Chances are it’s an automated process looking to get placement in your referrer stats in common web stats that many host have in place by default e.g awstats/webalizer (these are often publically accessible), and is probably not targeting your site specifically (rather, doing it across 1000s of sites / ip ranges of hosting companies)
Because they get links back to the referred site (though in newer versions of these apps they’ve sorted the exploits)
It’s a primary reason I don’t use server side analytics - in most cases they falsely record all kinds of spurious bot noise as legitimate traffic, and very few of these applications are sufficiently actively maintained to win the battle against traffic with malicious intent.
Who can see the referrer statistics? If it’s only you via the ACP I wouldn’t worry about it.
If you’re publishing them on public pages, i.e. showing as trackback comments, removing the stats plugin isn’t going to help, moderate them for approval/removal