Home » Security Bloggers Network » How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection

How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection

by Antoine De Daran on August 11, 2025

The post How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection appeared first on Blog – Datadome.

A travel platform targeted by persistent malicious automation

A world-leading travel planning platform has been the target of a persistent, high-volume bot attack, still ongoing as of July 29. Since July 22, attackers have launched over 214 million requests from a single IP address, aiming to access the site’s web endpoint using sophisticated scraping and DDoS-like behavior.

While most bot attacks rely on distributed networks to mimic human traffic, this campaign stood out for its volume, consistency, and single-source origin — a highly unusual pattern in bot operations.

Thanks to DataDome’s server-side behavioral detection engine, the attack was blocked in real time using a hard-block response, automatically denying traffic that exhibited abnormal behavioral signatures.

O
8
8
6
9

n
3
1
2
5

g
7
9
3
8

o
5
7
7
0

i
4
0
1
7

n
2
8
1
0

g
4
0
0
5

Duration

9
4
5
7

~
9
8
2
8

3
9
2
9
7

.
6
3
6
9

5
3
9
7
3

M
2
4
9
0

Requests per hour at peak

2
6
5
9
2

1
1
2
4
1

4
1
3
3
9

M
4
3
8
2

+
2
6
8
5

Total requests blocked to date

W
9
6
8
7

e
5
2
0
0

b
2
5
0
0

Endpoint targeted

I
2
9
2
9

1
0
7
5

L
7
7
5
7

A
4
3
6
8

Y
3
0
0
4

E
3
8
5
6

R
5
0
2
8

9
2
0
8

L
5
2
1
5

I
1
4
2
2

M
7
6
7
4

I
1
2
7
4

T
6
3
4
6

E
5
3
0
7

D
2
5
7
3

AS origin

1
7
1
0
4

Number of IPs used

Overview of the attack

This attack was defined by its unusual persistence and single-IP execution. For over a week, a steady flood of requests (upwards of 3.5 million per hour) targeted the platform’s main web endpoint.

While the attacker did not attempt to spoof IPs or rotate identifiers, they attempted to blend in through fingerprint headers and static browser signatures. However, the lack of variability and failure to execute JavaScript betrayed the automation at work.

Figure 1 below shows the number of malicious requests detected over time by the DataDome engine.

How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection

Figure 1: Malicious requests blocked by DataDome’s behavioral detection engine.

Distribution and characteristics

Despite being geographically sourced from a single IP address in South Africa, the bot traffic attempted to imitate real users through header manipulation and familiar browser strings. Still, the anomalies were clear:

Static user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1)…Chrome/87…
No cookie generation: Each session lacked a DataDome cookie
Fingerprint patterns: Included repeated headers like x-forwarded-proto, fastly-ff, and cdn-loop
No JS execution: The attacker avoided executing page JavaScript, a common bot tactic

DataDome’s detection engine quickly recognized the behavioral red flags, even in the absence of multiple IPs or obvious velocity spikes.

How was the attack detected & blocked?

The attack was neutralized by AI Server-Side Behavioral Detection, one of DataDome’s advanced response models designed to hard-block suspicious patterns at the infrastructure level.

The behavioral engine identified several key factors:

Sessions lacking cookies or legitimate interaction
Traffic volume exceeding typical usage patterns for a single IP
Fingerprint and header anomalies inconsistent with real user behavior

Because the attacker failed to rotate IPs or simulate user engagement accurately, detection was swift. Within milliseconds, the malicious traffic was blocked at the edge, without impacting real users or slowing down the site.

Protect your platform from automated threats with DataDome

Automated attacks don’t always look like brute force. Sophisticated bots can operate under the radar, especially when they scale gradually or use static, low-noise patterns.

DataDome’s AI-powered behavioral detection monitors every session in real time, detecting anomalies even when attackers attempt to disguise intent. From scraping and account takeover attempts to stealthy DDoS-style probes, our platform stops bots before they impact your customers or your business.

Want to see it in action? Schedule a demo.

*** This is a Security Bloggers Network syndicated blog from Blog – DataDome authored by Antoine De Daran. Read the original post at: https://datadome.co/threat-research/214m-malicious-requests-blocked-server-side-behavioral-detection/

August 11, 2025April 14, 2026 Antoine De Daran Bot & Fraud Protection, bot management, Threat Research

How DataDome Blocked 214M+ Malicious Requests With Server-Side Behavioral Detection

A travel platform targeted by persistent malicious automation

Overview of the attack

Distribution and characteristics

How was the attack detected & blocked?

Protect your platform from automated threats with DataDome

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Randall Munroe’s XKCD ‘Border Message’