leaksear.ch has indexed a DarkForums leak containing 45,122 records tied to an alleged July 2025 SSRF exploit by a user calling themselves “test55” (leaksear.ch metadata). The indexed data includes IP addresses, usernames, hostnames, and post IDs associated with users loading posts on darkforums.st (leaksear.ch metadata).
What happened
Cybernews reported on July 3, 2025 that it had received an email from “test55,” who claimed to have exploited DarkForums.st using server-side request forgery, or SSRF (cybernews.com). OWASP describes SSRF as a flaw where an attacker abuses server-side functionality to make the server read or submit data to unintended locations (owasp.org).
According to Cybernews, its researchers checked the claims and said they “might be legitimate,” while noting that DarkForums had launched a Tor service after the incident to protect users from leaking IP addresses. Cybernews also reported that DarkForums administrators had not commented on the alleged vulnerability, and that it was unclear whether the attacker caused additional damage beyond collecting IP addresses from people who viewed posts (cybernews.com).
DarkForums is not a conventional consumer service. Security firms describe it as a cybercrime forum used for data leaks, credentials, stealer logs, malware, and account-checking tools, with Flare reporting that former BreachForums members migrated there after BreachForums was taken down and SOCRadar describing it as a major English-language successor forum in 2026 (flare.io, socradar.io).
What data was exposed
The leaksear.ch metadata for this source lists 45,122 records. The searchable fields are IP address and username (leaksear.ch metadata).
Other stored fields include hostname and post_id. In practical terms, the dataset can associate a DarkForums handle and network identifier with a host value and a specific post context, but the supplied metadata does not identify passwords, email addresses, payment card data, or private messages among the indexed fields (leaksear.ch metadata).
Why this matters
For people who used DarkForums expecting anonymity, the exposure of IP addresses linked to usernames creates a correlation risk. Cybernews noted that IP leaks can undermine anonymity and may be useful to rival hackers, scammers, or investigators seeking to connect forum activity to a person or network (cybernews.com).
Security teams should treat any match as an investigative lead, not standalone proof of identity. Readers who used DarkForums or are investigating forum activity should check whether an IP address or username appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include ip address and username.