Novilyo
Operating strictly as a hidden middleman, Novilyo (novilyo.com) acts as a crucial “masking hop” for hundreds of thousands of high-risk transactions every month. It sits quietly between major offshore casinos and backend payment processors, specifically designed to launder transaction routing data and bypass acquiring bank controls.
R42 Risk Signal
-
Traffic Light: 🔴 CRITICAL RISK
-
Confidence Grade: A (Strong Web Traffic & Technical Evidence)
Key Data Table
| Data Point | Details |
| Operating Name | Novilyo |
| Primary Domains | novilyo.com |
| Corporate Entity | Unknown / Deliberately Obscured |
| Regulatory Status | Unlicensed / Unregulated |
| Estimated Traffic | ~210k – 260k monthly visits (Jan 2026 data) |
| Target Demographics | United Kingdom (~30%), Israel, Norway |
| Primary Device Usage | Mobile (Over 70%) |
Operational Overview
Unlike a traditional Payment Service Provider (PSP) with public-facing APIs or corporate pages, Novilyo has zero public presence. It functions exclusively as a backend redirect engine—a “traffic aggregator.” When a user attempts to deposit funds on an offshore gambling site, their browser is briefly routed through novilyo.com before landing on the final checkout page of the actual payment processor. This breaks the digital footprint between the casino and the bank.
Regulatory Framework
Novilyo operates entirely outside of standard regulatory frameworks. There is no known Money Services Business (MSB), Electronic Money Institution (EMI), or Payment Institution (PI) license tied to this domain. By acting merely as a technical bridge, its operators attempt to evade the legal definition of a financial institution, despite directly facilitating unauthorized financial flows.
Ownership & Executives
The ultimate beneficial owners (UBOs) and technical operators are completely anonymous. The domain registration is shielded by WHOIS privacy proxies, and there are no associated public executives, making it a “ghost” entity in the payment chain.
Corporate Structure
No formal corporate structure can be publicly attributed to the Novilyo domain. It is highly probable that Novilyo is an in-house technical construct created and maintained by the same syndicate operating the backend processors it feeds (such as the previously profiled Puretransfer network).
Technical Footprint
Recent digital footprint analysis (Q1 2026) perfectly illustrates Novilyo’s role as a router.
-
Inbound Traffic: Users land on Novilyo primarily from direct redirects triggered by offshore casino cashier pages. Novilyo is closely connected with Puretransfer, a Canadian-based red-listed high-risk payment processor and MSB.
-
Outbound Routing: After scrubbing the referral data, Novilyo routes the vast majority of its traffic to actual settlement gateways. Almost 44% of its traffic is sent directly to
puretransfer.io. Other notable outbound hops includepaymentiq.io,csp-project.com, andtribepayments.com.
Merchant/Customer Footprint
Traffic intelligence links Novilyo heavily to unregulated iGaming, eSports betting, and crypto casinos.
-
Known Associated Merchants: The network actively facilitates traffic for platforms like CSGOFast (
csgofast.com) and Pin-Up Casino (pin-up60a.com). -
Geographic Risk: Despite being unlicensed, nearly a third of Novilyo’s traffic originates from the United Kingdom, indicating a targeted evasion of UK Gambling Commission (UKGC) and Financial Conduct Authority (FCA) controls.
Enforcement/Litigation History
Due to its hidden, secondary-layer nature, Novilyo has not yet been the subject of direct regulatory warnings or public enforcement actions. It operates below the radar of standard financial watchdogs.
Red Flags
-
“Ghost” Infrastructure: Zero corporate transparency, no terms of service, and no public-facing business model.
-
Transaction Laundering: The deliberate use of the domain as a multi-hop masking layer between merchants and settling banks.
-
UK Evasion: Actively facilitating deposits for UK consumers on non-UKGC licensed platforms.
-
High-Risk Processor Ties: Direct technical integration with known shadow processors like Puretransfer.
Merchant Due-Diligence Checklist
For any Tier-1 acquirer or EMI identifying Novilyo in their referral logs:
-
[ ] Block the Domain: Immediately flag and restrict any incoming traffic or API calls routing through
novilyo.com. -
[ ] Investigate Merchant Portfolios: Audit merchants showing a high volume of “Direct” traffic, as this often indicates the use of an aggregator like Novilyo to scrub the original source URL.
-
[ ] Trace the Puretransfer Link: If connected to
puretransfer.ioorpaymentiq.iointegrations, require full URL journey maps from the merchant’s cashier to the checkout.
Evidence Box (Sources)
-
Web Traffic Intelligence (Semrush, Jan/Dec 2025-2026): Confirmation of ~250k monthly visits, heavily concentrated in the UK, with direct inbound links from
csgofast.comandpin-up60a.com, and massive outbound routing topuretransfer.ioandtribepayments.com. -
Technical Analysis: DNS and proxy shielding records.
Update Log
-
February 22, 2026: Initial RatEx42 profile published. Risk status set to RED based on its confirmed role as an unregulated traffic aggregator and transaction masking rail.
Whistle42 Call to Action
Help Us Trace the Novilyo Network. Who built the Novilyo routing engine? Is it an independent aggregator or an in-house tool built by Puretransfer or Tribe Payments? We need insiders, developers, or compliance officers to help us map the controllers of this domain. Your safety and anonymity are fully guaranteed. Submit your evidence securely at Whistle42.
