Source: securityboulevard.com – Author: Florent Pajot
On March 25, 2025, a global e-commerce platform that handled nearly $3 billion in transactions in 2024 was the target of a high-velocity Flash DDoS attack. Over the course of 1 minute and 50 seconds, attackers launched 27,959,684 bot requests aimed at overwhelming the site’s main web endpoint.
Flash DDoS attacks are designed to inundate infrastructure in seconds. Unlike traditional DDoS attacks that build over time, Flash DDoS strikes with near-instantaneous intensity—making speed of detection and mitigation critical. Because they spike within seconds, only defense systems that analyze and act in real time, like DataDome’s DDoS Protect, can effectively stop them.
Key metrics of the Flash DDoS attacks
IP addresses, 2,035 user agents used in the attack.
total requests generated by the attacker, distributed across 143 countries.
requests per second maximum velocity at peak.
Overview of Flash DDoS attacks
The graph below (Figure 1) represents the bot traffic handled throughout the 1-minute 50-second attack by our detection engine in 30-second intervals, reaching a peak of 2,000,000 requests per second in the middle of the attack. Without proper defenses, this could have taken down the platform’s website, leading to lost revenue, degraded user trust, and negative press.
Figure 1: Requests per second in Flash DDoS attack blocked by DDoS Protect
Distribution of the attacks
The attack was launched from 12,346 IPs, spanning hundreds of user agents and a wide range of networks. Requests were highly distributed across regions and infrastructure sources, with the most requests coming from Indonesia, the United States, Brazil, India, and Russia (Figure 2). This kind of distribution is a hallmark of sophisticated botnets that leverage proxy IPs, residential IPs, and cloud infrastructure to disguise malicious intent and bypass rate limits.
Figure 2: Geographical distribution of request origination based on analyzed fingerprints
How were the attacks detected & blocked?
The volume and nature of traffic from the attacking IP range were clear indicators of a bot-driven DDoS event. DDoS Protect immediately recognized the threat and responded in milliseconds—blocking 95% of the malicious requests at the edge before they could impact site performance. DDoS Protect detects and blocks the 20% of threats your CDN misses—in under 2 milliseconds.
Thanks to DataDome’s multi-layered AI detection approach, the system analyzed a mix of fingerprints, behavioral signals, and network reputation to detect the malicious traffic. Even if some indicators had been obfuscated or changed mid-attack, other signals ensured accurate detection without false positives.
- 95% of the attack was blocked automatically
- No disruption to the application layer
- No impact on legitimate users
Protect your enterprise against downtime with DataDome
Flash DDoS attacks can cost businesses up to $6,000 per minute in downtime. And with modern attackers using botnets and evasive tactics, legacy defenses are no longer enough.
DataDome’s DDoS Protect responds in milliseconds to mitigate cyberfraud threats and Layer 7 DDoS attacks before they escalate—keeping your site online, your revenue intact, and your customers happy.
Want to see how it works? Schedule a demo.
*** This is a Security Bloggers Network syndicated blog from Blog – DataDome authored by Florent Pajot. Read the original post at: https://datadome.co/threat-research/how-datadome-instantly-blocked-a-28m-request-flash-ddos-attack-for-3b-e-commerce-leader/
Original Post URL: https://securityboulevard.com/2025/04/how-datadome-instantly-blocked-a-28m-request-flash-ddos-attack-for-a-3b-e-commerce-leader/?utm_source=rss&utm_medium=rss&utm_campaign=how-datadome-instantly-blocked-a-28m-request-flash-ddos-attack-for-a-3b-e-commerce-leader
Category & Tags: Security Bloggers Network,Bot & Fraud Protection,ddos,Threat Research – Security Bloggers Network,Bot & Fraud Protection,ddos,Threat Research
Views: 2
