search

limesquid / favicon-thief

Find the best favicon for a given URL
MIT License
4 stars 0 forks source link

HTTP 403 - index page #12

Closed kamilmielnik closed 1 year ago

kamilmielnik commented 1 year ago

Found in https://github.com/limesquid/favicon-thief/pull/6

kamilmielnik commented 1 year ago

Possibly related to https://github.com/limesquid/favicon-thief/issues/13

kamilmielnik commented 1 year ago 
wget pixabay.com
--2022-12-08 17:43:06--  http://pixabay.com/
Resolving pixabay.com (pixabay.com)... 2606:4700:4400::6812:25f4, 2606:4700:4400::ac40:960c, 104.18.37.244, ...
Connecting to pixabay.com (pixabay.com)|2606:4700:4400::6812:25f4|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://pixabay.com/ [following]
--2022-12-08 17:43:06--  https://pixabay.com/
Connecting to pixabay.com (pixabay.com)|2606:4700:4400::6812:25f4|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2022-12-08 17:43:07 ERROR 403: Forbidden.

curl https://pixabay.com
<!DOCTYPE html>
<html lang="en-US">
<head>
    <title>Just a moment...</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=Edge">
    <meta name="robots" content="noindex,nofollow">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <link href="/cdn-cgi/styles/challenges.css" rel="stylesheet">

