For awhile now we have been monitoring these so called Search Engine Robots. We have noticed multiple things that appear to be malicious activity from these robots.
ABUSIVE IP ADDRESSES – 188.8.131.52-184.108.40.206
- These robots look for certain files on a server. EVEN WHEN NO LINKS EXIST FOR THEM. This is not True Search ENGINE BEHAVIOR.
- They do not follow the Robots.txt File
- When they find specific files that they are looking for it appears that Bot Nets start trying to hack these files and gain access to the servers.
- These Bots look for submission forms on websites and freely fill them out and send mass amounts of SPAM and JUNK with fake email addresses.
- System & Resource ABUSE
- Automatically join mailing lists with FAKE EMAIL ADDRESSES.
- They Consume Port usage and don’t disconnect correctly so that these ports stay open and consume resources.
- Strange enough it looks like they also attack & abuse EMAIL SYSTEMS.
- This So Called LEGIT COMPANY doesn’t even own their own IP ADDRESSES. They lease them out from 3rd Party Hosting Companies, which also shoots a major RED FLAG into the air.
- Another RED FLAG is that they are a so called USA BASED COMPANY, however all the Hosting and Servers they use are located outside of the United States. If you a LEGIT United States Company why would you do this??? It’s because it makes it harder for the US Government to crack down on their Malicious Intent.
- Fills out LOGIN and AUTHENTICATION FORMS with Dictionary Attack characteristics.
We have had long suspicion that these systems are part of a larger BOT Network used for hacking systems, hiding behind the name of a company that looks legit. Maybe this company does this as a way to help other companies compete against other companies and make money from malicious activities.
WE SUGGEST THAT ALL WEBSITES & NETWORKS BLOCK THEIR TRAFFIC.
Possibly Related to SEMRUSH –
Attacks Started happening after network Wide Block of SEMRUSH & They follow many of the same Characteristics of SEMRUSH ABUSE – HACKER NETWORK