Queries the source IP address from which a volumetric attack is initiated.

Note This operation is suitable only for volumetric attacks.


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes DescribeDDosEventSrcIp

The operation that you want to perform. Set the value to DescribeDDosEventSrcIp.

EventType String Yes defense

The type of the attack event that you want to query. Valid values:

  • defense: attack events that trigger traffic scrubbing
  • blackhole: attack events that trigger blackhole filtering
StartTime Long Yes 1598948471

The UNIX timestamp when the query starts. Unit: seconds.

Note You can call the DescribeDDosAllEventList operation to query the beginning time of all attack events.
Ip String Yes 203.XX.XX.199

The IP address of the attacked Anti-DDoS Pro or Anti-DDoS Premium instance.

Range Long Yes 2

The number of source IP addresses that you want to return. The source IP addresses are returned in descending order of attack traffic. By default, the top five source IP addresses are returned.

All Alibaba Cloud API operations must include common request parameters. For more information about common request parameters, see Common parameters.

For more information about sample requests, see the "Examples" section of this topic.

Response parameters

Parameter Type Example Description
RequestId String 38A0224E-FDBC-4733-A362-B391827FC1E9

The ID of the request.

Ips Array of EventSrcIp

The information about the source IP address of the attack.

SrcIp String 218.XX.XX.24

The source IP address of the volumetric attack.

AreaId String 110000

The code of the region from which the attack is initiated. The region can be an administrative region in China, or a country or area. For example, 110000 indicates Beijing, China, and us indicates the United States.

Note For more information, see Location parameters.
Isp String 100026

The Internet service provider (ISP) for the volumetric attack. Valid values:

  • 100017: China Telecom
  • 100026: China Unicom
  • 100025: China Mobile
  • 100027: China Education and Research Network
  • 100020: China Mobile Tietong
  • 1000143: Dr.Peng Telecom & Media Group
  • 100080: Beijing Gehua CATV Network
  • 1000139: National Radio and Television Administration
  • 100023: Oriental Cable Network
  • 100063: Founder Broadband
  • 1000337: China Internet Exchange
  • 100021: 21Vianet Group
  • 1000333: Wasu Media Holding
  • 100093: Wangsu Science & Technology
  • 1000401: Tencent
  • 100099: Baidu
  • 1000323: Alibaba Cloud
  • 100098: Alibaba


Sample requests

&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK


JSON format

HTTP/1.1 200 OK

  "RequestId" : "38A0224E-FDBC-4733-A362-B391827FC1E9",
  "Ips" : [ {
    "SrcIp" : "218.XX.XX.24",
    "AreaId" : "110000",
    "Isp" : "100026"
  } ]

Error codes

For a list of error codes, visit the API Error Center.