A new technical analysis shared with FinTelegram points to NALMI LIMITED (AS213846) as the infrastructure envelope behind a large rotating casino-domain ecosystem. The findings do not prove that NALMI owns or operates the underlying casino brands. But they do suggest that a substantial cluster of outwardly separate gambling domains — including brands already relevant in the broader Zentoria context — appears to converge within the same hosting and routing environment. That makes NALMI a serious enhanced-due-diligence target.
The NALMI Ecosphere in Stealth Mode
This chart is published as an investigative working model based on technical material and open-source checks reviewed by FinTelegram. It is intended to illustrate observed infrastructure patterns, routing signals, and domain clustering. It should not be read as conclusive proof of final legal ownership, beneficial ownership, or unified operational control of all brands shown. FinTelegram’s investigation into the apparent NALMI ecosystem remains ongoing.
A new network-engineering analysis received by FinTelegram suggests that NALMI LIMITED (AS213846) may sit at the center of a much larger technical casino ecosystem than previously understood. According to the material reviewed, the issue is not one casino, one domain, or one payment anomaly. The issue is an apparent infrastructure envelope spanning a large number of gambling-related domain families, combined with Cloudflare shielding, repeated CRM/mail patterns, and visible links to brands already associated with the broader Zentoria-facing environment.
NALMI LIMITED is not entirely invisible, but it is remarkably opaque. Public ASN and registry records point to a Marshall Islands entity with an associated domain, nalmiltd.com, yet there is no meaningful transparent corporate web presence comparable to that of an openly operating infrastructure provider. Instead, NALMI presents as a technically traceable but publicly low-profile entity — a pattern made even more noteworthy by the Cyprus-linked contact signal embedded in the same records.
The most important point at this stage is methodological: the evidence does not prove that NALMI is the beneficial owner or legal operator of the casino brands observed in the cluster. It does, however, support a narrower and more defensible conclusion: NALMI appears to be the hosting or infrastructure layer behind a rotating farm of casino-facing domains. That alone would make it highly relevant from a compliance and due-diligence perspective.
A hosting envelope, not a random collection of sites
The technical material reviewed by FinTelegram describes AS213846 / NALMI LIMITED as a hosting ASN with a 185.207.196.0/22 envelope comprising 1,024 IPv4 addresses, and links this range to a large observed casino-facing domain set. The report frames this not as one isolated gambling site, but as a domain-farm system with repeated brand families, numbered variants, mirror domains, and repeated IP reuse across the same NALMI-associated range.
That matters because it changes the character of the finding. This is no longer just a question of one rogue domain or one suspicious merchant. It looks, at minimum, like an industrialized infrastructure cluster capable of supporting multiple outward-facing casino skins.
NALMI in the Zentoria story
The NALMI findings become particularly interesting because they intersect with the Zentoria line of research already under review by FinTelegram.
Read our Zentoria reports here.
In the report, SPINSOPOTAMIA.COM is treated as the key public-facing anchor into ZENTORIA LIMITED, and the same domain is then mapped into the NALMI-associated IP environment. The report explicitly presents SPINSOPOTAMIA not as a decorative casino logo, but as the visible legal/public wrapper that connects the Zentoria-facing layer into the wider technical ecosystem.
That is important. If a domain already relevant to the Zentoria structure resolves into the same NALMI environment as other rotating casino brands, then the NALMI question is not separate from the Zentoria question. It becomes part of the same broader operational picture.
Cyprus-linked signals, but not yet proof of control
The report also emphasizes several Cyprus-linked signals, including a +357 phone signal in RIPE-related records, routing observations, and latency arguments suggesting Cyprus-local relevance behind the infrastructure. It further argues that Cloudflare acts as a choke point or shielding layer, making direct origin attribution more difficult while leaving certain Cyprus-linked network observations unusually clear.
These are serious EDD signals. But they should be treated with caution.
What they support is a Cyprus-linked operational footprint. What they do not yet prove is that the entire domain farm is directly controlled from Cyprus, or that the economic or legal controllers of the ecosystem have been conclusively identified. That is the difference between a strong technical red flag and a finished ownership case.
Shared infrastructure is easier to show than shared control
One of the strongest parts of the report is not the rhetoric, but the cluster logic. The analysis points to repeated DNS, CRM, mail, and infrastructure patterns across brands such as Spinsy, Spinsopotamia, Green Luck, SpinRollz, and Kingmaker. The report describes common mail and customer-communication elements — including Google verification, Mailjet, Zendesk, and Carmamail-style patterns — as evidence of shared operational machinery rather than isolated standalone websites.
That is a meaningful distinction.
Shared infrastructure and shared tooling do not automatically prove common legal ownership. But they do support the theory of a shared operational ecosystem — and that is often exactly where a serious compliance investigation begins.
Where Payabl fits into the wider picture
The NALMI analysis does not replace FinTelegram’s earlier work on Payabl, NovaForge, and Zentoria. It complements it.
In the broader body of material under review, Payabl appears as a recurring gateway / PSP / payment-rail layer, while Zentoria appears as a cleaner public-facing or legal-facing wrapper and NovaForge as an older, riskier offshore-facing merchant layer. The NALMI report adds a different layer to that picture: infrastructure. In other words:
- NALMI appears relevant to the hosting / technical environment,
- Zentoria to the legal / public-facing wrapper,
- and Payabl to the payment / gateway layer.
That multi-layer reading is far more plausible — and more defensible — than any simplistic one-company theory.
The right conclusion
At this stage, FinTelegram would not state that NALMI “runs” the entire casino network. That would go too far. But it is increasingly plausible that NALMI LIMITED functions as the infrastructure envelope behind a large rotating casino-domain ecosystem, and that this technical ecosystem overlaps with domains, brands, and public-facing wrappers already relevant to the broader Zentoria story.
