for example) hosted on 22.214.171.124 (OVH) and suballocated to:
inetnum: 126.96.36.199 - 188.8.131.52
status: ASSIGNED PA
source: RIPE # Filtered
"MMuskatov" was involved in this attack too, and a quick inspection of 184.108.40.206/28 doesn't look promising, you might want to block it and 220.127.116.11/28 and 18.104.22.168/28 as well. A deeper analysis is in progress.