IP info including ISP, Usage Type, and Location provided
by IPInfo. Updated weekly.
Important Note: 104.21.5.178 is an IP address from within
our whitelist belonging to the subnet
104.16.0.0/13,
which we identify as: "Cloudflare Reverse Proxy".
Whitelisted netblocks are typically owned by trusted entities, such as Google
or Microsoft who may use them for search engine spiders. However, these same entities
sometimes also provide cloud servers and mail services which are easily abused. Pay special
attention when trusting or distrusting these IPs.
We report cloaking techniques being used to target "Artemisbet" through the malicious resource: http ...
show moreWe report cloaking techniques being used to target "Artemisbet" through the malicious resource: https://artemisbets1131.com. The attackers serve benign content to scanners and automated crawlers, while delivering fraudulent phishing pages to real users. This evasion allows the abuse to remain undetected while stealing user credentials.
Such practices constitute deception, brand infringement, and a violation of intellectual property and cybersecurity laws. They directly harm our users by enabling identity theft and account compromise.
We request AbuseIPDBโs assistance in investigating and mitigating this unlawful activity.
Best regards,
Brand Protection Officer
Artemisbet Legal Team
show less
We have detected malicious redirection targeting "Artemisbet" users, where traffic is diverted to fr ...
show moreWe have detected malicious redirection targeting "Artemisbet" users, where traffic is diverted to fraudulent resources such as: https://artemisbets1131.com. This redirection leads unsuspecting users to phishing pages, enabling unauthorized collection of credentials and personal data.
This activity constitutes fraud, unfair competition, and infringement upon our intellectual property rights. It also violates consumer protection regulations by misleading users and causing reputational and financial harm.
We kindly request AbuseIPDB to take prompt measures to disable this malicious infrastructure and prevent further abuse.
Best regards,
Brand Protection Officer
Artemisbet Legal Team
show less
We report cloaking techniques being used to target "Artemisbet" through the malicious resource: http ...
show moreWe report cloaking techniques being used to target "Artemisbet" through the malicious resource: https://artemisbets1131.com. The attackers serve benign content to scanners and automated crawlers, while delivering fraudulent phishing pages to real users. This evasion allows the abuse to remain undetected while stealing user credentials.
Such practices constitute deception, brand infringement, and a violation of intellectual property and cybersecurity laws. They directly harm our users by enabling identity theft and account compromise.
We request AbuseIPDBโs assistance in investigating and mitigating this unlawful activity.
Best regards,
Brand Protection Officer
Artemisbet Legal Team
show less
We report cloaking techniques being used to target "Artemisbet" through the malicious resource: http ...
show moreWe report cloaking techniques being used to target "Artemisbet" through the malicious resource: https://artemisbets1131.com. The attackers serve benign content to scanners and automated crawlers, while delivering fraudulent phishing pages to real users. This evasion allows the abuse to remain undetected while stealing user credentials.
Such practices constitute deception, brand infringement, and a violation of intellectual property and cybersecurity laws. They directly harm our users by enabling identity theft and account compromise.
We request AbuseIPDBโs assistance in investigating and mitigating this unlawful activity.
Best regards,
Brand Protection Officer
Artemisbet Legal Team
show less
krosinglakes.com is part of the reload chain of a link in a spam email:
https://storage.googleapis. ...
show morekrosinglakes.com is part of the reload chain of a link in a spam email:
https://storage.googleapis.com/c7d8c46f79wy9/skdgfsdkf/lkqsdsqdqsd1.html
lkqsdsqdqsd1.html has the following code:
<html>
<head>
<meta http-equiv="refresh" content="0;url=https://cometesx.com/0/0/0/5f116b4649dae1f89d8779b671ef3dc8/Tae"/>
</head>
<body></body>
</html>
https://cometesx.com/0/0/0/5f116b4649dae1f89d8779b671ef3dc8/Tae has the following code:
<script type="text/javascript">window.location.href="https://krosinglakes.com/?s1=350730&s2=646655016&s3=2275&s4=1712&ow=&s10=739"</script>
This latter link reloads to https://tenismaraton.com/902815cd76358d0c637449b9f7e3df44
show less
Email Spam
Anonymous
From: Buffer <[email protected]> On Behalf Of ????
