headfor.site Open in urlscan Pro
104.21.35.40  Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	403 Forbidden	Primary Request 8199 Show response headfor.site/archives/	14 KB 7 KB	213ms 134ms	Document text/html	104.21.35.40 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://headfor.site/archives/8199 Protocol HTTP/1.1 Server 104.21.35.40 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c636b661cdf9d6dd5f8da7457f1bf7e3388407aaf1f866eda44042c56f5b7e4c Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language he-IL,he;q=0.9 Response headers Accept-CH Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA CF-RAY 861949025809e3df-TLV Cache-Control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection close Content-Encoding gzip Content-Type text/html; charset=UTF-8 Cross-Origin-Embedder-Policy require-corp Cross-Origin-Opener-Policy same-origin Cross-Origin-Resource-Policy same-origin Date Sat, 09 Mar 2024 07:17:25 GMT Expires Thu, 01 Jan 1970 00:00:01 GMT NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Origin-Agent-Cluster ?1 Permissions-Policy accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy same-origin Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G80Go5ceOoxhRJvj66A6eRMTGHe2oQYebsXHtisoHtjchUPxxKpsbqepS6Y07slbl3ZAMieUr5p%2FU1nUAJ3PbAxj6tgPgdCQn22s7NTrvzg2aqYECiQcFpq3kQsn2Fw%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding X-Frame-Options SAMEORIGIN alt-svc h3=":443"; ma=86400 cf-chl-out i0v+YzBZNbce01NFOfQGARysJrcihY/mSGY4IIm3oGQH2+rEyXHBAI6QYYqwacOzqZzqDO5k8HzWn2rWr2Fid569xdjQZk8zA0c9X1P5orfx/kiGwmV1SYOb4avvqfjYrNrNYAXrJMWmB04ltdwFww==$j7smSOuMLRy4aypq/HiOqw== cf-mitigated challenge
GET H/1.1	200 OK	v1 Show response headfor.site/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/	504 KB 145 KB	143ms 85ms	Script application/javascript	104.21.35.40 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://headfor.site/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=861949025809e3df Requested by Host: headfor.site URL: http://headfor.site/archives/8199 Protocol HTTP/1.1 Server 104.21.35.40 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1f1424e4cc25824ee55827e76b0d1af5c0bdea1a60e0d34357cbc078c45355ab Request headers accept-language he-IL,he;q=0.9 Referer http://headfor.site/archives/8199?__cf_chl_rt_tk=zlMWXhD3ztUd87aY4FcWqr8uFKXuRGlpydK84jadztc-1709968645-0.0.1.1-1301 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sat, 09 Mar 2024 07:17:25 GMT Content-Encoding gzip NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=isOQmDZ%2FPkFK%2FO19UAlFlwiGeSzdTT5XZZQJOH%2FvnXGpWDLNJNGldpp1iT6AtungdRe44SLR%2FaRwNpiPoybqTlIpWE3jR8FTJitSeDJV6n1b5m4IRyfkEjlM0y3Mwc0%3D"}],"group":"cf-nel","max_age":604800} Content-Type application/javascript; charset=UTF-8 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive CF-RAY 86194903bd5de3db-TLV alt-svc h3=":443"; ma=86400
GET H2	200	api.js Show response challenges.cloudflare.com/turnstile/v0/g/5b600c458061/	38 KB 13 KB	221ms 100ms	Script application/javascript	104.17.3.184 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://challenges.cloudflare.com/turnstile/v0/g/5b600c458061/api.js?onload=RGXRys7&render=explicit Requested by Host: headfor.site URL: http://headfor.site/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=861949025809e3df Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.17.3.184 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ede9837e84ce18059b6acfa8760cf6cc198db239182a76cfb2b9ebe3f4cd8cb0 Request headers Referer Origin http://headfor.site accept-language he-IL,he;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 09 Mar 2024 07:17:26 GMT content-encoding br server cloudflare vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control max-age=31536000 cf-ray 8619490678cbe3df-TLV alt-svc h3=":443"; ma=86400
GET H/1.1	403 Forbidden	favicon.ico headfor.site/	11 KB 11 KB	64ms 64ms	Image text/html	104.21.35.40 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://headfor.site/favicon.ico Requested by Host: headfor.site URL: http://headfor.site/archives/8199 Protocol HTTP/1.1 Server 104.21.35.40 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 681c3f7d6b2c657489dd1f1affcb83ec6451dfd2e30418d46a19e56cea5b47c2 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language he-IL,he;q=0.9 Referer http://headfor.site/archives/8199 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Date Sat, 09 Mar 2024 07:17:26 GMT Content-Encoding gzip NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Cross-Origin-Embedder-Policy require-corp Transfer-Encoding chunked Cross-Origin-Resource-Policy same-origin Connection close alt-svc h3=":443"; ma=86400 cf-chl-out E368LcgZs27MYT+2iZvZKTNUC/8RRhv+Tf+2QGSofP7KaZCFRdmiLP7izFJ//Jgbz1+clASQUccgLPSUoCHDNtN0YXpPLJkX4B5WJJvNlRZSvcuWoMe2goYZd4/016IOymFfCvK1XgJoQ7yBxwM8HA==$fV/9YXFdjn+O/VTOJrYpYQ== Referrer-Policy same-origin Accept-CH Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Opener-Policy same-origin cf-mitigated challenge Server cloudflare X-Frame-Options SAMEORIGIN Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u4r8%2BQqxiothZgFON%2Fscqv8CYfWqYU7bhPc21l2YqfUtSATSdu1736wumin%2B%2BsCF%2BV9tm0DA%2ByWt%2Frv2BlWt9mmjZ8Rodcz4a8lPt0huULq4Qyf1f73dpRMgdhpVCdM%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/html; charset=UTF-8 Vary Accept-Encoding Origin-Agent-Cluster ?1 Cache-Control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Permissions-Policy accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() CF-RAY 86194905b91be3db-TLV Expires Thu, 01 Jan 1970 00:00:01 GMT
GET BLOB	200 OK	91ad1f63-970f-4c9c-8238-1e31775e3d1e http://headfor.site/	13 B 0		Other text/javascript
General Check archive.org Show headers Download Go to Full URL blob:http://headfor.site/91ad1f63-970f-4c9c-8238-1e31775e3d1e Requested by Host: headfor.site URL: http://headfor.site/archives/8199 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04 Request headers accept-language he-IL,he;q=0.9 Referer http://headfor.site/archives/8199 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers Content-Length 13 Content-Type text/javascript
POST H/1.1	200 OK	a4fd9ab6eac0c6d Show response headfor.site/cdn-cgi/challenge-platform/h/g/flow/ov1/1050683990:1709964556:zMknQb1AjX_EGBniX0IrF3cBsY_-bTKzRKLQc7HiYCw/861949025809e3df/	14 KB 11 KB	151ms 93ms	XHR text/plain	104.21.35.40 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://headfor.site/cdn-cgi/challenge-platform/h/g/flow/ov1/1050683990:1709964556:zMknQb1AjX_EGBniX0IrF3cBsY_-bTKzRKLQc7HiYCw/861949025809e3df/a4fd9ab6eac0c6d Requested by Host: headfor.site URL: http://headfor.site/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=861949025809e3df Protocol HTTP/1.1 Server 104.21.35.40 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6a80514664509858efcc3f35192c038ad80fe69fa78d71adfbad3184af5b493a Request headers Referer http://headfor.site/archives/8199 accept-language he-IL,he;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 CF-Challenge a4fd9ab6eac0c6d Content-type application/x-www-form-urlencoded Response headers Date Sat, 09 Mar 2024 07:17:26 GMT Content-Encoding gzip NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=694qzi5zVz6uj2f5tQ8BOczWif0Dxnd7hj27jWoSkAImKgiIkp55xRJ5djrFYKjbspcbuO1PmYhPS7GC5BW2D%2F52XQAchtpgz3F%2FxF19%2FWU8rSiZxUFz3dDs5u0FuuM%3D"}],"group":"cf-nel","max_age":604800} Content-Type text/plain; charset=UTF-8 Connection keep-alive CF-RAY 86194906c9bbe3d7-TLV alt-svc h3=":443"; ma=86400 cf-chl-gen CQsVtvyo1tSiFtg2sYxgIy7FlV7RmEFFwfhFU3J0ELWFyE1PHEbHA8OyLBOHa9F2$wjHbsKvqFoQMMkVdijXLlA==
GET H3	200	normal challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/16qhu/0x4AAAAAAAAjq6WYeRDKmebM/light/ Frame DC25	0 0	144ms 79ms	Document text/html	104.17.3.184 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/16qhu/0x4AAAAAAAAjq6WYeRDKmebM/light/normal Requested by Host: challenges.cloudflare.com URL: https://challenges.cloudflare.com/turnstile/v0/g/5b600c458061/api.js?onload=RGXRys7&render=explicit Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.3.184 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Content-Security-Policy frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self' Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept-language he-IL,he;q=0.9 Response headers accept-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA alt-svc h3=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 86194907d9e1e3e7-TLV content-encoding br content-security-policy frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self' content-type text/html; charset=UTF-8 critical-ch Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA cross-origin-embedder-policy require-corp cross-origin-opener-policy same-origin cross-origin-resource-policy cross-origin date Sat, 09 Mar 2024 07:17:26 GMT document-policy js-profiling origin-agent-cluster ?1 permissions-policy accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() referrer-policy same-origin server cloudflare