</head>
<body class="no-js">
    <div class="main-wrapper" role="main">
    <div class="main-content">
        <h1 class="zone-name-title h1">
            <img class="heading-favicon" src="/favicon.ico"
                 onerror="this.onerror=null;this.parentNode.removeChild(this)">
            pixabay.com
        </h1>
        <h2 class="h2" id="challenge-running">
            Checking if the site connection is secure
        </h2>
        <noscript>
            <div id="challenge-error-title">
                <div class="h2">
                    <span class="icon-wrapper">
                        <div class="heading-icon warning-icon"></div>
                    </span>
                    <span id="challenge-error-text">
                        Enable JavaScript and cookies to continue
                    </span>
                </div>
            </div>
        </noscript>
        <div id="trk_jschal_js" style="display:none;background-image:url('/cdn-cgi/images/trace/captcha/nojs/transparent.gif?ray=7764e7a0e9d8ca3e')"></div>
        <div id="challenge-body-text" class="core-msg spacer">
            pixabay.com needs to review the security of your connection before proceeding.
        </div>
        <form id="challenge-form" action="/?__cf_chl_f_tk=gNF9PdeKbD6q2AZ5Nh0nZ7jZdj1xOwyTxE8SX00ZEgA-1670496256-0-gaNycGzNB1E" method="POST" enctype="application/x-www-form-urlencoded">
            <input type="hidden" name="md" value="RhuPZXOUPQf0W_iTzkiN.et2v0Ve_hcPaMyMO9fDyiQ-1670496256-0-ATqtYAAIDkHyaHczysijbus_zXK1pTRam7OZZjKLQqRUYKH1yQO542dToPbjw_HTpJd6wQu6PbLVth2y3AeR4EiKVeXwA3V67o46pKf1-9UgNFXcK5iO4HpTMOcgISmjX4jKsQI-GIc1hsHsMNj2Sh26fiQ0ifVSmGWwIZIGt-hvhhE2iKIAIix2guUKU7yIKyC9S0VyP6k93BBIzxY3tuHh4ZmKMwycUQOaI38QXktrsnQ7eDdttcoIfTbunE_EhTZFhieEr2xGnM46xr-83nxXpiNT69AVQSVrC0zDjoxxlEZgDEua2SMgidYvM9LhEZ-0tEeZ1-G4jN-4pfF8qz4BhocCxJBL7rEkv8cDkxbFBdcQa5qSwwE-T1zNI-4HenJFyNeU76ubDWBo6aoFQ3B3tQtHoZt15f9MA0NtImexTsO-Rz11-VjAxIIYwdDc6BbA0CBf_FE2sW3PEPlllE2ixN2aLb-RHtAWNkMRNEEOvvLmk747AoPSjKxIC6hBXi9nzERO_eT8UYpWmzkIVKGwtPFUJb3C7OELApXGvLr9TfjgpmkNC3m_Is333Cwm_uLolosziwtYQBrrBwBlopCeXPumEMlnJCoZOE5Od-vFyUKWffj73aAnCJMwUz6gcfCYcp_nrqdneKsPj0q_J8s">
            <input type="hidden" name="r" value="vFOJxXc_Vn0h8IaVHEDEixfc2buE.f7nQIgvV7OqhIw-1670496256-0-ATBZakSEE0QPEyCENOKxEfBgbH+PauGznb2G8EGcrm/9YJWsUq2dDS+IQ0LF86ZEQEPfrOX4/jRQ+gazhL045M4xP5pvIg/qUCvqW+NuLa9rjUiiLS8AOCS+Bl9Km4AVzo/MIi53ZHQnAe0EYLaJdsMRZ7C5h9q3yCgLs7VPtRBX4mVSA7hum8gNEL/xi1khwXuvCpf3SSlTTkIi5Pt1CJOaoh0QgaGNhzN+klTczLz8RN6yLNHXLP5egsV+MAALw11DiSJV5Erh1ecaK0SMkHGRzY6XvLfz1fHsaAIz791w1QCcTmCWtPWEGnDxEu0GdZlhnVgmIgp96vsdGiYPE+v8nR+UvWTaFkyPorvy0/8j3PCV+79jN3Lcb+C2vVxpgPRVXUUqatKA9y4AVl//kIAPU6/kWhr3lUUvGTUAp/nL5TEN4jEricXn4DrkkvzBUIeY2M8Rjb0AmFIBNmjlKiXInCd6t6uv9kjkXeH14N5M049XANm4mT/tFmLlZFbVDnUJvYmyfTMVCpFJe+Yfpfe+j4pPqTnp84KL+5FwO91L8H5D3NMpYnLh3698idx6f/W1AEDWAlbOZsYbB7nIjA5BCebe0IRyWTHZrLyURyOP+jMSxYVzUoQ3xIulzm3L2u08JoylJ/jyeZROGilkPgeUV49FT2SWvZ96qHk5LZvFFjlMDz5eCBFRxS0RYa4hyM/urK4YjkydFcRu01uuRomUC2K5LZfOCiSv1RXkffCWTDR8JSiX3iYSfsWCn68xli5SCPqpWx5BvAV24pt+EfAuh8L55Asz8tb6wq3JGi2+6w89TuifcZor5K2nRCfqPCUpHK6yfrhORSAOQu1VpZSHKSMdatt0OEeTTj/KEqdaslgNHYk2su7lUeW4R5x5BtAGWqxrB4ShJd+V0lBvobBDlU5KdtaEGs35KqQ/n4XOSzTr/GtZ/liNb6vhARluWzb00kgjysOvcBiz4RAMxxbH4m+ZH/P3KCHx031DI0fpPyIlfeXOBAColOv4x3TpDqBQqZqoBrhV+c6XT5NxW3AQtpv3BGDTfEvNUgVS5235meUEoZ+dh96xOw5qxQq3Hor7Dbn/kmW6PLnSWvdN/p++BjP8llHgO2jfPVc+B4+oD6xFVRptHKu7XZQW46segFglh8s1B0tv2Z8Ny4wTwEp5psdEM+4fl7nVuVirxmkDOJ9yQ8qe0N385WqGqcXlTbnO7POIM2BkYMQLM2NZvsFz//NWQtNpfWHUSI8jbUFnEQS2BdWbBeSwuJxmSL91nVwjg3vIiv5zq0v768kv18HEQwLsuO0X0lSOdOoANyd2TPmlAf210lvqy7YWLwa63hhsZyZAXxi4frXNv1RKLMP4xhyLhSekoUJy+ZGp9xwL72mPw4YeWKI9+qbSrpREriDGCLQ7SG/WlYvo77UE1XRMxvdK7O7n6z87lSRxQLC2ubaap0xRpCldB88fNX5LPcmO/nRJI4OM73G3oQxFG1kWUbAOmuZkBheWlaKCxDz4yQUo+SxJffC4S4x6bCFIs2ao2J3RIp27mVgwGybzEt6OHFuiV7ps/BmiIAKKSX/0ftGmdavJPUMdCq30dx49+OsWd7ihIfLhpBh9y9TT+z6Q34CaSbRcwOZqi8EwfpvZydI/yiEAFltomjkystaA76sEaxSmP8ne8g4rhdIA0EhFIvz+jO6QFBDExZQBiBhqQSQkWsVBX9LsTNXWabEVR54cBQKyij0N4hSp+mBuauM2tnIwJnn9NlrFaJWf/tzrkssScijxIYcl1tcVqDtnBu2dhmZ0aaWJxOYtlkIYrHo=">
