The attack was recorded in late August and targeted a CloudFlare customer based in China. The browser based Layer 7 flood peaked at 275,000 HTTP request per second and was issued by 650,000 unique IPs, according to a blog post.
More than 99 percent of requests came from a Chinese IP address and nearly 80 percent came from mobile devices. Mobile versions of the Xiaomi’s MIUI browser,Safari, Chrome, and Tencent’s QQBrowser were used in the attack.
“Strings like ‘iThunder’ might indicate the request came from a mobile app. Others like ‘MetaSr’, ‘F1Browser’, ‘QQBrowser’, ‘2345Explorer’, and ‘UCBrowser’ point towards browsers or browser apps popular in China,” the post said.
Researchers said they were confident the attack didn’t involve a TCP (transmission control protocol) packet injection.
“Attacks like this form a new trend,” the post said. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators.”