{"id":49074,"date":"2022-10-28T13:44:58","date_gmt":"2022-10-28T13:44:58","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33983\/Meet-The-Windows-Servers-That-Have-Been-Fueling-Massive-DDoSes-For-Months.html"},"modified":"2022-10-28T13:44:58","modified_gmt":"2022-10-28T13:44:58","slug":"meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/","title":{"rendered":"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/06\/server-ddos-storm-surge-800x450.jpg\" alt=\"Meet the Windows servers that have been fueling massive DDoSes for months\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Aurich Lawson \/ Getty<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"41 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/10\/researchers-id-12k-microsoft-servers-that-are-a-ddosers-best-friend\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">57<\/span> <span class=\"visually-hidden\"> with 41 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 71:single\/related:16586f84ff04148aedb62c26f1a0f885 --><!-- empty --><\/p>\n<p>A small retail business in North Africa, a North American telecommunications provider, and two separate religious organizations: What do they have in common? They\u2019re all running poorly configured Microsoft servers that for months or years have been spraying the Internet with gigabytes-per-second of junk data in distributed-denial-of-service attacks designed to disrupt or completely take down websites and services.<\/p>\n<p>In all, <a href=\"https:\/\/blog.lumen.com\/cldap-reflectors-on-the-rise-despite-best-practice\/\">recently published research<\/a> from Black Lotus Labs, the research arm of networking and application technology company Lumen, identified more than 12,000 servers\u2014all running Microsoft domain controllers hosting the company\u2019s Active Directory services\u2014that were regularly used to magnify the size of distributed-denial-of-service attacks, or DDoSes.<\/p>\n<h2>A never-ending arms race<\/h2>\n<p>For decades, DDoSers have battled with defenders in a never-ending arms race. Early on, DDoSers simply corralled ever-larger numbers of Internet-connected devices into botnets and then used them to simultaneously send a target more data than it could handle. Targets\u2014be they games, new sites, or even crucial pillars of Internet infrastructure\u2014often buckled at the strain and either completely fell over or slowed to a trickle.<\/p>\n<p>Companies like Lumen, Netscout, Cloudflare, and Akamai then countered with defenses that filtered out the junk traffic, allowing their customers to withstand the torrents. DDoSers responded by rolling out new types of attacks that temporarily stymied those defenses. The race continues to play out.<\/p>\n<p>One of the chief methods DDoSers use to gain the upper hand is known as reflection. Rather than sending the torrent of junk traffic to the target directly, DDoSers send network requests to one or more third parties. By choosing third parties with known misconfigurations in their networks and spoofing the requests to give the appearance that they were sent by the target, the third parties end up reflecting the data at the target, often in sizes that are tens, hundreds, or even thousands of times bigger than the original payload.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Some of the better-known reflectors are misconfigured servers running services such as <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/10\/researchers-id-12k-microsoft-servers-that-are-a-ddosers-best-friend\/open%20DNS%20resolvers\">open DNS resolvers<\/a>, the <a href=\"https:\/\/arstechnica.com\/information-technology\/2014\/01\/dos-attacks-that-took-down-big-game-sites-abused-webs-time-synch-protocol\/\">network time protocol<\/a>, <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/02\/in-the-wild-ddoses-use-new-way-to-achieve-unthinkable-sizes\/\">Memcached for database caching<\/a>, and the <a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/09\/in-the-wild-ddoses-are-abusing-webcams-and-dvrs-to-amplify-their-crippling-effects\/\">WS-Discovery protocol<\/a> found in Internet of Things devices. Also known as amplification attacks, these reflection techniques allow record-breaking DDoSes to be delivered by the <a href=\"https:\/\/arstechnica.com\/information-technology\/2022\/06\/tsunami-of-junk-traffic-that-broke-ddos-records-delivered-by-tiniest-of-botnets\/\">tiniest of botnets<\/a>.<\/p>\n<h2>When domain controllers attack<\/h2>\n<p>Over the past year, a growing source of reflection attacks has been the Connectionless Lightweight Directory Access Protocol. A Microsoft derivation of the industry-standard <a href=\"https:\/\/en.wikipedia.org\/wiki\/Lightweight_Directory_Access_Protocol\">Lightweight Directory Access Protocol<\/a>, CLDAP uses User Datagram Protocol packets so Windows clients can discover services for authenticating users.<\/p>\n<p>\u201cMany versions of MS Server still in operation have a CLDAP service on by default,\u201d Chad Davis, a researcher at Black Lotus Labs, wrote in an email. \u201cWhen these domain controllers are not exposed to the open Internet (which is true for the vast majority of the deployments), this UDP service is harmless. But on the open Internet, all UDP services are vulnerable to reflection.\u201d<\/p>\n<p>DDoSers have been using the protocol since <a href=\"https:\/\/www.akamai.com\/our-thinking\/threat-advisories\/cldap-reflection-ddos\">at least 2017<\/a> to magnify data torrents by a factor of 56 to 70, making it among the more powerful reflectors available. When CLDAP reflection was first discovered, the number of servers exposing the service to the Internet was in the tens of thousands. After coming to public attention, the number dropped. Since 2020, however, the number has once again climbed, with a 60-percent spike in the past 12 months alone, according to Black Lotus Labs.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33983\/Meet-The-Windows-Servers-That-Have-Been-Fueling-Massive-DDoSes-For-Months.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":49075,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9174],"class_list":["post-49074","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermicrosoftdenial-of-service"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-10-28T13:44:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/06\/server-ddos-storm-surge-800x450.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months\",\"datePublished\":\"2022-10-28T13:44:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/\"},\"wordCount\":582,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg\",\"keywords\":[\"headline,hacker,microsoft,denial of service\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/\",\"name\":\"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg\",\"datePublished\":\"2022-10-28T13:44:58+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,microsoft,denial of service\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermicrosoftdenial-of-service\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/","og_locale":"en_US","og_type":"article","og_title":"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-10-28T13:44:58+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/06\/server-ddos-storm-surge-800x450.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months","datePublished":"2022-10-28T13:44:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/"},"wordCount":582,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg","keywords":["headline,hacker,microsoft,denial of service"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/","url":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/","name":"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg","datePublished":"2022-10-28T13:44:58+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/10\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/meet-the-windows-servers-that-have-been-fueling-massive-ddoses-for-months\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,microsoft,denial of service","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftdenial-of-service\/"},{"@type":"ListItem","position":3,"name":"Meet The Windows Servers That Have Been Fueling Massive DDoSes For Months"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49074","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49074"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49074\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/49075"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49074"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49074"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49074"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}