[COINBASECARTEL] – Ransomware Victim: Property Finder / PropSpace

AI Generated Summary of the Ransomware Leak Page

On November 4, 2025, a leak post associated with the victim Property Finder / PropSpace appeared on the CoinbaseCartel leak page. The victim is described as Property Finder / PropSpace, a Business Services company based in the United Arab Emirates (AE). The page presents a sparse entry; the body excerpt reads “Property Finder / PropSpace • CoinbaseCartel propertyfinder[.]ae,” with the domain defanged to propertyfinder[.]ae. The metadata indicates there is a claim URL linked to the post, but no additional content is shown in the excerpt. There are no downloads, no images, and no other links documented on the page (downloads_present is false; images_count and link_count are both zero). The key date provided is the post date (2025-11-04 19:13:12.419673); there is no separate compromise date given in the data. In the description field, the fragment “Samples on Friday/” appears, suggesting a teaser or partial content rather than a full data disclosure.

The post offers limited insight into the incident’s impact. The impact field is empty, and there are no stated encryption events, data exfiltration details, or ransom figures in the available text. The page contains no screenshots or media to corroborate the claim (images_count is 0), and there are no visible downloads or links beyond the implied claim URL. The presence of a defanged domain in the body excerpt indicates a link to additional content, but the current record remains a minimal disclosure. Focusing on the named victim, Property Finder / PropSpace, the leak appears to be a sparse note from CoinbaseCartel with little corroborating material in this record.