A massive cybercrime operation tied to one of the internet’s most powerful DDoS-for-hire botnets, Rapper Bot, has been brought down, and at the center of the case is a 22-year-old man from Eugene, Oregon. According to a federal criminal complaint filed on August 6, 2025, in the District of Alaska, Ethan Foltz is alleged to be the mastermind behind Rapper Bot, a botnet responsible for hundreds of thousands of disruptive attacks around the world.
Also known as “Eleven Eleven Botnet” and “CowBot,” Rapper Bot functioned as a large-scale DDoS-for-hire botnet, targeting devices like WiFi routers and digital video recorders (DVRs). Once compromised, these devices were used to flood targeted systems with overwhelming internet traffic, resulting in Distributed Denial of Service (DDoS) attacks that could cripple websites, networks, and digital services within seconds.
The Rapper Bot Botnet Scale and Global Impact
Between April 2025 and the time of the complaint, Rapper Bot is believed to have launched over 370,000 separate attacks against more than 18,000 unique victims in over 80 countries. The botnet’s capabilities were staggering, operating between 65,000 and 95,000 infected devices, the attacks often peaked between 2 to 3 Terabits per second, with the largest potentially reaching over 6 Terabits per second.
Among the targets were U.S. government networks, major tech firms, and a prominent social media platform. Authorities confirmed that at least five of the infected devices used in these attacks were located in Alaska.
According to the court documents, Ethan Foltz and unnamed co-conspirators monetized the botnet by offering paid access to Rapper Bot’s infrastructure. Some clients allegedly used it for extortion, threatening to launch devastating attacks unless victims paid up. A single 30-second DDoS attack could cost businesses $500 to $10,000 in damages and recovery efforts.
Takedown and Seizure of Rapper Bot
Law enforcement’s breakthrough came on August 6, 2025, when federal agents executed a search warrant on Foltz’s residence in Oregon. During the operation, they seized control of Rapper Bot, disabling its attack infrastructure. Since then, no further Rapper Bot activity has been reported, following the handover of its command-and-control systems to the Defense Criminal Investigative Service (DCIS).
“Rapper Bot was one of the most powerful DDoS botnets to ever exist, but the outstanding investigatory work by DCIS cyber agents and support of my office and industry partners has put an end to Foltz’s time as administrator,” said U.S. Attorney Michael J. Heyman for the District of Alaska.
Charges, Partners, and Ongoing Operations
Ethan Foltz is charged with one count of aiding and abetting computer intrusions, a felony that carries a maximum sentence of 10 years in prison if convicted. The case is being prosecuted by Assistant U.S. Attorney Adam Alexander and investigated by the DCIS, with major contributions from industry partners.
This enforcement action was carried out as part of Operation PowerOFF, a coordinated international law enforcement effort aimed at dismantling DDoS-for-hire botnets around the globe. As with all criminal cases, Foltz is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
