How was the attack detected & blocked?
DataDome’s Galileo Threat Research team rapidly analyzed the attack patterns and deployed enhanced detection mechanisms specifically calibrated for this threat profile. Our AI-powered detection engine identified and adapted to the evolving attack in real-time, analyzing request patterns, behavioral anomalies, and infrastructure usage to distinguish malicious bots from legitimate users with high precision.
The detection improvements deployed for this attack focused on four key areas:
Request pattern analysis: Legitimate users browse event details, compare seating options, and hesitate before purchasing. The bot traffic skipped these steps entirely, moving directly to cart operations with machine-precision timing intervals.
Behavioral inconsistency detection: Real users generate expected client-side signals—mouse movements, scroll events, JavaScript execution. The scalper bots lacked these signals, flagging their automated behavior as inconsistent with human interaction.
Infrastructure correlation: By cross-referencing IP addresses with known datacenter ranges and proxy service providers, DataDome identified infrastructure commonly associated with bot operations. This context, combined with behavioral signals, enabled high-confidence blocking decisions.
Real-time adaptive protection: As the attack evolved over five days, our AI models continuously updated detection logic. When attackers shifted tactics or introduced new IP ranges, DataDome adapted quickly, maintaining consistent protection without manual intervention.
The result: zero impact on legitimate ticket sales. Fans accessed tickets without friction, while 16 million malicious requests were stopped before reaching the checkout system.
