After FinTelegram’s reporting on Zentoria, Spinsopotamia and the NALMI casino-domain environment, the Spinsopotamia.com front appears to have moved from a 403-access-denied posture to a GoDaddy parking page. The change does not prove causation, but it raises fresh questions for PSPs, acquirers and regulators about merchant monitoring, descriptors and replacement domains.
FinTelegram explains the Zentoria / Spinsopotamia / NALMI case in plain English: how an EU-facing payment and website anchor may sit inside a much wider offshore casino-domain infrastructure. The technical evidence does not prove common ownership, but it challenges the idea that Spinsopotamia is merely an isolated standalone casino site.
A new technical evidence package reviewed by FinTelegram suggests that NALMI LIMITED (AS213846) may sit behind a large rotating casino-domain ecosystem. The material does not prove ownership or direct operation of the brands in question. But it does indicate that hundreds of outwardly separate gambling domains may converge inside the same hosting and routing environment — including domains already relevant to the broader Zentoria story. FinTelegram is continuing to investigate and welcomes additional information from whistleblowers and industry insiders.
FinTelegram has already unmasked Zentoria Limited – a freshly minted Irish “bookmaker” fronted by Mykhaylo Pavlenko and an Alina Vavilova who appears to match the Cyprus‑based Head of Affiliate Program at Russian‑rooted fintech group Quadcode – as the hidden EU paymaster funnelling players’ money into blacklisted NovaForge casinos through the innocent‑sounding “Spinsopotamia.com Dublin” descriptor.
A growing body of indicators suggests that a cluster of outwardly separate online casino brands may be linked, directly or indirectly, to Zentoria Limited and a shared backend payments architecture. FinTelegram reviewed operator attributions, Irish licensing records, repeated payee clues, and live payment flows across multiple brands. The result is not yet a final legal attribution of the full network, but the hypothesis of a Zentoria-linked casino cluster has become increasingly plausible.
Following our Feb 19, 2026 compliance report on Zentoria Limited and the NovaForge casino network (Robycasino/Spinsy), a whistleblower has provided email documentation indicating that the card billing descriptor “Spinsopotamia.com” is connected to xpate (xpate.com) — a payment services / e-money firm that states it is authorised by the UK Financial Conduct Authority (FCA) as an Electronic Money Institution (EMI).
BetAlice appears to be operating without visible operator disclosure while remaining accessible across multiple domains despite Italian blackouts on some URLs. Our payment-rail review found a familiar offshore-casino stack: ChainValley behind cashier-branded methods (including Skrill/NETELLER labels), and an multiy-layered open-banking route with Paradis Tech Ltd shown as payee and Yapily/Wise Open Banking references in the flow.
FinTelegram reveals that Irish-registered Zentoria Limited is operating as a shadow payment processor for another NovaForge brand, Robycasino. Disguising transactions under the billing descriptor "Spinsopotamia.com Dublin," Zentoria is quietly facilitating offshore gambling while holding an official Irish Remote Bookmaker's Licence.
n an explosive response to a victim’s complaint, payment giant Skrill has officially confirmed that documented shell companies Briantie Limited and Cyperion Solutions Limited are "on-boarded merchants" who passed its internal checks. While admitting it debited the victim's bank account for 28 fraudulent transactions, Skrill denies all liability, claiming no "contractual agreement" exists with the payers using its gateway.
The notorious Galaktika N.V. network, operating through its Slotoro and Boomerang-Bet brands, has been caught utilizing sophisticated "cloaking" techniques and fraudulent portals to infiltrate the mobile ecosystems of Apple and Google. Both brands employ deceptive "Google Play" badges to funnel users through "Ghost" domains to download unverified, high-risk malware designed to harvest sensitive KYC data for identity theft.
Lithuanian virtual asset service provider UTRG UAB, operating as utPay, has suspended all crypto-asset services effective January 1, 2026, citing MiCA compliance requirements and awaiting authorization from the Bank of Lithuania. This suspension comes after extensive FinTelegram investigations documented utPay's systematic role as the primary payment facilitator for a sprawling network of illegal offshore casinos targeting German and European players through deceptive "fake bank transfer" schemes.
FinTelegram has completed an in‑depth compliance investigation into Lithuanian VASP UTRG UAB d/b/a utPay. The findings indicate that utPay has evolved into a high‑volume payment hub for unlicensed online casinos and sports betting operators, particularly targeting German players through deceptive “fake bank transfer” schemes.