SEMRUSH ABUSE & Possible Hacker Network

For awhile now we have been monitoring these so called Search Engine Robots. We have noticed multiple things that appear to be malicious activity from these robots.

ABUSIVE IP ADDRESSES – 46.229.168.129-46.229.168.157

  1. These robots look for certain files on a server. EVEN WHEN NO LINKS EXIST FOR THEM. This is not True Search ENGINE BEHAVIOR.
  2. They do not follow the Robots.txt File
  3. When they find specific files that they are looking for it appears that Bot Nets start trying to hack these files and gain access to the servers.
  4. These Bots look for submission forms on websites and freely fill them out and send mass amounts of SPAM and JUNK with fake email addresses.
  5. System & Resource ABUSE
  6. Automatically join mailing lists with FAKE EMAIL ADDRESSES.
  7. They Consume Port usage and don’t disconnect correctly so that these ports stay open and consume resources.
  8. Strange enough it looks like they also attack & abuse EMAIL SYSTEMS.
  9. This So Called LEGIT COMPANY doesn’t even own their own IP ADDRESSES. They lease them out from 3rd Party Hosting Companies, which also shoots a major RED FLAG into the air.
  10. Another RED FLAG is that they are a so called USA BASED COMPANY, however all the Hosting and Servers they use are located outside of the United States. If you a LEGIT United States Company why would you do this??? It’s because it makes it harder for the US Government to crack down on their Malicious Intent.
  11. Fills out LOGIN and AUTHENTICATION FORMS with Dictionary Attack characteristics.

We have had long suspicion that these systems are part of a larger BOT Network used for hacking systems, hiding behind the name of a company that looks legit. Maybe this company does this as a way to help other companies compete against other companies and make money from malicious activities.

WE SUGGEST THAT ALL WEBSITES & NETWORKS BLOCK THEIR TRAFFIC.

Possibly Related to SEMRUSH

Attacks Started happening after network Wide Block of SEMRUSH & They follow many of the same Characteristics of SEMRUSH ABUSE – HACKER NETWORK

62.138.2.243

78.129.237.153