: Blocking non-human traffic from wasting ad-click budgets.
: Beyond simple bot detection, the platform has historically offered features such as: Link Shortening and clickthrough tracking. antibot.pw
: Beyond simple traffic filtering, the service provides tools like AntiDispos Email to detect disposable email addresses and PhoneNumber Validate to verify national and international phone numbers. Antibot.pw : Blocking non-human traffic from wasting ad-click budgets
The Japanese-language presentation "Phishing Hunging Operations (PHOps)" explained how antibot.php operates in real-world phishing kits. In the code of a live phishing kit, the script would register the IP address of a visitor judged to be a bot to https://antibot.pw . The presentation's author concluded that this allows multiple phishing sites to share a common blocklist, effectively creating a distributed blacklist among cybercriminals to share information about security vendors and researchers. The slide deck visually depicted how multiple phishing sites (Phishing Site A and Phishing Site B) can query the antibot.pw central blacklist to block antivirus vendors and other defensive systems, thus maintaining their operations longer. Antibot
For security professionals encountering antibot.pw in their threat intelligence feeds, network logs, or incident response investigations, several practical considerations should guide their response. First, the presence of API calls to antibot.pw should be treated as a potential indicator of compromise, particularly in environments where such external traffic would not normally be expected. The domain is known to be used by phishing kits and malware distribution networks, and its appearance in logs warrants further investigation.