Exposing The "Denis Gennadievich Kulkov" a.k.a Kreenjo/Nordex/Nordexin/Try2Check Cybercriminal Enterprise - An Analysis

Who would have thought? The U.S Secret Service is currently offering $10M reward for Denis Gennadievich Kulkov also known as Kreenjo/Nordex/Nordexin who's particularly famous for running the infamous Try2Check credit card checking cybercriminal enterprise.

What's so special about this individual is the fact that he's also been running a well known money mule recruitment operation since 2016 using the World Issuer LLC money mule recruitment franchise based on my research using public sources where we've got the actual hxxp://worldissuer[.]biz domain registered using identical domain registration information such as for instance hxxp://try2services[.]cm including several other domains such as for instance hxxp://dam-shipping[.]com and hxxp://cloudnsman[.]org and the following domain which is hxxp://elementconstructiongroup[.]company.

Among the actual domains known to be part of the Try2Check cybercriminals enterprise include:

hxxp://try2services[.]pm

hxxp://try2services[.]cm

hxxp://try2services[.]vc

including the following domain:

hxxp://just-buy[.]it

including the following two ICQ numbers 855377 and 555724 and let's don't forget his personal email address accounts obtained using public sources which are polkas@bk.ru nordexin@ya.ru

and it doesn't get any better than this as we've got a pretty good and informative domain portfolio registered by the same individual based on public information sharing the same domain registration details such as for instance hxxp://worldissuer[.]biz which actually are:

hxxp://cloud-mine[.]me

hxxp://gpucloud[.]org

hxxp://hyperhost[.]info

hxxp://miservers[.]info

hxxp://carterdns[.]com

hxxp://reshipping[.]us

hxxp://keyserv[.]org

hxxp://antmining[.]biz

hxxp://investmentauditor[.]com

hxxp://sunnylogistics[.]us

hxxp://try2services[.]cm

hxxp://greatwallhost[.]net

hxxp://jaqjckugrfffqa[.]com

hxxp://numberoneforyou[.]net

hxxp://getprofitnow[.]biz

hxxp://avsdefender[.]com

hxxp://spyware-defender[.]com

hxxp://beta-dns[.]net

hxxp://mpm-profit-method[.]com

hxxp://public-dns[.]us - related including this

hxxp://adobe-update[.]net - Email: krownymaradonna@onionmail.org related domains known to have been involved in the campaign include - hxxp://amazon-clouds[.]com; hxxp://microsoft-clouds[.]net; hxxp://telenet-cloud[.]com; hxxp://vmware-update[.]com

hxxp://kwitri[.]net

hxxp://dcm-trade[.]com

hxxp://karoospin[.]biz

hxxp://fastvps[.]biz

Stay tuned!

Exposing Hacking Team GhostSec - An Analysis

In this post I'll profile Hacking Team GhostSec and I'll provide all the relevant and necessary IoCs (Indicators of Compromise) including all the relevant personally identifiable information in terms of assisting U.S Law Enforcement and the U.S Intelligence Community on its way to properly track down and monitor and prosecute the cybercriminals behind these campaigns.

Personal Photos:

Related IoCs and personally identifiable information for GhostSec:

Official Web Site URL: hxxp://opiceisis.strangled.net

Official Web Site URL: hxxp://81.4.124.11/index.php

Official Web Site URL: hxxp://pst.klgrth.io

Official Group's Twitter account: hxxp://twitter.com/ghost_s3curity

Official Group's Telegram account: hxxp://t.me/GhostSecc

Official Group's Medium account: hxxp://medium.com/@OfficialGhostSec

Official Group's Web Site URL: hxxp://ghostsec-team.org

Official Group's Web Site URL: hxxp://ghostsecret-team.blogspot.com

Official Group's Email Address Account: ghostsecteam.org@gmail.com

Stay tuned!