"Bad Request" Errors `akam.grn Static`

[TheProdigyLeague]

Steps to Reproduce

1. Attempt to access site
2. Observe error page errors.edgesuite.net
3. Monitor network traffic - HTTP 400 Akamai
4. Request Header and Cookie examination reveals akid and ak_bmsc

Akamai Bot Manager

ivid=9fe555c6-932a-4669-a05a-1fb0078d8134; AKES_GEO=US~KY; akid=gip23.61.88.162_gsip23.45.66.200_clip69.76.40.186_rclip69.76.40.186; ak_bmsc=FBA616B2C16E745A3DC215532B04C052~000000000000000000000000000000~YAAQyEItF2rO9eyYAQAAhKMT8hzqJE9EUxb30YVWv8nF0Sj8+eU2nQAd2IiKIcDH9Lxl/OIo8EPupvbC8tsG624O9weUoD5Q+wSVRn1/aSgfK+0UFU6bbW2bf7tRlfZTVUBcORN7vpGCoVx0RUVSazw+eQ1UAp+lhE/fMUt2fFTaoYP2g67giEHELY/GiThcD2Gm6bfbrTYCBnoaRgR/8Ibe2ztQcvD06agGSLZd8KhihvQuEFA5nWs25NO7aq2qeJA4kxv8BjTQbaEqmfG3q2QfqukdTV3pktvTD24XrylEmWSi0VLkvK/Io7n27TA18hgdxd83PdAIdA7dkPyBp7k3hjctghTqEg3UqgZG8YA8CCf0WZVJ/yK4oUeQHWzhVYpVGJFc/0N3ANc=; utag_main__sn=1; utag_main__se=1%3Bexp-session; utag_main__ss=1%3Bexp-session; utag_main__st=1756410207212%3Bexp-session; utag_main_ses_id=1756408407212%3Bexp-session; utag_main__pn=1%3Bexp-session; CONSENTMGR=c1:1%7Cc2:1%7Cc3:1%7Cc4:1%7Cc5:1%7Cc6:1%7Cc7:1%7Cc8:1%7Cc9:1%7Cc10:1%7Cc11:1%7Cc12:1%7Cc13:1%7Cc14:1%7Cc15:1%7Cc16:1%7Cts:1756408407220%7Cconsent:true; qbn.qbo_sctimer=1764184564177; qbn.qbo_sc=cid:|sc:|ext:QOE-COM|int:www.intuit.com|; nmstat=60d9cffe-a2f4-f440-67fc-01b371a02c1d; _scid=W6W8g6gPelPY33wAkrfnmki6eAOnWml0; _scid_r=W6W8g6gPelPY33wAkrfnmki6eAOnWml0; pageProperties=$www.intuit.com$homepage$www.intuit.com$cmo|mktg|corp|icom|homepage$cmo|mktg|corp|icom|us|homepage; s_ecid=MCMID%7C64393132372842741871581275884160477583; AMCVS_969430F0543F253D0A4C98C6%40AdobeOrg=1; AMCV_969430F0543F253D0A4C98C6%40AdobeOrg=-2121179033%7CMCIDTS%7C20329%7CMCMID%7C64393132372842741871581275884160477583%7CMCAID%7CNONE%7CMCOPTOUT-1756416347s%7CNONE%7CvVersion%7C5.3.0

Attached JavaScript suggests that the request are being denied by the Akami-managed security layer.

function getCookieVal(e) {
    try {
        return document.cookie.toString().match(e + "=[^;]*;?")[0].split("=")[1].replace(";", "")
    } catch (e) {
        "function" == typeof csLog && csLog("error", "Page Url is: " + window.location.href + ";Error: " + e)
    }
}
window.mktg_datalayer || (window.mktg_datalayer = {}),
window.mktg_datalayer.properties = {
    page_cas_id: "c72ZEi0TI"
};

e = a.call(n, u)
                    } catch (t) {
                        e = [6, t],
                        r = 0
                    } finally {
                        o = s = 0
                    }
                if (5 & e[0])
                    throw e[1];
                return {
                    value: e[0] ? e[1] : void 0,
                    done: !0
                }

expiry.setDate(expiry.getDate() + daysToSet);
            var cookie_string = [utag.gdpr.cookieNS + "=" + encodeURI(mo2Val.join("|")), "path=" + utag.gdpr.path, "expires=" + expiry.toGMTString()];
            if (utag.gdpr.domain) {
                cookie_string.push("domain=" + utag.gdpr.domain);
            }
            document.cookie = cookie_string.join("; ");
            utag.data["cp." + utag.gdpr.cookieNS] = mo2Val.join("|");
        },

var o = r && ("load" === r.type ? "missing" : r.type)
                              , a = r && r.target && r.target.src;
                            u.message = "Loading chunk " + t + " failed.\n(" + o + ": " + a + ")",
                            u.name = "ChunkLoadError",
                            u.type = o,
                            u.request = a,
                            n[1](u)
                        }
                    }

