Blog Trainings Request a Demo Login
Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | Dark Web Posts Claim Argaam User Data, Paage Records, and Airport Database
Table Of Content
Related Articles
SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: Vect Ransomware
Dark Web Profile: Vect Ransomware
Jun 05, 2026
SOCRadar® Cyber Intelligence Inc. | Top 10 Cyber Threat Actors Targeting Brazil
Top 10 Cyber Threat Actors Targeting Brazil
Jun 03, 2026
SOCRadar® Cyber Intelligence Inc. | Top 10 Dark Web Search Engines
Top 10 Dark Web Search Engines
Jun 03, 2026
SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: BlindEagle
Dark Web Profile: BlindEagle
Jun 02, 2026
SOCRadar® Cyber Intelligence Inc. | Italian Hospitality and AT&T Data Claims, Hinge Dump Sale, Meta Llama Leak, and MobiFriend Dataset
Italian Hospitality and AT&T Data Claims, Hinge Dump Sale, Meta Llama Leak, and MobiFriend Dataset
Jun 01, 2026
Free Dark Web Report
Is your Domain/Email Exposed?
Feb 02, 2026
4 Mins Read
Moon

Dark Web Posts Claim Argaam User Data, Paage Records, and Airport Database

SOCRadar’s Dark Web Team identified several new underground listings this week, including alleged database sales linked to Argaam, Paage, and Beirut–Rafic Hariri International Airport. The posts referenced user account data, transactional and customer records, and airport-related operational information.

Another listing sought technical partnerships focused on cryptography and payload protection, suggesting potential malware development activity. All details are based on threat actor claims and shared materials and remain unverified.

Receive a Free Dark Web Report for Your Organization:

The Alleged Customer Database of Argaam is on Sale

The Alleged Customer Database of Argaam is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged user database linked to Argaam, a financial news and market data provider serving investors across the Gulf region. The threat actor claims the dataset contains approximately 2 million records.

According to the post, the compromised data allegedly includes full names, email addresses, phone numbers, passwords, display names, user IDs, account status indicators, MFA status, subscription and access levels, and account creation and update timestamps. The threat actor shared a screenshot of an administrative-style interface labeled All Users, showing paginated user records as proof of access.

The Alleged Database of Paage is on Sale

The Alleged Database of Paage is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged database linked to Paage, a platform used by creators and merchants for link-in-bio and e-commerce functionality, with infrastructure reportedly associated with Lama.co. The threat actor claims the dataset contains nearly 33 million rows of data and impacts multiple storefronts operating on the same backend.

According to the listing, the alleged compromise affects order data, customer records, and gift card–related information. Merchants named in the post include several independent storefronts, suggesting a platform-level exposure rather than a single-shop incident. Samples shared by the threat actor indicate the presence of transactional and personal data tied to end customers.

The Alleged Database of Beirut Airport is on Sale

The Alleged Database of Beirut Airport is on Sale

SOCRadar Dark Web Team detected a threat actor post on a dark web forum advertising the sale of an alleged database linked to Beirut–Rafic Hariri International Airport. The threat actor claims the offering represents a complete airport database and lists it for sale at $4,200.

According to the post, the alleged dataset includes user information, flight-related records, SMS logs, and additional operational data. The threat actor shared screenshots showing table structures and sample entries, suggesting access to scheduling and passenger-related information.

New Partnership Searching Post is Detected

New Partnership Searching Post is Detected

SOCRadar Dark Web Team detected a threat actor post on a dark web forum seeking partnership and technical collaboration. The post appears to target experienced C/C++ developers with a focus on software-based cryptography and payload protection.

The threat actor claims to operate a proprietary cryptosystem supporting continuous encryption of EXE, DLL, and shellcode formats, positioning the capability as suitable for large-scale malware distribution and evasion-focused operations. The post emphasizes mass deployment use cases and ongoing stack-cleaning functionality.

From a threat perspective, partnership-seeking posts centered on custom cryptography and loader optimization often indicate attempts to scale malware operations or commercialize tooling within the underground ecosystem. Such recruitment activity is commonly observed ahead of new malware variants or expanded distribution campaigns, with communication directed via Telegram and other encrypted channels.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.