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| _cf_chl_opt function| dEJcgT4 function| VXLQ2 function| BqwDbS9 object| TVUMVW1 object| dyPM8 function| RGXRys7 boolean| SuWm9 function| ywhtIR9 function| ibFSN1 function| RKjlys0 function| mRVZ4 object| ovpC1 object| turnstile boolean| DIWL9 string| spwIdu2

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			headfor.site/	1970-01-20 18:59:32	Name: cf_chl_3 Value: a4fd9ab6eac0c6d

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: http://headfor.site/archives/8199 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
other	error	URL: http://headfor.site/archives/8199 Message: The Cross-Origin-Opener-Policy header has been ignored, because the URL's origin was untrustworthy. It was defined either in the final response or a redirect. Please deliver the response using the HTTPS protocol. You can also use the 'localhost' origin instead. See https://www.w3.org/TR/powerful-features/#potentially-trustworthy-origin and https://html.spec.whatwg.org/#the-cross-origin-opener-policy-header.
other	warning	URL: http://headfor.site/archives/8199 Message: The page requested an origin-keyed agent cluster using the Origin-Agent-Cluster header, but could not be origin-keyed since the origin 'http://headfor.site' had previously been placed in a site-keyed agent cluster. Update your headers to uniformly request origin-keying for all pages on the origin.
network	error	URL: http://headfor.site/favicon.ico Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

challenges.cloudflare.com
headfor.site
104.17.3.184
104.21.35.40
1f1424e4cc25824ee55827e76b0d1af5c0bdea1a60e0d34357cbc078c45355ab
681c3f7d6b2c657489dd1f1affcb83ec6451dfd2e30418d46a19e56cea5b47c2
6a80514664509858efcc3f35192c038ad80fe69fa78d71adfbad3184af5b493a
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
c636b661cdf9d6dd5f8da7457f1bf7e3388407aaf1f866eda44042c56f5b7e4c
ede9837e84ce18059b6acfa8760cf6cc198db239182a76cfb2b9ebe3f4cd8cb0