Energybillcruncher โ RU tenismaraton.com reward f ...
show moreFrom: Buffer <[email protected]> On Behalf Of ????
Energybillcruncher โ RU tenismaraton.com reward fraud/phishing
UBE [email protected] designates 161.38.193.5 as permitted sender) Mailgun Technologies Inc.
UBE [188.130.139.254];Helo=[nyif.site] Contel OOO
Header domains: mcbi.edu, buffer.com, cio51677.buffer.com
Spam link email-links.buffer.com redirect buffer.com
Spam link ftp.frex.com.au redirects: users.tpg.com.au, polgetiticos.site, elevatetop.com, krosinglakes.com, tenismaraton.com, trk-aliquando.com, a.mgid.com, unsub: www.unlistmenow.com, maxcdn.bootstrapcdn.com, ds2r9mr2r4h38.cloudfront.net, api.optoutsystem.com
Spam link archive.org
Repetitive scam address Inc 6834 Cantrell Road #2024, Little Rock, AR 72207 โ entity EnergyBillCruncher.com =35.161.142.43, 52.12.217.176, 44.224.172.196 Amazon
show less
Fraud Orders
Phishing
Web Spam
Email Spam
Bad Web Bot
Exploited Host
From: Macbook Pro <{username}@mlk.org.uk>
TENISMARATON.COM RU reward fraud/phishing - click trackin ...
show moreFrom: Macbook Pro <{username}@mlk.org.uk>
TENISMARATON.COM RU reward fraud/phishing - click tracking scripts - illicit e-mail harvesting
UBE 62.182.81.31 (EHLO accusamussgmal.porttafix.net) Virtual Systems LLC
Header comms.aol.net = 159.127.187.11 Epsilon Interactive LLC
Spam link eryshok.org.uk -> openxfunds.com, krosinglakes.com, tenismaraton.com, unpkg.com, trk-aliquando.com, a.mgid.com
show less
Fraud Orders
Phishing
Web Spam
Email Spam
Bad Web Bot
Anonymous
Phishing spam link redirect: https://krosinglakes.com/?s1=350106&s2=643035985&s3=1.......etc
Phishing
Email Spam
Anonymous
From: Medicareplanning <[email protected]>
Spam link chriistmas.duckdns.org -> dimondstardust.co ...
show moreFrom: Medicareplanning <[email protected]>
Spam link chriistmas.duckdns.org -> dimondstardust.com, krosinglakes.com, tenismaraton.com, trk-aliquando.com, a.mgid.com
UBE 89.144.16.139 (EHLO p3v7.loanpro.shop) GHOSTnet GmbH
Header SPF loanpro.shop = 85.93.6.203 IP Interactive
Image: "MedicarePlanning.net"
Repetitive spam address 1035 NE 125th st, Suite 310, North Miami, FL 33161; BBB: entity Excel Impact LLC โ BBB complaints for spamming; OpenCorporates.com indicates Flex Rates LLC (EIN 84-2950593) as parent company (history of spam in this series)
show less
Fraud Orders
Phishing
Web Spam
Email Spam
Spoofing
Bad Web Bot
Anonymous
On 1 Dec 2021 at 00:36:20 -0800 (PST), an insidious spammer abusing email source IP address 77.247.1 ...
show moreOn 1 Dec 2021 at 00:36:20 -0800 (PST), an insidious spammer abusing email source IP address 77.247.178.227 sent an unsolicited phishing email to fraudulently capture sensitive information. The email's content appears to be on an exploited cloud host at 216.218.255.37 to avoid discovery by email servers' spam, phishing, and malware detectors. As part of this deception, the content at 216.218.255.37 redirects recipients to content hidden at phishing sites on 111.90.158.43 (wallintern.com), 104.21.5.178 (krosinglakes.com), and 104.21.18.26 (tenismaraton.com) in part to confirm that the email address receives messages, thereby inviting more spam.
No one sending legitimate business correspondence would have reason to go to such lengths to mask their email's content.
show less