New Technical Annex Sharpens the Zentoria /Spinsopotamia Cluster!

A new annex to FinTelegram’s Zentoria / NALMI report adds preserved HTML, configuration-level markers, API dependencies, and direct catalogue-asset links around the Spinsopotamia anchor.

FinTelegram has publishing a new Technical Annex as a companion annex to its recently released “Zentoria / Spinsopotamia and the NALMI Casino Network” Compliance Intelligence Report. The new dossier does not replace the main report; it deepens the public-source technical case around the Spinsopotamia.com anchor with preserved HTML, exact telemetry and configuration markers, cross-domain API dependencies, and direct catalogue-level asset links that were not fully developed in the broader June report.

The central conclusion remains unchanged. The evidence supports a strong technical and operational relationship between the Zentoria-facing Spinsopotamia anchor and a wider casino infrastructure concentrated inside the Marshall Islands-based NALMI / AS213846 – 185.207.196.0/22 environment, while stopping short of claiming that Zentoria Limited legally owns every correlated domain or that a single ultimate beneficial owner controls the entire ecosystem.

Key findings

• 83-domain strict configuration cluster: Across 166 preserved result pages, 83 public domains co-exposed the same exact CSPER reporting account, the same exact SEON DNS token, the same non-financial seasonal-promotion response hash, and the same NALMI /22 network envelope.
• Preserved anchor evidence: Two preserved URLScan result pages show Spinsopotamia with exact public identifiers, including a CSP reporting endpoint, SEON token, GTM container, GA4 measurement ID, Hotjar site identifier, CookieScript resource, and repeated platform-host family markers.
• API dependency graph: The dossier records 67 additional API hostnames and 98 direct cross-domain dependency pairs, supporting a rotating facade / canonical-host model rather than isolated standalone domains.
• Direct catalogue linkage: Six byte-identical public asset groups connect Spinsopotamia with comparison families including Kingmaker, BillyBets, 100Neon, BigClash, DuoSpin, LunuBet, and MyEmpire.
• Broader NALMI continuity: 495 of 496 investigated domains remain inside the same 185.207.196.0/22 routed envelope attributed to AS213846 / NALMI LIMITED.
• Legal-safe boundary preserved: The dossier strengthens technical correlation, but it still does not establish common legal ownership, customer-account identity, or UBO attribution without provider-side records.

What the Technical Annex Adds!

The strongest new contribution is the strict 83-domain shared-configuration cluster. Across 166 preserved result pages, the same exact CSPER reporting account, the same exact SEON DNS token, the same non-financial seasonal-promotion response hash, and the same compact NALMI network environment recur together across 83 public domains. This is materially stronger than generic provider overlap because these are account- or project-style markers, not merely ordinary use of common cloud or CDN infrastructure.

The dossier also documents preserved Spinsopotamia HTML evidence from two distinct URLScan result pages, one from October 2025 and one from March 2026, showing endpoint continuity from 185.207.197.250 to 185.207.197.216, both inside the same 185.207.196.0/22 routed envelope. At the same time, the public HTML captures exact telemetry and configuration identifiers, including the CSPER reporting endpoint, the SEON DNS token, a Google Tag Manager container, a Google Analytics measurement ID, a Hotjar site identifier, and repeated platform hosts such as pg-nmga.com, pgf-euy2bt.com, and pgwhois.com.

Facade and canonical hosts

The new dossier goes beyond static asset comparison by modelling a visible cross-domain API structure. Across the strict cluster, the preserved evidence records 67 additional API hosts, 150 unique technical nodes, and 98 direct cross-domain dependency pairs, showing that many public-facing casino domains rely on alternate or canonical backend hosts rather than serving as isolated sites.

This matters because it supports a rotating facade / canonical-host architecture. In practical terms, public brand domains can change while the deeper API and operational structure remains stable, which is precisely the kind of pattern that regulators, PSPs, banks, and acquirers should treat as a high-priority disclosure target.

Direct cross-brand asset links

A further step forward is the dossier’s exact cross-brand catalogue evidence. It identifies six byte-identical public asset groups that directly connect Spinsopotamia with brands and families including Kingmaker, BillyBets, 100Neon, BigClash, DuoSpin, LunuBet, and MyEmpire.

These are not visual similarities or naming overlaps. They are exact SHA-256-level matches in publicly delivered language and game-related assets, which materially strengthens the case that Spinsopotamia is embedded in a shared operational and content-delivery environment rather than standing alone as a separate casino endpoint.

What remains unchanged

The broader model from the main report still stands. The NALMI environment contains 495 of 496 investigated domains inside the same 185.207.196.0/22 routed allocation, while a separate application-build supercluster links 98 domains through 120 meaningful byte-identical first-party asset groups across 16 technical components.

Just as importantly, the new dossier explicitly corrects several overbroad interpretations. It confirms that the verified target population is 496 domains, not 994; that generic regional support hosts do not prove a common tenant; that no raw technical identifier in the evidence directly proves NovaForge, Quadcode, Payabl, or Zentoria as technical owner; and that the evidence should not be stretched into a claim that all 495 NALMI-hosted domains are controlled by Zentoria. That narrowing is not a weakness; it improves the evidentiary quality of the case.

Download both reports

To help regulators, payment institutions, banks, legal counsel, and investigative journalists assess the full record, FinTelegram is making both documents available together:

• Main report: Zentoria / Spinsopotamia and the NALMI Casino Network – Compliance Intelligence Report.
• Technical annex: Zentoria / Spinsopotamia External Technical Evidence Dossier.Download the main report here:
  [Insert main report download link]Download the technical evidence dossier here:
  [Insert annex download link]

Read together, the two reports provide a layered public-source record: the main report maps the broader NALMI casino-domain environment, while the new dossier deepens the anchor case around Spinsopotamia itself.

Call for whistleblowers

Public-source OSINT can establish technical correlation, but provider-side records remain decisive for legal attribution. FinTelegram therefore calls on whistleblowers, former employees, PSP insiders, acquirer staff, wallet operators, and affected players to share information about Zentoria Limited, Spinsopotamia.com, NALMI, and the related casino brands through Whistle42.

Particularly relevant are:

• Merchant IDs, gateway IDs, route IDs, or settlement-beneficiary details.
• Internal onboarding, compliance, or risk-review records involving Spinsopotamia, Zentoria, or NALMI-hosted brands.
• Platform, support, telemetry, or hosting account records identifying the actual contracting entity behind the observed technical markers.
• Card statements, bank records, deposit screens, cashier screenshots, or internal communications showing descriptor or payee relationships.Submit information securely via Whistle42:
  https://whistle42.com

Whistle42 is FinTelegram’s evidence-first whistleblower platform for financial crime and compliance failures, allowing sources to share documents, screenshots, emails, contracts, wallet or transaction IDs, and other unique identifiers securely and discreetly.