That seems the most likely reason. I am sure there are services to automate these kind of blackhat actions.