Cloud Server with Rogue Bot

Forum Moderators: open

Message Too Old, No Replies

Cloud Server with Rogue Bot

154.127.52.0/24

Bewenched

5:59 pm on Jul 1, 2021 (gmt 0)

This "bot" hit our ordering page and input over 17,000 fraudulent order attempts in minutes on our ecommerce site.
The origin ip was 154.127.52.49

154.127.52.0/24
HEFICED Cloud servers
www.heficed(.)com

jmccormac

6:06 pm on Jul 1, 2021 (gmt 0)

It might be a good thing to deep six (block) the /24.

Regards...jmcc

lucy24

11:15 pm on Jul 1, 2021 (gmt 0)

Ugh. I only find two visits from the /24, both in the last half-year--and both hit with a resounding 403.

:: detour for deeper look into archives ::

Huh. Are they comparatively new?

jmccormac

11:37 pm on Jul 1, 2021 (gmt 0)

Been around for quite some time. Seems to use a lot of LACNIC/South American IP ranges. Some of the African ones are newer.

Regards...jmcc

[edited by: jmccormac at 12:04 am (utc) on Jul 2, 2021]

keyplyr

12:00 am on Jul 2, 2021 (gmt 0)

heficed.com
154.127.48.0/20
154.127.48.0 - 154.127.63.255

dstiles

8:09 am on Jul 2, 2021 (gmt 0)

This is my current list of heficed. There may be more under different names as heficed seems to be a relative newcomer.

5.180.148.0 - 5.180.151.255
5.182.32.0 - 5.182.33.255
45.8.132.0 - 45.8.135.255
45.133.172.0 - 45.133.173.255
45.137.194.0 - 45.137.195.255
89.19.44.0 - 89.19.47.255
89.19.48.0 - 89.19.51.255
102.128.136.0 - 102.128.143.255
154.127.48.0 - 154.127.63.255
179.61.128.0 - 179.61.255.255
185.205.194.0 - 185.205.194.255
195.78.54.0 - 195.78.55.255

lucy24

3:40 pm on Jul 2, 2021 (gmt 0)

Seems to use a lot of LACNIC/South American IP ranges. Some of the African ones are newer.

Considering the recent history of IPv4, that is not surprising.