and Semalt Botnet

Both and are Semalt tools for content scraping. This botnet is pretty extensive and tiring to kill.

The raw access log entries look seemingly legit, but being referred from the two Semalt tools, they could not be legit users.

These host names and Ip address, masquerading as valid browsers, took up a lot of my bandwidth. This botnet used mainly companies from Brazil such as TELEFÔNICA BRASIL, Vivo, Global Village, Brasil Telecom, Yawl, portalmail but also used a bunch of Italian and US companies as well. continues to content scrape for Semalt. I have a separate research report on them.

I am getting referrers from, the old Semalt content scraper botnet. They are reusing and repurposing their old names. buttons-for-website Indian Time Warner Brasil Telecom moved to Venezuela moved to Mexico, changed referrer to keywords-monitoring-success keywords-monitoring-success TELEKOM MALAYSIA BB-Multiplay India new campaign SPEEDCONNECT Br – Alami Israel

Not labelled but same pattern

Leave a Reply

Your email address will not be published. Required fields are marked *