Thursday, July 08, 2004

Casino Online On-Line (part 3)

Well, the casino moron struck POPFile again. That got Manni agitated enough to do some heavy chongqing research to go along with what I have already done in part 1, part 2, and more on this topic.

I am not 100% certain they are connected, but if you click many of the links on the casino-online-on-line site it takes you to an identical looking site at btdcasino.com. And at the top of the page of both sites it says Be The Dealer Casino. There is little useful whois info on either except they were both registered through GoDaddy which could be more than coincidence. Manni did get some possible clues out of the info though.

I suspect casino online on-line a cover for their spamming. Their real domain looks totally legitimate and non-spammy so if their spam url's host gets complaints they can't be directly connected to the real site. Hopefully we can find a way to prove it.

For more evidence I did a diff between the main pages at casino-online-on-line dot com and btdcasino dot com. Its obvious they are trying to cover their tracks. On casino on-line they removed the note about who wrote the javascript, but they used a lot of identical javascript and HTML code between pages.

Both sites have a link to the same install program on the same server from Netherlands Antilles hidden in some javascript:

btdcasino dot com : 193.109.194.162

casino-online-on-line dot com : 63.241.136.201

This is btdcasino's HTTP header:

Here is casino-online-on-line's:

Also take a look at:

  • posted by JoeC @ 3:24 PM
    • Comments:
    Thanks. He just hit POPFile's wiki this morning too. We will add this one to our lists. And here are some of his keywords for Google to pickup: Buy Viagra Online, viagra, order viagra, cheap viagra online, best prices
    # posted by Blogger JoeC : 7/12/2004 11:08 AM
    Edit  
    Post a Comment

    << Home