vDOS was a booter service ran out of Israel allowing anyone to DDOS victims. In July 2016 Brian Krebs obtained a database dump from the booter service giving insight into the techniques used and victims of the service.

You can see Brian’s posts here:



To analyse the database I’ve written a Vagrantfile which installs the ELK stack and uses logstash to put the vDOS log file into Elasticsearch, Kibana can then be used to analyse the data.

The Vagrantfile and provision script can be found here:


NOTE: The database is not provided here. You must obtain it yourself and copy it the vagrant folder with name attacks.txt The memory is set to 4GB in the Vagrantfile, make sure you have enough memory before doing a vagrant up

git clone https://github.com/thomasweaver/vdos-elasticsearch-vagrant.git
cd vdos-elasticsearch-vagrant
cp location-of-attack-database attacks.txt
vagrant up

Kibana can then be access on

Kibana vDOS analysis discover page

You can then search for your IP, ASN, Company Name or URL.

Kibana vDOS searching for attacks on Google

Kibana vDOS Google Inc attack details

The above shows a search for “Google Inc” and then an individual log entry