API documentation
You can interact with ddosed's data programatically. All data is returned in JSON format.
Your most likely use-case is to query the attacks. To retrieve all attacks in the past 24 hours, visit the /api/attacks endpoint.
You can also drill down into the data. For example, you can get all attacks in the past 24 hours that were targeting either the telecommunications or government industries in East Asia or Eastern Europe.
get https://ddosed.pages.dev/api/attacks
Retrieve attack data
Returns DDoS attacks in reverse chronological order. If no parameters are specified, a request to this endpoint will return all attacks from the past 24 hours. All parameters for this endpoint are query parameters. No positional parameters are supported.
Parameters
start | Example: 1765474589776
Start POSIX timestamp in milliseconds
end | Example: 1765560989776
End POSIX timestamp in milliseconds
region | Example: East Asia
Region of the victim domain. Case insensitive. Multiple region parameters are supported
country | Example: united kingdom
Country of the victim domain. Case insensitive. Multiple country parameters are supported
category | Example: telecommunications
Domain category. Case insensitive. Multiple category parameters are supported
attacker_id | Example: nnm
The ddosed ID of the threat actor who conducted an attack. Multiple attacker_id parameters are supported.
get https://ddosed.pages.dev/api/categories
Retrieve all valid categories
Parameters
Noneget https://ddosed.pages.dev/api/actors/[id]
Retrieve actor information
Requesting for /actors will return all tracked threat actors. Requesting a specfic /actors/id will return that specific threat actor. The only supported parameter is a positional parameter for actor_id. No query parameters are supported.
Parameters
[id] | Example: nnm
Positional parameter for the actor
get https://ddosed.pages.dev/api/message/[id]
Retrieve a message
Returns Telegram message information associated with an attack. The positional message [id] parameter must be supplied. Note: All messages are unescaped and are in their original form, however they have been enriched with check-host victim extraction, which is appended to the message.
Parameters
[id] | Example: 1732250465_8955
Positional parameter for the message ID to retrieve