Anti-bot JavaScript library identification

This anti-bot library belongs to Akamai. Clients execute the javascript and post to /_bm/data on a site behind the Akamai CDN. The CDN's bot manager (bm) then makes decisions based on the submitted data such as slowing down responses to suspected bot clients, or downright returning 403s. The abck cookie is returned upon submission to the /_bm/data endpoint.

You can read more about it here <=


I de-obfuscated it (see coffeescript code below) and ran it through jsbeautifier.org

stringList = [ ... list went here ]

tCode = '''
... code went here
'''

tIn = tCode
tOut = ""
while tIn != tOut
  tIn = tCode
  for x in [0...stringList.length]
    console.log("_ac[#{x}]", stringList[x])
    tCode = tCode.replace("_ac[#{x}]", stringList[x])
  tOut = tCode

results are here

from a brief look through the code it looks like they are doing things w/ checking plugins and messing w/ canvas ... aka things that would break most bots

part of the code mentions a public key cf[api_public_key] = afSbep8yjnZUjq3aL010jO15Sawj2VZfdYK8uY90uxq ... google search of that public key yielded some code that might bypass this anti-bot detection

more info on the domain listed in the code can be found here

   Domain Name: CFORMANALYTICS.COM
   Registry Domain ID: 1897860898_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.godaddy.com
   Registrar URL: http://www.godaddy.com
   Updated Date: 2018-01-08T20:17:08Z
   Creation Date: 2015-01-24T01:00:53Z
   Registry Expiry Date: 2020-01-24T01:00:53Z
   Registrar: GoDaddy.com, LLC
   Registrar IANA ID: 146
   Registrar Abuse Contact Email: [email protected]
   Registrar Abuse Contact Phone: 480-624-2505
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientRenewProhibited https://icann.org/epp#clientRenewProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Name Server: BONNIE.NS.CLOUDFLARE.COM
   Name Server: DOM.NS.CLOUDFLARE.COM
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-04-06T08:28:19Z <<<

code possibly owned by godaddy?

Tags:

Automation

Bot

Recent Posts