for example) hosted on 126.96.36.199 (OVH) and suballocated to:
inetnum: 188.8.131.52 - 184.108.40.206
status: ASSIGNED PA
source: RIPE # Filtered
"MMuskatov" was involved in this attack too, and a quick inspection of 220.127.116.11/28 doesn't look promising, you might want to block it and 18.104.22.168/28 and 22.214.171.124/28 as well. A deeper analysis is in progress.