SBN

Exposing The "Denis Gennadievich Kulkov" a.k.a Kreenjo/Nordex/Nordexin/Try2Check Cybercriminal Enterprise – An Analysis

Who would have thought? The U.S Secret Service is currently offering $10M reward for Denis Gennadievich Kulkov also known as Kreenjo/Nordex/Nordexin who’s particularly famous for running the infamous Try2Check credit card checking cybercriminal enterprise.

What’s so special about this individual is the fact that he’s also been running a well known money mule recruitment operation since 2016 using the World Issuer LLC money mule recruitment franchise based on my research using public sources where we’ve got the actual hxxp://worldissuer[.]biz domain registered using identical domain registration information such as for instance hxxp://try2services[.]cm including several other domains such as for instance hxxp://dam-shipping[.]com and hxxp://cloudnsman[.]org and the following domain which is hxxp://elementconstructiongroup[.]company.
Among the actual domains known to be part of the Try2Check cybercriminals enterprise include:
hxxp://try2services[.]pm
hxxp://try2services[.]cm
hxxp://try2services[.]vc
including the following domain:
hxxp://just-buy[.]it

including the following two ICQ numbers 855377 and 555724 and let’s don’t forget his personal email address accounts obtained using public sources which are [email protected] [email protected]

and it doesn’t get any better than this as we’ve got a pretty good and informative domain portfolio registered by the same individual based on public information sharing the same domain registration details such as for instance hxxp://worldissuer[.]biz which actually are:

hxxp://cloud-mine[.]me
hxxp://gpucloud[.]org
hxxp://hyperhost[.]info
hxxp://miservers[.]info
hxxp://carterdns[.]com
hxxp://reshipping[.]us
hxxp://keyserv[.]org
hxxp://antmining[.]biz
hxxp://investmentauditor[.]com
hxxp://sunnylogistics[.]us
hxxp://try2services[.]cm
hxxp://greatwallhost[.]net
hxxp://jaqjckugrfffqa[.]com
hxxp://numberoneforyou[.]net
hxxp://getprofitnow[.]biz
hxxp://avsdefender[.]com
hxxp://spyware-defender[.]com
hxxp://beta-dns[.]net
hxxp://mpm-profit-method[.]com
hxxp://public-dns[.]us – related including this
hxxp://adobe-update[.]net – Email: [email protected] related domains known to have been involved in the campaign include – hxxp://amazon-clouds[.]com; hxxp://microsoft-clouds[.]net; hxxp://telenet-cloud[.]com; hxxp://vmware-update[.]com
hxxp://kwitri[.]net
hxxp://dcm-trade[.]com
hxxp://karoospin[.]biz
hxxp://fastvps[.]biz

Claroty
Stay tuned!

*** This is a Security Bloggers Network syndicated blog from Dancho Danchev's Blog - Mind Streams of Information Security Knowledge authored by Dancho Danchev. Read the original post at: https://ddanchev.blogspot.com/2023/05/exposing-denis-gennadievich-kulkov-aka.html