Active phishing and financial fraud infrastructure hosted at this IP.
Domain: 481pradabet.com
IP ...
show moreActive phishing and financial fraud infrastructure hosted at this IP.
Domain: 481pradabet.com
IP: 45.87.222.10
ASN: AS60387 – Known Holdings LTD / SCRHOST LIMITED
Observed malicious activity:
• Phishing and credential harvesting
• Brand impersonation
• Fake login and payment interfaces
• Redirection to illegal online gambling platforms
• Geo-based cloaking (malicious content shown only to Turkish IP ranges)
The infrastructure is part of an organized fraud operation targeting users internationally.
Abuse notifications already submitted to:
– Registrar (SAV.com) – Report ID: 69a1681478517fbbea0853d0
– Cloudflare Trust & Safety – Report ID: efaa57886ea40feb
– Dutch Police – Ref: 260227-PS149130484
– Netherlands NCSC and FraudHelpdesk
The system remains active.
show less
We are reporting infrastructure abuse on behalf of our client, the legitimate owner of the Artemisbe ...
show moreWe are reporting infrastructure abuse on behalf of our client, the legitimate owner of the Artemisbet brand.
A threat actor is hijacking Google Turkey IP search results for the keyword “Artemisbet” using hacked/black-hat SEO and redirecting users into an unauthorized phishing clone that steals credentials and drains real user balances.
Redirect domain (Cloudflare-proxied, ranked via hacked SEO):
vqx.artemisbtlud.vip
Phishing clone (1:1 copy of the legitimate sportsbook, omits GCB license in footer, captures logins):
1177artemisbet.com
Fraud flow:
1) Hacked SEO forces search visibility,
2) Users are redirected,
3) Credentials are stolen,
4) Attackers access the real sportsbook and transfer victim balances.
Abused origin IP:
179.43.175.214
(LACNIC allocation, announced by AS51852 – Private Layer INC)
We request the IP to be reviewed and flagged under phishing-enabled account-takeover and financial-fraud abuse categories. Evidence is ready to share on request.
PerseusDefend
show less
We are reporting infrastructure abuse on behalf of our client, the legitimate owner of the Artemisbe ...
show moreWe are reporting infrastructure abuse on behalf of our client, the legitimate owner of the Artemisbet brand.
A threat actor is hijacking Google Turkey IP search results for the keyword “Artemisbet” using hacked/black-hat SEO and redirecting users into an unauthorized phishing clone that steals credentials and drains real user balances.
Redirect domain (Cloudflare-proxied, ranked via hacked SEO):
vqx.artemisbtlud.vip
Phishing clone (1:1 copy of the legitimate sportsbook, omits GCB license in footer, captures logins):
1177artemisbet.com
Fraud flow:
1) Hacked SEO forces search visibility,
2) Users are redirected,
3) Credentials are stolen,
4) Attackers access the real sportsbook and transfer victim balances.
Abused origin IP:
179.43.175.214
(LACNIC allocation, announced by AS51852 – Private Layer INC)
We request the IP to be reviewed and flagged under phishing-enabled account-takeover and financial-fraud abuse categories. Evidence is ready to share on request.
PerseusDefend
show less
We are reporting infrastructure abuse on behalf of our client, the legitimate owner of the Artemisbe ...
show moreWe are reporting infrastructure abuse on behalf of our client, the legitimate owner of the Artemisbet brand.
A threat actor is hijacking Google Turkey IP search results for the keyword “Artemisbet” using hacked/black-hat SEO and redirecting users into an unauthorized phishing clone that steals credentials and drains real user balances.
Redirect domain (Cloudflare-proxied, ranked via hacked SEO):
vqx.artemisbtlud.vip
Phishing clone (1:1 copy of the legitimate sportsbook, omits GCB license in footer, captures logins):
1177artemisbet.com
Fraud flow:
1) Hacked SEO forces search visibility,
2) Users are redirected,
3) Credentials are stolen,
4) Attackers access the real sportsbook and transfer victim balances.
Abused origin IP:
179.43.175.214
(LACNIC allocation, announced by AS51852 – Private Layer INC)
We request the IP to be reviewed and flagged under phishing-enabled account-takeover and financial-fraud abuse categories. Evidence is ready to share on request.
PerseusDefend
show less
Malicious phishing and SEO-poisoning infrastructure hosted on OVH, France.
Reported IP: 5.135.51. ...
show moreMalicious phishing and SEO-poisoning infrastructure hosted on OVH, France.