        </form>
    </div>
</div>
<script>
    (function(){
        window._cf_chl_opt={
            cvId: '2',
            cType: 'interactive',
            cNounce: '38385',
            cRay: '7764e7a0e9d8ca3e',
            cHash: 'd32fb0cbed872ed',
            cUPMDTk: "\/?__cf_chl_tk=gNF9PdeKbD6q2AZ5Nh0nZ7jZdj1xOwyTxE8SX00ZEgA-1670496256-0-gaNycGzNB1E",
            cFPWv: 'g',
            cTTimeMs: '1000',
            cTplV: 4,
            cTplB: 'cf',
            cRq: {
                ru: 'aHR0cHM6Ly9waXhhYmF5LmNvbS8=',
                ra: 'Y3VybC83LjgxLjA=',
                rm: 'R0VU',
                d: 'N4WxI3yPu9zP9u6VZukenIUnnwS0+WFlLjsSJFGLNizaTZbWIsu7Upy5Z7XUeZ2y5kMz0h3fR5CySLlmaap+d7u8LGGZZt0SPYNO4Cj7TdaXnrr61nA3u7G3nMKhdaITLWSUwT3x3HDpiY3x5bICx08wiRfglLwvzxqj+hiuwsi7nNbf0I1vBF77j/diq167kC+gdRHag/CVHKXdWXP3EUlLCFghj6wlLXWntoU8XjO/xU23vlFUEsG6yJfRo4S7NCZt+yfDCy5UfWMoEwP0MY87VlfnFP3Kd15dic7GHz6IUaOCXt+gxUKVtEwu4ruFC2DGWH7c5/Qiyl4097HjdD7yb8IzTlUwem2Yy4dRf3oWl+D+Z9jy/cNMXsu4hrM9nUoRQK2t6nswcCUsWmDIhNZuRDkqhEUZ94wRCCyQmd+5csQw9Md8pUrXrICvQYzoaNCkNAuByxm+AtFlR+pYxyohQ4aLHNkl7gaIKegJvoinrubLoZF/eJXiJaYKg0//+6xd8UVlpzYt/vRgopZdRrbkVS0GBhkM0SIUY+zSZ/1nL/HHQV1X2P1x2hpirdxF8sh4wqbG4FGKH8LC7OooW9ovlvTCraXMjOlCx7nKDPDv12cdp8GSgPxVVHynJx/Jb6c8pXwSPbFuUgfJuQsjew==',
                t: 'MTY3MDQ5NjI1Ni4xNTkwMDA=',
                m: 'SXYtMb6PwhRJB24JUzGjwT5Jr88UDbMXk5O/emdvtVc=',
                i1: 'Wp+YeQDH6eOTIH+9OlVVWg==',
                i2: 'Bpr9te9z42qie0A+p+cF2g==',
                zh: 'rn4uVVI55DugAe2oDwA8RdEOOxslcW1vAsJM/MDyRnY=',
                uh: 'XtPohTwN9ruoNwJrCbocmA5soW1XPnkxU/yVFmBLOQo=',
                hh: '9lZ7QacdPX/XIUWg44BYGVRIsqwHE/7A97JjwS5aDEM=',
            }
        };
        var trkjs = document.createElement('img');
        trkjs.setAttribute('src', '/cdn-cgi/images/trace/captcha/js/transparent.gif?ray=7764e7a0e9d8ca3e');
        trkjs.setAttribute('style', 'display: none');
        document.body.appendChild(trkjs);
        var cpo = document.createElement('script');
        cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/captcha/v1?ray=7764e7a0e9d8ca3e';
        window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;
        window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, -window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;
        if (window.history && window.history.replaceState) {
            var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;
            history.replaceState(null, null, "\/?__cf_chl_rt_tk=gNF9PdeKbD6q2AZ5Nh0nZ7jZdj1xOwyTxE8SX00ZEgA-1670496256-0-gaNycGzNB1E" + window._cf_chl_opt.cOgUHash);
            cpo.onload = function() {
                history.replaceState(null, null, ogU);
            };
        }
        document.getElementsByTagName('head')[0].appendChild(cpo);
    }());
</script>

    <div class="footer" role="contentinfo">
        <div class="footer-inner">
            <div class="clearfix diagnostic-wrapper">
                <div class="ray-id">Ray ID: <code>7764e7a0e9d8ca3e</code></div>
            </div>
            <div class="text-center">Performance &amp; security by <a rel="noopener noreferrer" href="https://www.cloudflare.com?utm_source=challenge&utm_campaign=l" target="_blank">Cloudflare</a></div>
        </div>
    </div>
</body>
</html>

Looks like some cloudflare anti-bot challenges :(

kamilmielnik commented 1 year ago 
                    <span id="challenge-error-text">
                        Enable JavaScript and cookies to continue
                    </span>

It needs a (headless) browser.