He’s being really loose with his definition of “back online”. Their DNS entry is resolving, and if you hit the IP it points to, port 443 is open and has a valid TLS certificate (from Let’s Encrypt). The IP I’m seeing right now is 190.115.31.151. It’s resolving consistently to that IP address for me (but I only tried twice just now, however, it looks like the one I was getting the other day, the WHOIS record certainly looks to be the same one). The page is literally just a splash page. It has no javascript and no links to do anything like login or go to a particular user page. There is a prominent link to a Fox News article which covers John Matze saying the service will be back in about a month.
WHOIS thinks that block (190.115.16.0/20) is owned by DDOS-GUARD CORP, and the listed responsible party is Evgeniy Marchenko, who is one of the two owners of DDoS Guard. The registered address is in Belize.
The other listed physical address is in Ecuador. The only listed email address is xengine@mail.ru.
Neustar’s geoip database thinks the IP address is in Belize (and it’s probably just using the WHOIS information for that).
The trail goes cold at 190.115.31.151. That’s clearly a proxy hosted by DDoS Guard and we don’t actually know anything about where the static page is being hosted. I would bet its on one of Epik’s servers.
They don’t have a backend built out. They did manage to recover all their data from AWS. A month to get back online screams incompetence (given that they have hosting and their data).
There isn’t great evidence that any of the servers are located in the Russian Federation. There is evidence that their front door is managed by citizens of the Russian Federation. And that that company has a pretty weird/questionable legal registration.
Their DNS provider is US company, and its front door has an IP address listed as located in London.
Both Epik and DDoS Guard have very checkered reputations and a very ugly list of customers.
I’m betting their backend does wind up in Russia, but right now, Vickery is being way more confident in his claims than I can find public evidence for. And, FWIW, my professional creds are about as good as his. I’m an SRE with a sub specialty in security engineering. He’s a manager of a security research group. They might have something I haven’t uncovered, and they might be spending more time on it. Or he’s overselling the DDoS Guard Russia connection ¯_(ツ)_/¯