Reported IP: 5.135.51.127
Hosting provider: OVH (France)
Abused brands: Betting/Gaming vertical (primary target: “Betpuan” trademark keyword in Türkiye)
Malicious activity details:
- Deploying phishing clone domains through hacking/SEO poisoning
- Redirecting users from Google Search to a credential-stealing fake login page
- Unauthorized account access and fraudulent fund transfers
- Continuous reuse of OVH infrastructure to host new clone domains after abuse complaints
- Page anomalies include intentionally slow load time and missing license/brand verification elements in footer
Action requested:
- Tag IP as phishing/fraud
- Flag OVH as repeat abuse host
- Maintain listing for investigation and network takedown automation
show less
Dear AbuseIPDB Team,
We are reporting confirmed malicious infrastructure abuse involving phishing ...
show moreDear AbuseIPDB Team,
We are reporting confirmed malicious infrastructure abuse involving phishing, trademark impersonation, and financial fraud.
Reported IP:
5.182.209.81
Associated Abusive Domain:
tr.pulibetcanligiris.top
Verified Abuse Pattern:
This IP and the domain hosted on it are being used for:
Trademark impersonation of Pulibet (registered globally under the WIPO Madrid System)
Credential-harvesting phishing attack via a cloned login interface
Account takeover fraud, using stolen credentials on the legitimate platform
Unauthorized financial withdrawals, transferring victim balances into attacker-controlled accounts
Search indexing and ranking manipulation, leveraging abusive canonical and bulk hreflang tags to influence Google Search results and capture consumer traffic
Hosting & Proxy Chain:
CDN/Proxy used for abuse: Cloudflare
Abusive hosting network: SpectraIP B.V.
Upstreams involved in routing chain: FiberXpress, RETN, GTT
show less
Confirmed phishing and account takeover operation.
Domain: betpuan99o.com
Impersonates: betpuan8 ...
show moreConfirmed phishing and account takeover operation.
Domain: betpuan99o.com
Impersonates: betpuan832.com
The site is a near-identical clone used to harvest user credentials.
Stolen credentials are used to log into the legitimate platform and
transfer user balances to attacker-controlled accounts.
Observed conditional redirect and cloaking behavior.
Ongoing and repeated abuse linked to the same hosting provider.
Financial fraud in progress.
show less
This IP address is involved in repeated phishing and fraud campaigns
targeting the legitimate brand ...
show moreThis IP address is involved in repeated phishing and fraud campaigns
targeting the legitimate brand “TUMBET”.
Observed behavior includes conditional phishing (cloaking):
• Direct access shows a benign-looking fake web/software page.
• Access via Google search results redirects users to an active
credential-harvesting phishing site.
Related domains:
• https://tumbet.tumgidi.vip (conditional redirect entry point)
• https://tumbet799.co (phishing site)
The phishing site is a near-identical clone of the legitimate platform
https://www.tumbet799.com, using the .co TLD to deceive users.
User credentials are harvested and then used to access real accounts
and steal funds, constituting account takeover and financial fraud.
This activity is recurring multiple times per week and appears to be
operated by the same OVH customer using reused infrastructure.
Abuse has been reported to OVH SAS, Cloudflare Trust & Safety, and
national authorities (PHAROS).
show less
This IP address is involved in repeated phishing and fraud campaigns
targeting the legitimate brand ...
show moreThis IP address is involved in repeated phishing and fraud campaigns
targeting the legitimate brand “TUMBET”.
Observed behavior includes conditional phishing (cloaking):
• Direct access shows a benign-looking fake web/software page.
• Access via Google search results redirects users to an active
credential-harvesting phishing site.
Related domains:
• https://tumbet.tumgidi.vip (conditional redirect entry point)
• https://tumbet799.co (phishing site)
The phishing site is a near-identical clone of the legitimate platform
https://www.tumbet799.com, using the .co TLD to deceive users.
User credentials are harvested and then used to access real accounts
and steal funds, constituting account takeover and financial fraud.
This activity is recurring multiple times per week and appears to be
operated by the same OVH customer using reused infrastructure.
Abuse has been reported to OVH SAS, Cloudflare Trust & Safety, and
national authorities (PHAROS).
show less
We are reporting the IP address 185.66.88.84, currently hosting the phishing website https://holigan ...
show moreWe are reporting the IP address 185.66.88.84, currently hosting the phishing website https://holiganbetl099.com/.
This malicious website is a direct copy of our legitimate platform https://www.holiganbet1093.com/tr/sports/i/ and is being used to steal customer login credentials. Once obtained, these credentials are exploited to access users’ real accounts on our platform, leading to financial fraud and identity theft.
