Thursday, July 08, 2004

Casino Online On-Line (part 3)

Well, the casino moron struck POPFile again. That got Manni agitated enough to do some heavy chongqing research to go along with what I have already done in part 1, part 2, and more on this topic.

I am not 100% certain they are connected, but if you click many of the links on the casino-online-on-line site it takes you to an identical looking site at And at the top of the page of both sites it says Be The Dealer Casino. There is little useful whois info on either except they were both registered through GoDaddy which could be more than coincidence. Manni did get some possible clues out of the info though.

I suspect casino online on-line a cover for their spamming. Their real domain looks totally legitimate and non-spammy so if their spam url's host gets complaints they can't be directly connected to the real site. Hopefully we can find a way to prove it.

For more evidence I did a diff between the main pages at casino-online-on-line dot com and btdcasino dot com. Its obvious they are trying to cover their tracks. On casino on-line they removed the note about who wrote the javascript, but they used a lot of identical javascript and HTML code between pages.

Both sites have a link to the same install program on the same server from Netherlands Antilles hidden in some javascript:

btdcasino dot com :

casino-online-on-line dot com :

This is btdcasino's HTTP header:

Here is casino-online-on-line's:

Also take a look at:

Seems like the online casino spammer is doing a new promotion for a viagra site. Take a look at this history of a page on KayakWikiThe spam is almost identical. Same malformed HTML, just a different website, and different keywords.

Thanks. He just hit POPFile's wiki this morning too. We will add this one to our lists. And here are some of his keywords for Google to pickup: Buy Viagra Online, viagra, order viagra, cheap viagra online, best prices
Post a Comment

<< Home