France
Technology
Data for Sale
Data From Domain Registrar and Host Netim Allegedly Offered for Sale, Including Source Code and Customer Records
A threat actor using the alias lucy is advertising a private, one-time sale of what they describe as comprehensive data from Netim.com, a French domain registrar and hosting provider, for $5,000 in cryptocurrency. Per the listing, the data includes a 16.5 million-document Elasticsearch cluster covering payments, sales, domains, support tickets, hosting, affiliates, SSL details, and staff accounts; an internal database dump with customer master records (names, addresses, phone numbers, emails, password hashes, account balances, and VAT details) dated up to March 2024; SQL dumps from billing, hosting, and production systems; and complete source-code repositories with configuration files, credentials, and internal infrastructure layouts. The seller says samples will be provided only after proof of funds. The claim is unverified.
France▣Post details
France!Allegedly included
- 16.5M Elasticsearch documents
- Customer master records
- Password hashes
- Payments & account balances
- VAT & reseller / affiliate data
- SSL details & support tickets
- Source code (full Git history)
- Config files, credentials, infra layouts
◱Screenshot
⚠Potential impact
This is a critical-severity listing because the target is a domain registrar and hosting provider, and the claimed data reaches deep into both customer records and the provider's own infrastructure. If genuine, the customer side (names, addresses, phones, emails, password hashes, account balances, and VAT details across millions of documents) enables identity theft, financial fraud, and credential attacks, while the provider side (SSL details, source code with credentials, configuration files, and internal infrastructure layouts) is far more dangerous: it could facilitate domain hijacking, interception of encrypted traffic, and compromise of hosted customer websites and the registrar's own systems. Because registrars sit at the root of domain and certificate trust, a breach of this kind can cascade to the provider's entire customer base. That said, the main database is dated to March 2024, and as an unverified sale offer with samples withheld pending payment, the claim may be exaggerated or recycled from an earlier incident. No sample data, credentials, or seller contact details are reproduced here.
iStatus
UnverifiedThis is a sale listing offering samples only after proof of funds; no samples, credentials, or the seller's or middlemen's contact details are reproduced here. Part of the data is dated to March 2024, which may indicate older or recycled material. The claim has not been independently confirmed and Netim has not publicly addressed it. If accurate, the exposure of credentials, SSL details, and source code would warrant urgent credential rotation and customer notification.
DARK WEB INFORMER - THREAT INTELLIGENCE