Unusual requests initiated by /TSPD directory on f5 firewall
I developed a website for a client who deployed it behind an F5 firewall. I noticed that when accessing the site for the fist time the home page is not served. Instead an blank html page with some java script files located in the /TSPD directory.
The javascript initiates requests to common internet sites like dropbox, reddit, twitter. After that it redirects to the original homepage. So for the visitor it is almost transparent but when opening developer tools I can see around 20 requests before loading the home page.
I searched on the net and found that the /TSPD directory is related to anti-bot protection.
Is this normal behavior to initiate such requests? It looks very suspicious. Can the firewall be misconfigured or compromised ?
examples of requests:
Request URL: https://twitter.com/login?redirect_after_login=%2Ffavicon.ico
Request URL: https://store.steampowered.com/login/?redir=favicon.ico