Online underground forums serve a key role in facilitating information exchange and commerce between gray market or even cybercriminal actors. In order to streamline bilateral communication to complete sales, merchants often publicly post their IM contact details, such as their Skype handle. Merchants that publicly post their Skype handle potentially leak information, since Skype has a known protocol flaw that reveals the IP address(es) of a user when they are online. In this paper, we collect Skype handles of merchants from three underground forums-AntiChat, BlackHat World and Hack Forums-and longitudinally monitor their network behavior. Our analysis of their network behavior provides a rich profile of their likely locations, network behavior, work habits, and other dynamics. In particular, we show that these merchants do not frequently use VPN services, and even when they do, they often leak their likely geolocation by also directly using residential and cellular IP addresses.