wimax183-11.yota.com.ni hit my site as a part of the large Semalt botnet that started with keywords-monitoring-your-success.com and free-video-tool.com campaign, which I have already banned. That botnet was huge. They involved virtua in Brazil as well. Finally that campaign ended and they started with fix-website-errors.com and buttons-for-website. buttons-for-website is a really old Semalt SEO botnet campaign.
To the IP root of 190.181 for the first two octets, add the second two from the hostname.
wimax183-11.yota.com.ni 184.108.40.206 220.127.116.11 – 18.104.22.168 190.181.128/18 Yota De Nicaragua
This is a preview of
yota.com.ni, Part of Semalt Botnet: Research, Ban
. Read the full post (124 words, 0 images, estimated 30 secs reading time)
pool.hdesknet.com.br is part of the fix-website-errors.com by Semalt SEO content scraper campaign, huge and very annoying. I wish they would just stop scraping my site. This botnet is huge and does not seem to want to end. It started with keywords-monitoring-success and free-video-tool.com, which then involved Virtua and megared.net.mx. The vast majority of these content scraper bots reside in Brazil and South America, but there are others from Italy and the US.
Thankfully, only one ip range kills this.
22.214.171.124 126.96.36.199 – 188.8.131.52 184.108.40.206/21 HELP DESK Br
Persistent this botnet is. It’s like a virus that mutates but does not go away. Or an itch you scratch but does not stop. virtua.com.br has a content scraping bot going at my site that I need to stop. virtua.com.br is part of a large Semalt-led botnet I am trying to remove. They have no website. The host addresses I receive on my access log do not resolve, and there’s nothing specific on Google. I’m just giving this a simple domain ban to see how it goes. They also have a huge number of IP blocks, as they are connected to Akamai in the US.
Both keywords-monitoring-your-success.com and free-video-tool.com are Semalt tools for content scraping. This botnet is pretty extensive and tiring to kill.
The raw access log entries look seemingly legit, but being referred from the two Semalt tools, they could not be legit users.
These host names and Ip address, masquerading as valid browsers, took up a lot of my bandwidth. This botnet used mainly companies from Brazil such as TELEFÔNICA BRASIL, Vivo, Global Village, Brasil Telecom, Yawl, portalmail but also used a bunch of Italian and US companies as well.
Virtua.com.br continues to content scrape for Semalt. I have a separate research report on them.
This is a preview of
keywords-monitoring-your-success.com and free-video-tool.com: Semalt Botnet
. Read the full post (304 words, 0 images, estimated 1:13 mins reading time)