web analytics

Exposing The “Denis Gennadievich Kulkov” a.k.a Kreenjo/Nordex/Nordexin/Try2Check Cybercriminal Enterprise – An Analysis – Source: securityboulevard.com

exposing-the-“denis-gennadievich-kulkov”-aka-kreenjo/nordex/nordexin/try2check-cybercriminal-enterprise-–-an-analysis-–-source:-securityboulevard.com
#image_title
Rate this post

Source: securityboulevard.com – Author: Dancho Danchev

Who would have thought? The U.S Secret Service is currently offering $10M reward for Denis Gennadievich Kulkov also known as Kreenjo/Nordex/Nordexin who’s particularly famous for running the infamous Try2Check credit card checking cybercriminal enterprise.

What’s so special about this individual is the fact that he’s also been running a well known money mule recruitment operation since 2016 using the World Issuer LLC money mule recruitment franchise based on my research using public sources where we’ve got the actual hxxp://worldissuer[.]biz domain registered using identical domain registration information such as for instance hxxp://try2services[.]cm including several other domains such as for instance hxxp://dam-shipping[.]com and hxxp://cloudnsman[.]org and the following domain which is hxxp://elementconstructiongroup[.]company.

Among the actual domains known to be part of the Try2Check cybercriminals enterprise include:

hxxp://try2services[.]pm

hxxp://try2services[.]cm

hxxp://try2services[.]vc

including the following domain:

hxxp://just-buy[.]it

including the following two ICQ numbers 855377 and 555724 and let’s don’t forget his personal email address accounts obtained using public sources which are [email protected] [email protected]

and it doesn’t get any better than this as we’ve got a pretty good and informative domain portfolio registered by the same individual based on public information sharing the same domain registration details such as for instance hxxp://worldissuer[.]biz which actually are:

hxxp://cloud-mine[.]me

hxxp://gpucloud[.]org

hxxp://hyperhost[.]info

hxxp://miservers[.]info

hxxp://carterdns[.]com

hxxp://reshipping[.]us

hxxp://keyserv[.]org

hxxp://antmining[.]biz

hxxp://investmentauditor[.]com

hxxp://sunnylogistics[.]us

hxxp://try2services[.]cm

hxxp://greatwallhost[.]net

hxxp://jaqjckugrfffqa[.]com

hxxp://numberoneforyou[.]net

hxxp://getprofitnow[.]biz

hxxp://avsdefender[.]com

hxxp://spyware-defender[.]com

hxxp://beta-dns[.]net

hxxp://mpm-profit-method[.]com

hxxp://public-dns[.]us – related including this

hxxp://adobe-update[.]net – Email: [email protected] related domains known to have been involved in the campaign include – hxxp://amazon-clouds[.]com; hxxp://microsoft-clouds[.]net; hxxp://telenet-cloud[.]com; hxxp://vmware-update[.]com

hxxp://kwitri[.]net

hxxp://dcm-trade[.]com

hxxp://karoospin[.]biz

hxxp://fastvps[.]biz

Stay tuned!

*** This is a Security Bloggers Network syndicated blog from Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge authored by Dancho Danchev. Read the original post at: https://ddanchev.blogspot.com/2023/05/exposing-denis-gennadievich-kulkov-aka.html

Original Post URL: https://securityboulevard.com/2023/05/exposing-the-denis-gennadievich-kulkov-a-k-a-kreenjo-nordex-nordexin-try2check-cybercriminal-enterprise-an-analysis/

Category & Tags: Security Bloggers Network – Security Bloggers Network

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

More Latest Published Posts