Security analyst Kent Kent noticed something odd about the devices that were using the mobile application API. He found standard browsers like Firefox and Chrome hitting API endpoints that should only be touched by their mobile-application communication. The only communication that should be touching your mobile application are the mobile applications installed on your users phones. Separate mobile and web domains makes it easier for you to spot malicious behavior. A public crawler on your application fabric is commonly a precursor to traffic from threat actors.”]
Source: https://threatpost.com/unmasking-ghoulish-api-behavior/175253/