[eGQjxkKF6fif]

Would you mind sharing information on these crawlers accessing APIs only usable for clicking around on websites?

And to clarify,

It's a part of the UI or something and only a human should be pressing it, and there's no other way to access that API or something?

AI agents exist now, there is virtually no way to distinguish between real user and bot if they mimic human patterns.

[vachina]

They’re using the sign up and sign in forms, and also the search, and then clicking on those search results. I thought some bad actor is masquerading as AI scrapers to enumerate accounts, but their behavior is consistent with a scraper.

[eGQjxkKF6fif]

Read this: https://jan.wildeboer.net/2025/04/Web-is-Broken-Botnet-Part-...

Basically everybody's a bot in a hidden botnet now. And we agreed to it. Phones, tablets, Windows appstores add the SDK in, and then drone. One of the big ones is "Infatica" - devs get paid to put this in legitimate 'apps'

AI companies, and whoever and whatever else use the reputation-good IPs to hammer sites and well, it's fair game for all malicious people.