The website uses the HOLIGANBET trademark and logo without authorization (UK Trademark No. UK00003544293), constituting clear brand abuse and phishing activity.
We request that this IP be flagged and appropriate mitigation measures be taken.
Thank you for supporting efforts to protect internet users.
show less
This IP address is hosting a phishing website impersonating our trademarked brand JOJOBET.
Phishi ...
show moreThis IP address is hosting a phishing website impersonating our trademarked brand JOJOBET.
Phishing URL: https://1258jojobet.com/tr/
Legitimate site: https://www.jojobet1022.com/tr/sports/i/
The phishing site is a pixel-perfect copy of our official platform. It steals user credentials and redirects them to fraudulent endpoints for identity theft and financial fraud.
Trademark: JOJOBET (UK TM No. UK00003430378)
IP used without permission. We request immediate investigation and blacklisting of this IP.
show less
IP: 185.247.225.10
Category: Phishing
Comment:
The IP is hosting a phishing site (https://1031j ...
show moreIP: 185.247.225.10
Category: Phishing
Comment:
The IP is hosting a phishing site (https://1031jojobet.com/tr/) that is a replica of our legitimate platform https://www.jojobet1022.com/tr/sports/i/. The fake site harvests user credentials by impersonating JOJOBET (UK trademark: UK00003430378). Hosting provider: FlokiNET. Registrar: Tucows.
show less
The IP 45.10.243.59 is hosting a phishing website (https://jojobett1053.com/tr), which is an unautho ...
show moreThe IP 45.10.243.59 is hosting a phishing website (https://jojobett1053.com/tr), which is an unauthorized replica of our official gaming platform (https://www.jojobet1022.com/tr/sports/i/).
The domain is used to collect user credentials and commit financial fraud under our registered trademark JOJOBET (UK Trademark No. UK00003430378).
Hosting Provider: DDOS-GUARD LLC
Registrar: NICENIC INTERNATIONAL GROUP CO., LTD.
We request that this IP be reviewed and blacklisted to prevent further abuse.
show less
This IP address (186.2.163.222) is hosting a phishing website that impersonates our registered brand ...
show moreThis IP address (186.2.163.222) is hosting a phishing website that impersonates our registered brand JOJOBET (UK Trademark No. UK00003430378). The phishing domain is jojobet6258.com.
The fake site is a pixel-perfect clone of our legitimate platform (https://www.jojobet1022.com/tr/sports/i/) and is actively stealing user credentials, which are then used to access real accounts and commit financial fraud. Several users from the United States and Europe have reported unauthorized account access and monetary losses.
Registrar: NICENIC INTERNATIONAL GROUP CO., LTD.
Hosting provider: Attributed to this IP
Please review and blacklist this IP address to protect potential victims.
Original material: https://jojobet.com/
Trademark: https://trademarks.ipo.gov.uk/ipo-tmcase/page/Results/1/UK00003430378
show less
The IP address 172.67.169.229 is being used to host a phishing website that impersonates our legitim ...
show moreThe IP address 172.67.169.229 is being used to host a phishing website that impersonates our legitimate brand, HOLIGANBET, with the intent to steal user credentials and access their real accounts.
Phishing Site: https://mholiganbet1092.com/tr/sports/i/
Official Site (Original Content): https://www.holiganbet1093.com/tr/sports/i/
Trademark: HOLIGANBET
Registered Trademark: UK00003544293
The fake site is a pixel-perfect replica of our platform, with the only noticeable difference being the absence of the official licensing link in the footer. Victims are deceived into logging in, leading to the compromise of their real accounts.
show less
The IP address 45.88.138.172 is hosting a phishing website located at:
https://1128holiganbet.com ...
show moreThe IP address 45.88.138.172 is hosting a phishing website located at:
https://1128holiganbet.com/
This phishing website is a cloned version of our original and legally trademarked online gaming platform, aiming to steal login credentials from our users and compromise their accounts.
Original site: https://www.holiganbet1090.com/tr/sports/i/
Trademark record: https://trademarks.ipo.gov.uk/ipo-tmcase/page/Results/1/UK00003544293
The attacker uses fake branding and redirections from:
https://tr-holigan-orijinal.com/
Distinct signs of phishing:
- No GCB license link in the footer
- Absence of 18+ responsible gaming notice
- Our logo and trademark are used without consent
We urge AbuseIPDB to review and take action accordingly.
show less
Dear AbuseIPDB Team,
Please add the IP 172.67.154.5 to your phishing blacklist. It is being used ...
show moreDear AbuseIPDB Team,
Please add the IP 172.67.154.5 to your phishing blacklist. It is being used to host a cloned phishing site of our gaming platform:
https://holiganbet1o93.com/
The site mimics our official platform and illegally uses our trademark to steal user credentials.
