In collaboration with digital fraud analysts and regional cybercrime monitoring teams, we’ve uncovered a cluster of fake fintech interfaces operating as laundering pivots for online casino revenues. These include:
- thelocalpaymentspage
- widget.merchantsglobe
- macpaypal
- illongrlong
Each of these appears to serve no legitimate purpose, but instead operates as a redirection layer, account registration shell, or fake PSP widget facilitating the redistribution of funds linked to unregulated betting platforms.
🎭 What Makes Them Fake?
These domains present themselves as payment tools or merchant portals. But upon investigation, they:
- Lack any company background, legal disclosure, or licensing
- Feature broken navigation, fake merchant dashboards, or incomplete payment UIs
- Contain metadata referencing phantom integrations or placeholder APIs
- Show clear signs of template-based deployment with obfuscation of ownership
In short, they are digitally empty but structurally active, built to simulate fintech activity and mask illegal flows.
🎰 The Casino Connection
Logs obtained from offshore gambling platforms show references to widget.merchantsglobe and macpaypal in checkout redirect chains. These domains receive payment token requests from gambling sites and then forward them to unknown third-party endpoints, frequently hosted offshore or within anonymized server networks.
In several cases, gambling-related payout flows list illongrlong as the “merchant of record,” even though no such legal entity exists. These are fabricated identifiers used to lend legitimacy to disguised financial flows.
🇵🇰 JazzCash Clone Overlap
During phishing link investigations in Pakistan, several of these domains were observed as redirect intermediaries embedded within:
- Fake JazzCash and Easypaisa payment pages
- Telegram bots offering “instant withdrawal” or “auto-payment” for Pakistani users
- Side-loaded APKs that capture credentials and forward them through a multi-domain chain
Specifically:
thelocalpaymentspageandmacpaypalappear in final redirect URLs after a user submits login data on cloned JazzCash forms.- SSL fingerprints from
widget.merchantsglobematch short-lived phishing kits flagged in Pakistani mobile networks.
This does not prove origin or base in Pakistan, but confirms technical involvement in regional attack chains.
🧨 Risk Assessment
These domains are not just phishing gateways. They are modular, multi-purpose shell nodes in laundering networks. They are designed to:
- Obscure origin and destination of money
- Mask payments as “freelancer payouts” or “merchant settlements”
- Redirect sensitive user data and transaction requests through unmonitored infrastructure
Their low-cost, rapid-deploy architecture makes them perfect tools for grey-market operators looking to remain undetected.
✅ Recommendations
- Block all known domains and subdomains of these platforms at DNS level
- Flag transactions labeled with their merchant aliases
- Monitor for redirects from fake JazzCash pages that involve these domains
- Notify end-users (especially in Pakistan) of the phishing risk via mobile operators and wallet providers
📌 Conclusion
thelocalpaymentspage, macpaypal, illongrlong, and related interfaces are not fintech projects—they are technical façades for laundering, phishing, and financial obfuscation. Their intersection with cloned JazzCash gateways raises further concern about user safety in Pakistan’s digital finance space.
We will continue publishing infrastructure alerts and collaborating with local CERT teams to contain these threats.