Short answer: No, thenextweb.com did not spam your Google Analytics — it was just the same old spammer [Vitaly Popov] with a new technique. The people running Google Analytics have been fighting [a losing battle with] spam for a couple of years now. Their process has become apparent – they react within a day or two and shut down any new sources that appear.
So what do the spammers do? Adapt, of course! This latest attack was brilliant — create a rotating series of new sources that each last only a day or two. Google reacts and they get shut down. What no one realized was that each of the attacks included a common element: the Language field contained a consistent message:
Secret.ɢoogle.com You are invited! Enter only with this ticket URL. Copy it. Vote for Trump!
The result: after almost 20 days of rotating Sources, the number of sessions with that Language setting adds up to over 200 sessions in many Google Analytics reports. No longer trivial noise, even in medium-volume web sites. Everyone notices, and LOTS of people click to see what is going on! Mission accomplished!
November 20th, 2016, the spammer realizes that the sources being used don’t need to be his website domains, and he switches to abc.xyz — Google’s parent company Alphabet! Rubbing their nose in it.
November 21st, 2016, the spammer changes source to thenextweb.com since they ran a couple of articles about his antics. They actually left an article referral as well, so now there is a fake referral from thenextweb.com in everyone’s Google Analytics reports.
The impact: a lot of people built up processes to tag new referral sources as spam, and many have blindly added abc.xyz and thenextweb.com to their lists. Well, the spammer pwns them now! They need to adapt, and filter on the Language field instead.
Don’t be a pawn – read the Definitive Guide to Removing All Google Analytics Spam for the right approach.
Well played, Vitaly! Now that you’ve proven your abilities [again], can you leave our Analytics accounts alone for a while?