The thriving online gambling industry, centered in the Asia-Pacific region, particularly led by China and India, is facing a concerning surge in illicit activities such as money laundering, online scams, and fraud.
Qurium Media, a Swedish nonprofit specializing in digital security solutions, has reported that Chinese scammers are crafting cloned versions of legitimate websites, diverting unsuspecting visitors to gambling sites.
The saga began when MindaNews, a Philippine newspaper headquartered in Davao City and affiliated with the Mindanao Institute of Journalism, stumbled upon a Chinese clone of its website. Promptly notifying Qurium, MindaNews revealed that the clone (mmart-inn.com) had been operating from China, illicitly replicating the newspaper’s content—news, photos, and opinion pieces—translated into Chinese over the past two years, with the most recent translation dating back to February 2023.
“Some MindaNews authors retained their English names, while others were translated into Chinese. Nonetheless, the content remained consistent when translated back to English,” clarified MindaNews in a blog post.
Further investigations unveiled over 500 cloned websites, many belonging to academic institutions, all promoting gambling services rooted in China. Notably, in August 2023, the Chinese APT group Bronze Starlight was reported for employing stolen Ivacy VPN certificates to sign malware targeting the Southeast Asian gambling sector. However, it remains unclear if this attack was linked to the ongoing website cloning assault.
The cloned websites found refuge in two /24 networks managed by the US-based Eonix Corporation-owned ServerHub. These sites, masquerading as public libraries, universities, and private businesses, were all created in September 2021 and endorsed a gambling platform named ‘188bet’ (520xingyun.com/from/188bet.php) through advertisements.
These ads featured a physical address in the Isle of Man, a location where numerous gambling firms, including Kaiyun, BetVictor, Raybet, and Manbetx, were already registered. The website 520xingyun{.}com hosted a plethora of such ads.
Moreover, all these companies were registered in July 2021 via the domain registrar Gname.com Pte. LTD, utilizing a white-label partnership with TGP Europe and Cube Limited. Both Cube Limited and 188bet had affiliations with the Isle of Man. These entities acted as intermediaries for Asian gaming partners. TGP Europe, based in the UK, had previously faced charges of social responsibility failures and anti-money laundering.
Gname, as per Qurium’s report, was implicated in various WIPO cases involving domains used for ads. It’s noteworthy that 188bet maintains officers in Makati, Philippines, as a standard practice.
“Chinese gambling companies often establish their headquarters in nearby nations like Vietnam and the Philippines due to the prohibition of gambling in China,” stated Qurium.
As of now, ServerHub has refrained from taking action against the client responsible for cloning numerous websites, citing an ongoing investigation.