Top 50 IP Addresses used for DDoS Attacks

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. (wikipedia.org)

Below there is a list of the top 50 IP Addresses used for DDoS Attacks in the last 30 days. The type of DDoS used by these IPs is UDP Flood and ICMP Flood and we can see from the hostname of the IP Addresses that the most compromised IPs are servers, and in specific mail servers. If we do a port scan on these IPs we will see that port 80 (web services) and port 25 (email services) are open.

67.37.103.34 – mail.raymond.k12.wi.us
208.195.70.41 – fw11.sbt.siemens.com
208.195.70.39 – fw12.sbt.siemens.com
98.174.170.148 – eei-ok.com
66.250.45.77 – citrix.t3inc.us
67.210.32.10 – stat10.oc.warwick.net
209.168.168.42 – new-atlantic.net
209.149.228.96 – nat.burke.k12.nc.us
170.185.83.19 – fayette.kyschools.us
209.184.145.210 – mail.ckpower.com
4.79.17.248 – –
97.67.122.218 – mail.prattliving.con
87.192.100.242 – mail.threefold.ie
92.70.21.217 – static.kpn.net
83.70.179.173 – mail.baf.ie
62.77.191.245 – mail.qualitykitchens.ie
113.161.76.170 – static.vdc.vn
113.160.132.161 – static.vdc.vn
87.203.10.84 – host4.donomis.ondsl.gr
86.47.36.119 – mail.athlonetowncentre.com
74.7.176.21 – mail.chiefmc.com
70.67.129.33 – morey.chatwinengineering.com
70.151.19.132 – decaturgeneral.org
67.134.175.226 – smtp.drahota.com
66.212.7.133 – www.readingequipment.com
65.5.123.226 – mail.stcharlesda.org
66.195.94.26 – corp.faithenterprisesinc.com
64.207.26.130 – mail.slaterpaull.com
64.80.3.61 – –
216.204.42.234 – mail.ffmechanical.com
212.61.146.154 – ocb-3.fiberspeed.claranet.nl
205.161.180.253 – ns1.electrochem.org
208.157.149.186 – mail.chrisjohnson.com
203.45.136.85 – pokdev3.lnk.telstra.net
203.167.239.250 – mail.gvi.co.nz
12.35.4.82 – mail.swrrefractory.com
12.17.160.22 – apps.ddtransportation.com
12.234.97.114 – –
12.173.127.226 – –
209.214.233.130 – mail.wgyates.com
63.110.230.201 – pat.mesa-air.com
64.251.52.34 – gate.monroeps.org
208.47.211.5 – abgtr1.abgnetwork.net
70.48.248.22 – bas10-toronto12-1177614358.dsl.bell.ca
71.168.228.251 – pool-71-168-228-251.cmdnnj.fios.verizon.net
208.74.132.38 – 208-74-132-38.dnvr.static.dslblast.com
216.133.154.169 – seri8-0-0-7-0.dal-m100.gw.epoch.net
118.33.127.163 – –
142.24.240.253 – –
123.252.208.189 – –
91.77.192.209 – ppp91-77-192-209.pppoe.mtu-net.ru
67.186.35.154 – c-67-186-35-154.hsd1.pa.comcast.net