What booters used vDOS attack back-end?

I counted the source IP’s in the api.vdos-s.com access log. These are the most common. The biggest request numbers are from vdos-s.com and the other booters on that server. Its IP changed at least twice in this period. There are some unidentified booters that initiated a rather large number of attacks.

The numbers don’t always directly reflect the number of attacks because some booters sent several HTTP requests per attack, one for each “attack server”.

count IP comment
3665146 78.128.92.156 3 Sep 2015 – 18 Jan 2016 vdos-s.com etc.
3487256 82.118.233.144 18 Jan 2016 – 18 Jul 2016 vdos-s.com etc.
810199 82.118.233.198 18 Jul 2016 – 1 Sep 2016  vdos-s.com etc.
480426 162.158.17.72 not sure, Cloudflare’s IP?
182269 85.25.218.98 22 Sep 2015 – 19 Nov 2015
33322 188.166.71.10 21 Dec 2015 – 31 Aug 2016
15479 109.236.89.247 6 Feb 2016 – 19 Jun 2016, “anti.php”
12124 141.101.93.44 7 Sep 2015 – 14 Sep 2015
1759 248.15.162.127
1074 188.226.221.60
1033 51.254.199.38 second PoodleStresser, Octolus codebase
987 109.236.92.157 first PoodleStresser
803 79.182.113.146
192 79.182.170.158
166 87.70.82.73
158 79.179.188.167

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s