About ddosed
This service was built to provide actionable intelligence to teams monitoring DDoS activity from high-profile threat actors that primarily conduct DDoSes.
Threat actors are monitored on Telegram where they post DDoS claims. When a DDoS claim is posted, it will be ingested into this platform near real-time.
Victims are categorised (region and industry) by a serverless LLM Cloudflare Worker. For more detail on how this works, check out Categorise-Site-Worker-AI on GitHub.
FAQs
What is a DDoS?
A DDoS is a low-IQ attempt to disrupt organisations that wastes bandwidth, time, and money for everyone involved (except DDoS protection providers).
Why do you do this?
To collect and aggregate information on threat actor activities and understand trends in targeting and victimology.
If someone is DDoSed, why is their website online?
An important distinction is that DDoS *claims* are monitored and not verified. In the majority of instances, DDoSes are a point-in-time attack that have little long-term impact on the victim services. Many threat actors - especially hacktivist groups and personas, overstate or fabricate claims when actually the impact to victim services is minimal or nonexistent.
How do you collect this data?
Threat actors are monitored on Telegram. Victims are never contacted and no threat actor infrastructure is interacted with.
Your data is incomplete?
That's not a question, but... There is no guarantee that the information is accurate or complete, and when a new threat actor is onboarded only limited historic attack data is collected.
Why don't you monitor x?
Please contact me with your ideas. Currently only threat actors that operate on Telegram and conduct regular DDoS attacks are in scope.