reports, our AI analyst, vision, and the scam-network cluster — not from raw AV labels.

Top match: Brand Impersonation

Brand Impersonation

Low-level signals

15/100

Page mentions OpenAI / ChatGPT (non-official domain).

Scam-Type Likelihood

1 of 13 categories showed signals

Top match: Brand Impersonation

Brand Impersonation

Low-level signals

15/100

Page mentions OpenAI / ChatGPT (non-official domain).

Brand impersonation detected

This page is styled as a known brand but is not the brand's real site.

Do not interact with darkforums.su
Do not enter credentials, deposit money, download files, or install browser extensions from this site.
Go to the brand's real site directly
Type the brand name into a search engine or open it from your bookmarks — don't use links from emails, SMS, ads, or social posts, which are the delivery vectors for impersonation.
Never download or sign in here
Even if the page "just" offers a download or a giveaway, impersonation pages frequently deliver malware or set up follow-up phishing. Assume anything accepted from this site is hostile.
Report the impersonation to the brand
Most major brands have a dedicated abuse or anti-phishing reporting channel — reporting helps them take the site down and protects other users.
Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing

Not listedCheck ↗

AbuseIPDB

Not listedCheck ↗

Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Referenced Domains

Outbound domains this page links to or loads resources from. Each links to its own security scan.

darkfoxaqhfpxkrbt7vxns2z2u2k72sgmqbzeorupaiottw3ecm2wgyd.onion t.me vshield.com i.imgur.com i.ibb.co x.com static.cloudflareinsights.com

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

Our automated security review flags darkforums.su as dangerous. Multiple threat indicators were detected — treat the site as a scam until proven otherwise.
No — darkforums.su scored 25/100 on our trust scale. We detected active threat indicators, so we recommend avoiding the site entirely.
Yes. darkforums.su presents a valid TLSv1.3 certificate issued by Let's Encrypt · E7, expiring in 51 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
No. darkforums.su is not currently listed on the major browser blocklist feeds that modern browsers use.
darkforums.su resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
We cache results for 24 hours. Signed-in MalwareTips members can trigger a manual rescan at any time using the "Rescan" button on the report page, which re-runs every check from scratch and refreshes this page.

Final Verdict

Trust / 100

Final Verdict·darkforums.su

DANGEROUS

DarkForums.su is an active cybercrime forum specializing in stolen databases, breach data, and illegal tools. Multiple independent security researchers and threat-intelligence firms track it as a major hub for corporate data leaks and criminal activity.

AV engines

—

MT passes

Net signals

Scan another URL

Security review completemalwaretips.com/url-scan

Recently scanned

Other Dangerous reports

ibs.royalcrowncorp.com

kettledroopingcontinuation.com

Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…

Loading comments…

This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.