|
Casino spam from Russia - with a twist: We got bursts of referrer spams (50 at once) for go-play-casino.com. They all came from the same IP address, 193.233.5.49, all targetting the same URL and all with the user agent string Mozilla 4.0 IE6.0+ SRV1.1.
The domain is registered with directi.com and the whois does not contain any further information about the registrant. A quick search for directi.com leaves a mixed impression: On the one hand, they do seem to host quite a few dubious domains, while on the other hand their abuse department does post in news.admin.net-abuse.email and promises to look into the issues reported there.
The site itself is hosted at 66.230.189.96, which belongs to Phantographics LLC. This seems to indicate that complaining at Phantographics won't help much ...
The most interesting bit of all this, however, is the IP address the spams came from, as it belongs to the "I. M. Gubkin Russian State University of Oil and Gas" in Moscow. Looks like some student or faculty member there is looking for a little auxiliary income, as all the referrer spams for this domain came from that IP address. Yes, I realise it could be yet another open proxy, but it's odd that all the spam is coming from one IP.
|