, e = void 0;
        0 !== n && "number" == typeof Error.stackTraceLimit && (e = Error.stackTraceLimit,
        Error.stackTraceLimit = Number.POSITIVE_INFINITY);
        var s = [function() {
            throw new Error("")
        }

function dr(t) {
        var n = /^.*(%26|%3F|\?|&)ScCid(%3D|=)([0-9A-F]{8}-[0-9A-F]{4}-[1-5][0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}).*$/i;
        return J(y((function() {
            return n.exec(t)[3]
        }
        )))
    }

try {
                    i.name = e
                } catch (e) {}
                return i.DNS = r,
                i.URL = a,
                i
            }

if (5 & c[0])
                                throw c[1];
                            return {
                                value: c[0] ? c[1] : void 0,
                                done: !0
                            }

}, Re = function(e, t) {
                return !t || qe(e) && "clamp(" === e.substr(0, 6) ? e : "clamp(" + e + ")"
            }, De = function e() {
                return Me && requestAnimationFrame(e)
            }, Ie = function() {
                return te = 1
            }, Ye = function() {
                return te = 0
            }, je = function(e) {
                return e

User Traffic Flags

NSE: [http-aspnet-debug 23.61.88.162:80] Response body: <HTML><HEAD>
<TITLE>Bad Request</TITLE>
</HEAD><BODY>
<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.<P>
Reference&#32;&#35;7&#46;c8422d17&#46;1756410086&#46;0
<P>https&#58;&#47;&#47;errors&#46;edgesuite&#46;net&#47;7&#46;c8422d17&#46;1756410086&#46;0</P>
</BODY>
</HTML>

The packet capture and Cookie data show the client making HEAD to bb-admin/index.aspx which could have triggered the bot management system. The DNS lookup for 23.61.88aircrack-ng-1.7162 returns NXDOMAIN.

17946	87.202530374	100.115.92.202	23.61.88.162	HTTP	274	HEAD /bb-admin/index.aspx HTTP/1.1 
17947	87.204636097	23.61.88.162	100.115.92.202	TCP	66	80 → 40094 [ACK] Seq=212 Ack=212 Win=65024 Len=0 TSval=384914384 TSecr=3106909664
17948	87.235325417	23.61.88.162	100.115.92.202	TCP	54	443 → 44386 [RST] Seq=6521 Win=0 Len=0
17949	87.235328654	23.61.88.162	100.115.92.202	TCP	54	443 → 44386 [RST] Seq=6521 Win=0 Len=0
17950	87.235329973	23.61.88.162	100.115.92.202	TCP	66	80 → 40102 [ACK] Seq=1 Ack=209 Win=65024 Len=0 TSval=384914416 TSecr=3106909698
17951	87.235331165	23.61.88.162	100.115.92.202	TCP	74	443 → 44392 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM TSval=384914416 TSecr=3106909697 WS=128
17952	87.235447074	100.115.92.202	23.61.88.162	TCP	66	44392 → 443 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=3106909730 TSecr=384914416
17953	87.235332310	23.61.88.162	100.115.92.202	TCP	66	80 → 40102 [ACK] Seq=1 Ack=1 Win=65152 Len=0 TSval=384914416 TSecr=3106909698
17954	87.235333436	23.61.88.162	100.115.92.202	HTTP	276	HTTP/1.0 400 Bad Request 
17955	87.235465086	100.115.92.202	23.61.88.162	TCP	66	40102 → 80 [ACK] Seq=209 Ack=211 Win=64128 Len=0 TSval=3106909730 TSecr=384914416
17956	87.236139717	100.115.92.202	23.61.88.162	TLSv1.3	583	Client Hello

; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> 23.61.88aircrack-ng-1.7162
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3213
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;23.61.88aircrack-ng-1.7162.    IN      A

;; AUTHORITY SECTION:
.                       30      IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2025082801 1800 900 604800 86400

;; Query time: 49 msec
;; SERVER: 100.115.92.193#53(100.115.92.193) (UDP)
;; WHEN: Thu Aug 28 15:49:39 EDT 2025
;; MSG SIZE  rcvd: 130

Boilerplate

The intended content loads, however, the JavaScript code attempts to handle large properties, cookies, and various errors. Which does not resolve the "Bad Request" issues from the server.

Expected Behavior

Access site with no "Bad Request" error.