I developed a website for a client who deployed it behind an F5 firewall. I noticed that when accessing the site for the fist time the home page is not served. Instead an blank html page with some java script files located in the /TSPD directory.
I searched on the net and found that the /TSPD directory is related to anti-bot protection.
Is this normal behavior to initiate such requests? It looks very suspicious. Can the firewall be misconfigured or compromised ?
examples of requests:
Request URL: https://twitter.com/login?redirect_after_login=%2Ffavicon.ico
Request URL: https://www.dropbox.com/login?cont=https%3A%2F%2Fwww.dropbox.com%2Fstatic%2Fimages%2Ficons%2Ficon_sp...
Request URL: https://store.steampowered.com/login/?redir=favicon.ico