That alone is enough to justify further scrutiny.
If confirmed through additional DNS, passive-DNS, routing, and registrar material, the NALMI findings could become a significant part of the wider compliance picture: not as proof of final ownership, but as evidence that many outwardly separate gambling brands may sit inside the same concentrated technical habitat.
FinTelegram will continue to review the evidence.
NALMI Key Findings
| Category | Key Information |
|---|---|
| Infrastructure Anchor |
NALMI LIMITED / AS213846 appears as the central hosting / ASN envelope of the observed cluster.
Sources: RIPEstat AS213846 | BGP HE AS213846 | RIPE Database Query |
| IP Environment |
The main observed infrastructure range is 185.207.196.0/22, comprising 1,024 IPv4 addresses, which points to a concentrated infrastructure environment rather than a handful of isolated sites.
Sources: RIPE Prefix Query | BGP HE Prefix Overview | RIPEstat |
| Cluster Character |
The reviewed material indicates a rotating system of mirror domains, numbered variants, brand extensions, and repeated IP reuse, supporting the hypothesis of an industrialized casino-domain farm.
Source: Source material reviewed by FinTelegram. |
| Scale |
The reviewed dataset refers to 994 unique domains, 1,663 domain-to-IP mappings, 138 distinct IPs, and 138 repeated domain families, indicating a network of substantial operational scale.
Source: Source material reviewed by FinTelegram. |
| Zentoria Anchor |
SPINSOPOTAMIA.COM, already relevant in the broader Zentoria inquiry, appears as a key public-facing entry point into ZENTORIA LIMITED.
Sources: Revenue Ireland register page | Revenue Ireland PDF register |
| Observed Brand Families |
Observed casino-facing brands and skins include Spinsy, Spinsopotamia, Green Luck, SpinRollz, and Kingmaker, suggesting a shared operational environment rather than isolated standalone brands.
Source: Source material reviewed by FinTelegram. |
| DNS / Mail / CRM Patterns |
The reviewed material points to recurring backend indicators such as Google site verification, Mailjet, Google SPF, Zendesk mail, and Carmamail, supporting the view of a shared CRM and communications backend.
Source: Source material reviewed by FinTelegram. |
| Cloudflare Shielding |
The observed setup is consistent with a Cloudflare-shielded edge layer in front of the NALMI environment, making direct origin attribution more difficult.
Sources: Cloudflare network overview | Cloudflare Anycast overview | plus source material reviewed by FinTelegram |
| Cyprus-Linked Signals |
The reviewed material highlights Cyprus-linked routing and registry signals, including a +357 phone number and visibility patterns consistent with a Cyprus-facing operational footprint. These are important EDD indicators, but not final proof of control.
Sources: RIPEstat AS213846 | RIPE Database Query | plus source material reviewed by FinTelegram |
| RIPE / Registry Profile |
NALMI appears with a Marshall Islands profile while also showing Cyprus-linked contact signals in RIPE-related data. This is a jurisdictionally unusual combination and a significant due-diligence red flag.
Sources: RIPE Database Query | RIPEstat | BGP HE |
| NALMI’s Role |
At this stage, the most defensible reading is that NALMI functions as an infrastructure or hosting layer, not as the proven merchant, operator, or beneficial owner of the observed casino brands.
Sources: RIPEstat | BGP HE | plus source material reviewed by FinTelegram |
| Zentoria’s Role |
Zentoria appears as the cleaner legal and public-facing wrapper within the broader ecosystem, consistent with earlier FinTelegram findings.
Sources: Revenue Ireland register page | Revenue Ireland PDF register |
| Payabl’s Role |
In the broader investigation, Payabl appears more relevant to the PSP / gateway / payment layer than to the infrastructure envelope itself. This supports a layered model: NALMI = infrastructure, Payabl = payment rail.
Sources: Source material reviewed by FinTelegram and earlier payment-path evidence under review. |
| NovaForge’s Role |
NovaForge remains the likely older, riskier offshore-facing merchant or operator layer in the broader ecosystem, complementing the later and cleaner Zentoria-facing layer.
Sources: Source material reviewed by FinTelegram and earlier merchant / wallet comparisons under review. |
| Ownership / Control |
The current evidence does not conclusively establish that NALMI or the Cyprus-linked signals prove final legal ownership, beneficial ownership, or unified operational control of the full ecosystem.
Sources: RIPEstat | RIPE Database Query | plus source material reviewed by FinTelegram |
| Editorial Takeaway |
The strongest current publication angle is that of a NALMI-linked technical ecosystem behind a rotating casino-domain farm, with visible overlap into the broader Zentoria-facing structure. This supports a shared infrastructure hypothesis, but not yet a final ownership conclusion.
Sources: Revenue Ireland PDF register | RIPEstat | plus source material reviewed by FinTelegram |
- NALMI LIMITED (AS213846) appears as a concentrated hosting/infrastructure envelope for a large number of casino-facing domains.
- The observed environment includes SPINSOPOTAMIA.COM, a domain already relevant to the broader Zentoria line of inquiry.
- The findings support a shared infrastructure ecosystem, not yet a proven single ownership structure.
- Cyprus-linked registry and routing signals are notable, but should currently be treated as EDD indicators, not definitive proof of control.
- The NALMI findings are best read together with the existing Zentoria / NovaForge / Payabl evidence as part of a layered casino-and-payments ecosystem.
The NALMI story matters because infrastructure is often the one layer that changes more slowly than brands, domains, or merchant names. If the brands rotate but the technical habitat remains stable, the habitat itself becomes evidence.
