This botnet’s purpose is to add referrer links to your Google Analytics, in the hopes that the webmaster or site owner will click on the link. They will then be exposed to an internet virus. Please do not click on any referrer spam link, as it is dangerous. I always copy the link and paste it into Google search first, to see if the site is dangerous.
Important is the fact that all these requests do not care about what information is returned from your site. All they care about is logging the referrer info, which has nothing to do with the originating IP. Therefore the originating IP can be spoofed. Note that Microsoft’s IP is included in this list. These botnets can really burn up your server bandwidth, as they do return, so banning them is crucial.
That being said, more than half of this list I had already banned. Overall they represent a bad group of host providers, harbouring scraper bots and worse, so there’s no harm in banning the whole shebang.
They all have a common user agent:
Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
18.104.22.168 Digital Energy Za
22.214.171.124 Digital Energy Za
126.96.36.199 Digital Energy Za
188.8.131.52 Nodes Direct