How Super.com Blocks DDoS Attacks & Scraping in Real Time with DataDome

Super.com is a global platform that helps consumers save and earn money, build credit, and travel. Prior to working with DataDome, bad bots were scraping their proprietary content and bypassing their WAF. DataDome now protects all of their endpoints, helping the company mitigate an attempted denial-of-service (DDoS) attack that put its infrastructure to the test. Five years after choosing DataDome, Super.com is very satisfied with the comprehensive protection of its platform against automated fraud and large-scale cyberattacks.

The challenge: Aggressive scraping & wasted engineering hours

Super.com operates as a travel agent over messaging channels like SMS, Messenger, and WhatsApp. However, some visitors connecting to the platform had more nefarious intentions than booking a weekend getaway or a family trip.

“A lot of bad actors—primarily scrapers—were visiting our properties,” says Henry Shi, Co-Founder of Super. “Besides the theft of proprietary information, this also generated fake traffic volumes and consumed unnecessary resources.”

The team tried to keep out the unwanted visitors by setting up rules in their Cloudflare WAF and making manual code changes, but the broad-stroke setup was no match for the most sophisticated bots. Mitigating traffic also occupied valuable engineering time that could be better spent on revenue-generating projects.

“Manual blocking isn’t fine-grained enough, but it was still a lot of work. The time it took was the most challenging aspect of the whole situation,” Henry observes. “Besides, whenever we noticed something malicious, it was really already a bit late to respond.”

The solution: Proactive defense, one-click set-up through Cloudflare, & hands-on support

Henry and his team decided that they needed a tool that could proactively stop bad actors from visiting and scraping their service. Detection performance was their number one priority. 

“We tested three or four different vendors, running POCs to see what kind of traffic they would stop. DataDome was the most effective in terms of detecting bad traffic,” Henry comments. “On top of that, we appreciate the ease of configuration, so being able to install it with a single click via Cloudflare was a big factor for us.”

After this successful experience in the fight against bot traffic, Super.com decided to increase its investment in security, hiring full-time security staff and building a structured roadmap to enhance its cybersecurity infrastructure, software security processes, and overall fraud prevention strategy. Of course, DataDome helped in this process as well, providing customized detection models to block the specific threats targeting Super.com. 

The results: No more scraping & peaceful management of DDoS attacks

Since implementing DataDome, Super’s engineers no longer have to worry about content theft, fake traffic, or wasted infrastructure resources. “It’s amazingly effective, and the fact that it stops those bad actors from accessing our service is enough for us to be happy with the investment,” Henry says.

However, at the end of 2024, a classic DDoS attack occurred. Attackers flooded Super.com’s infrastructure with malicious traffic, attempting to bring their services offline. The risk of downtime, frustrated users, and financial loss was serious.

“If we had reacted poorly and been less prepared, it could have done real damage,” observes Kyle Pericak, Director of Infrastructure & Tools at Super. “Datadome played a key role in preventing our systems from being overwhelmed.”

When the DDoS attack hit, the infrastructure team immediately turned to DataDome’s hands-on support. “We reached out via Slack, and even though it was during the holiday season, we got incredibly fast help. The team guided us through configuration tweaks, reviewed our setup, and made sure we were ready if the attackers tried again,” Kyle recalls.

Thanks to DataDome’s instant support and real-time mitigation, Super.com successfully neutralized the attack without disruption. With the peace of mind that their platform is protected from both scraping and large-scale cyber threats, Kyle has no hesitation in recommending DataDome to other businesses looking for a cyberfraud and bot mitigation solution. “The DataDome team is incredibly responsive, quick to resolve issues, and genuinely invested in making sure we’re protected. It’s been a great partnership.”

Super.com strengthened its security and eliminated bot-driven threats with DataDome—how about you? Find out if your website, app, and APIs are exposed to malicious traffic with our free Vulnerability Scan.