Legitimate site: https://www.holiganbet1090.com/
Trademark proof: https://trademarks.ipo.gov.uk/ipo-tmcase/page/Results/1/UK00003544293
show less
Dear AbuseIPDB Team,
We would like to report malicious activity originating from the IP address 9 ...
show moreDear AbuseIPDB Team,
We would like to report malicious activity originating from the IP address 95.129.234.157, which is hosting a phishing domain impersonating our official gaming brand HOLIGANBET.
Details:
Phishing domain: https://t-holigan.com/
Legitimate brand: https://www.holiganbet1090.com/tr/sports/i/
Trademark evidence: https://trademarks.ipo.gov.uk/ipo-tmcase/page/Results/1/UK00003544293
Abuse Type: Phishing, credential theft, unauthorized trademark usage
Hosting Provider: DDoS Guard
The fraudulent site mimics our user login interface to steal customer credentials and illegally access their accounts. We request that you review and categorize this IP accordingly in your database.
show less
The domain https://jojolbet1020.com/ is a phishing site that fully imitates our official website htt ...
show moreThe domain https://jojolbet1020.com/ is a phishing site that fully imitates our official website https://www.jojobet1021.com/tr/sports/i/. It unlawfully uses our brand name and logo to deceive users, steal their login credentials, and access their original accounts to transfer data and funds to attacker-controlled destinations.
show less
Dear AbuseIPDB Team,
I am writing to report a phishing website that is impersonating our official ...
show moreDear AbuseIPDB Team,
I am writing to report a phishing website that is impersonating our official platform. The website in question is:
Phishing Site: https://l022jojobet.com/
Original Site: https://www.jojobet1021.com/tr/sports/i/
IP Address of Phishing Site: 62.182.85.168
We request that you take immediate action to flag and block this IP address due to the fraudulent activity taking place.
show less
Dear AbuseIPDB Team,
I am reporting a phishing website hosted on the IP address 204.76.203.30 tha ...
show moreDear AbuseIPDB Team,
I am reporting a phishing website hosted on the IP address 204.76.203.30 that uses SEO manipulation techniques to rank on Google and mislead users into providing sensitive data.
Phishing Website: https://tr-girisjojobetadres.com/
Original Website: https://www.jojobet1021.com/tr/sports/i/
Fake Website: https://jojobett1063.com
IP Address: 204.76.203.30
Registrar: NICENIC
Hosting Provider: PF Cloud
Trademark: JOJOBET is used without consent.
The phishing site is an exact replica of our original site, designed to steal login credentials and perform fraudulent activities. It redirects visitors to the phishing page after manipulating search results through SEO tactics.
Please take action to block the phishing website and its malicious activity.
show less
Dear AbuseIPDB Team,
I would like to report a phishing website hosted on the IP address 204.76.20 ...
show moreDear AbuseIPDB Team,
I would like to report a phishing website hosted on the IP address 204.76.203.30. The domain is an unauthorized copy of our legitimate website, https://www.jojobet1021.com/tr/sports/i/.
Details:
Phishing Website: https://jojolbet3476.com
Original Website: https://www.jojobet1021.com/tr/sports/i/
IP Address: 204.76.203.30
Registrar: NICENIC
Hosting Provider: Pfcloud UG
Differences: Missing GCB license link in the footer, and no 18+ warning logo.
The phishing site uses identical branding and layout to steal user credentials and perform account takeovers.
Please take necessary action to block this phishing domain and prevent further harm.
show less
This IP address is hosting a phishing website impersonating our brand Jojobet at https://jojobett106 ...
show moreThis IP address is hosting a phishing website impersonating our brand Jojobet at https://jojobett1063.com/.
The legitimate version of our platform is located at:
https://www.jojobet1021.com/tr/sports/i/
The fake domain is a near-identical replica of our original site, designed to deceive our users into entering their login credentials, which are then used for unauthorized access and theft.
Notable indicators of fraud:
– No GCB license link in the footer
– Missing 18+ warning badge
This constitutes a serious phishing threat and identity theft attempt. Please take appropriate action.
show less
PhishingWeb SpamHacking
By clicking “Accept all”, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.