In January someone hit us with ~2K malicious backlinks from AWS instances across 15+ regions, cheap TLD spam domains, and even Blogspot. We built a Python script to automate the disavow file generation, then added a UI and Dockerized it. Full technical writeup with the forensic analysis here:
https://dev.to/surcebeats/someone-paid-around-2k-to-destroy-...The tool parses exports from Ahrefs/SEMrush/Google Search Console, categorizes IPs vs domains, supports whitelisting, tracks new threats across uploads, and generates Google-ready disavow.txt files.
Feedback welcome.