Archive for May, 2010

May 19 2010

PRC based members of

Published by under Cyber Crime

@Jhaddix posted something that caught my attention on twitter earlier today. It mentioned that the well-known cc trading site had been compromised and that all of the user accounts, password hashes and some IP access logs were exposed here. I thought it might be interesting to find out if there were any well-known PRC connections so I quickly wrote a script to geolocate the IP addresses and found only one China-based IP (with a .ru email tld):

7742:N-Skyline:,2010,17:44:34 (Beijing)

There were some .cn email addresses too:

This is also interesting:

12519:bifrostilo:,2010,00:00:09 (HK)


As an afterthought – before people start commenting, I thought I should mention that I’m aware that .cn and geoip do not necessarily mean that the person using that IP address or tld is/are physically located in the PRC. Thanks for not commenting about that.

6 responses so far