Second article of a series about Open Bullet 2, a credential stuffing tool. We analyze the the Http request to better understand how it works, its HTTP headers and TLS fingerprint, and how it can be detected.