for example) hosted on 220.127.116.11 (OVH) and suballocated to:
inetnum: 18.104.22.168 - 22.214.171.124
status: ASSIGNED PA
source: RIPE # Filtered
"MMuskatov" was involved in this attack too, and a quick inspection of 126.96.36.199/28 doesn't look promising, you might want to block it and 188.8.131.52/28 and 184.108.40.206/28 as well. A deeper analysis is in progress.