May 19 2010
@Jhaddix posted something that caught my attention on twitter earlier today. It mentioned that the well-known cc trading site carders.cc had been compromised and that all of the user accounts, password hashes and some IP access logs were exposed here. I thought it might be interesting to find out if there were any well-known PRC connections so I quickly wrote a script to geolocate the IP addresses and found only one China-based IP (with a .ru email tld):
There were some .cn email addresses too:
PWND # MESUT:7e1869df98aa93e3e5b5c473063499ca::PWNEDMESUT@w.cn
This is also interesting:
As an afterthought – before people start commenting, I thought I should mention that I’m aware that .cn and geoip do not necessarily mean that the person using that IP address or tld is/are physically located in the PRC. Thanks for not commenting about that.
6 Responses to “PRC based members of carders.cc”