keywords-monitoring-your-success.com and free-video-tool.com: Semalt Botnet

      No Comments on keywords-monitoring-your-success.com and free-video-tool.com: Semalt Botnet

Both keywords-monitoring-your-success.com and free-video-tool.com are Semalt tools for content scraping. This botnet is pretty extensive and tiring to kill.

The raw access log entries look seemingly legit, but being referred from the two Semalt tools, they could not be legit users.

These host names and Ip address, masquerading as valid browsers, took up a lot of my bandwidth. This botnet used mainly companies from Brazil such as TELEFÔNICA BRASIL, Vivo, Global Village, Brasil Telecom, Yawl, portalmail but also used a bunch of Italian and US companies as well.

Virtua.com.br continues to content scrape for Semalt. I have a separate research report on them.

I am getting referrers from buttons-for-website.com, the old Semalt content scraper botnet. They are reusing and repurposing their old names.

152-249-175-99.user.vivozap.com.br 152.249.175.99
179-228-168-1.user.vivozap.com.br
189-31-13-76.pmjce700.dsl.brasiltelecom.net.br 189.31.13.76
177.97.10.dynamic.adsl.gvt.net.br
177.99.128.dynamic.adsl.gvt.net.br
177.132.34.59.dynamic.adsl.gvt.net.br 177.132.34.59
177.204.31.206.dynamic.adsl.gvt.net.br
179.177.1.70.dynamic.adsl.gvt.net.br
179.185.44.201.static.gvt.net.br
186.212.227.252.static.host.gvt.net.br
187.112.250.152.static.host.gvt.net.br
201.86.12.53.dynamic.adsl.gvt.net.br
179-199-126-43.user.veloxzone.com.br
189-48-26-100.user.veloxzone.com.br
186-251-245-80.ip.yawl.com.br
b12289a4.virtua.com.br
bfb4b062.virtua.com.br
bfbf81fe.virtua.com.br
net-2-36-76-96.cust.vodafonedsl.it
187.1.12.158
31.157.209.86
ool-18b957ba.dyn.optonline.net 24.185.87.186
ppp-98-226.98-62.wind.it 62.98.226.98
11-212-105-177.portalmail2.com.br 177.105.212.11

186.247.149.245
189-31-13-76.pmjce700.dsl.brasiltelecom.net.br
41.250.237.244
2.49.67.16

177-137-105-161-user.pignet.net.br
186-211-104-150.gegnet.com.br 186.211.104.128/28 186.211.104.144/29
189-18-110-97.dsl.telesp.net.br
dynamic-adsl-94-37-54-163.clienti.tiscali.it
18949232094.user.veloxzone.com.br 189.49.232.94
179-169-33-1.user.vivozap.com.br 179.169.33.1
adsl-135.166.199.181.celpinf.com.ar 181.199.166.135
ns5.emigtel.com.br
179-236-92-157.user.veloxzone.com.br
191-23-99-73.user.vivozap.com.br
201.49.194.144
200-165-221-218.user.veloxzone.com.br 200.165.221.218
201-62-86-207.life.com.br
host-189-39-194-131.consoftmg.com.br 189.39.194.131
177.184.167.130
cl7412.zumpnet.com.br 177.72.64.213 177.72.66.0/24 177.72.69.216 177.72.73.2
179.183.18.87.dynamic.adsl.gvt.net.br
152-249-17-121.user.vivozap.com.br
103.42.157.100 buttons-for-website Indian
90-97-107-179.telbrax.net.br 179.107.97.90
cpe-76-95-34-245.socal.res.rr.com 76.95.34.245 Time Warner
177.52.121.20.linkmax.net.br
cpc76740-dals23-2-0-cust614.20-2.cable.virginm.net 92.234.214.103
177.157.67.247.dynamic.adsl.gvt.net.br
bl18-105-223.dsl.telepac.pt 188.83.105.223
187-110-217-228.dynamic.starweb.net.br
55.203.62.94.rev.vodafone.pt 94.62.203.55
186.213.181.106.static.host.gvt.net.br
189-73-24-227.dsl.fozit701.brasiltelecom.net.br
177.4.50.80 Brasil Telecom
190-37-98-214.dyn.dsl.cantv.net moved to Venezuela
191.249.48.245.dynamic.adsl.gvt.net.br
179-110-47-14.dsl.telesp.net.br
customer-qro-199-67.megared.net.mx moved to Mexico, changed referrer to keywords-monitoring-success
228.147.113.181.static.pichincha.andinanet.net keywords-monitoring-success 181.113.147.228
1.32.70.114 TELEKOM MALAYSIA
59.90.184.252 BB-Multiplay India
c8a0670c.virtua.com.br
mx-ll-180.183.140-215.dynamic.3bb.co.th
187-44-20-223.mcl-cb.mastercabo.com.br
191-19-131-244.user.vivozap.com.br

177-94-78-126.dsl.telesp.net.br fix-website-errors.com new campaign
177.125.20.3 fix-website-errors.com SPEEDCONNECT Br 177.125.20.0 – 177.125.23.255
host86-135-163-153.range86-135.btcentralplus.com buttons-for-website.com
200.185.222.81 fix-website-errors.com
83-223-179-192.cpe.netmadeira.com fix-website-errors.com
187.113.174.83.static.host.gvt.net.br fix-website-errors.com
bd061167.virtua.com.br fix-website-errors.com
177.96.183.178.dynamic.adsl.gvt.net.br free-video-tool.com
177-102-244-109.dsl.telesp.net.br free-video-tool.com
177.156.240.226.dynamic.adsl.gvt.net.br
net-93-71-207-200.cust.vodafonedsl.it
177473461.tvninternet.com.br 177.47.34.61 buttons-for-website.com
179-126-135-210.xd-dynamic.algartelecom.com.br
bb4384c5.virtua.com.br 187.67.132.197

177.133.173.237.dynamic.adsl.gvt.net.br buttons-for-website.com

103.16.202.217 buttons-for-website.com
185.27.106.60 Alami Israel
189-25-236-108.user.veloxzone.com.br
bd6767a7.virtua.com.br buttons-for-website.com
117.217.65.27 buttons-for-website.com
dsl.49.146.212.106.pldt.net
45.123.160.147
179-189-9-231-user.wgo.com.br

Not labelled but same pattern
189.27.133.173.dynamic.adsl.gvt.net.br
5332241007.e.brasiltelecom.net.br 177.4.204.44
201.22.246.178.dynamic.dialup.gvt.net.br buttons-for-website.com
adsl-ull-102-97.51-151.wind.it 151.51.97.102
mx-ll-171.5.87-221.dynamic.3bb.co.th 171.5.87.221
201-14-197-154.paemt205.dial.brasiltelecom.net.br
201-78-101-60.user.veloxzone.com.br
189-81-89-14.user.veloxzone.com.br
179-247-175-46.user.vivozap.com.br
189-12-172-202.user.veloxzone.com.br

No related posts.

Leave a Reply

Your email address will not be published. Required fields are marked *