CloudFlare Client Script Hanging on Challenges #590
Description
Disclaimer for Indeed IWF GitHub Issue
To the Indeed IWF Team,
Please be advised that this issue is being opened on the indeedeng/iwf/issues repository due to the lack of a clear point of contact for technical support, bug bounty programs, or penetration testing requests. This is a discretionary filing on my part, made in the absence of a designated corporate channel to report my findings.
The observations detailed in this report are based on my own network analysis and were not generated by LLM. This investigation was prompted by personal experience with a significant number of scams, to which I have fallen victim, and is an attempt to address potential vulnerabilities that may be exploited by malicious actors.
Thank you for your time and consideration.
What happened?
Script Execution Issues:
- Navigate to www.indeed.com
- Analyze network and system logs
- interact with CloudFlare challenges
- Cloudflare's client-side scripting for challenges or analytics. The snippet
GE = dU, X = {'gauhv': function(h, G) { return h > G }, ...}
•Several shell scripts located in:
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/
Encountered "command not found" errors:
•start-server.sh
Failed because nc (netcat) was not found.
•start-lite-server.sh
Note: I am fully aware of the need to plugin third-party scripts, vendor modules, and the like. However, I must reiterate the lack of point of contact...
Failed because temporal was not found.
•init-ci-cadence.sh
Failed because cadence was not found.
•The git_push.sh script attempted to push to https://github.com/indeedeng/iwf-idl.git
But encountered an error "fatal: couldn't find remote ref master" and was then prompted for credentials, indicating a potential issue with the local repository's connection to the remote or the master branch itself.
/bin/bash /home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/script/start-server.sh
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/script/start-server.sh: line 18: nc: command not found
/bin/sh /home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/gen/iwfidl/git_push.sh
[INFO] No command line input provided. Set $git_host to github.com
[INFO] No command line input provided. Set $git_user_id to indeedeng
[INFO] No command line input provided. Set $git_repo_id to iwf-idl
[INFO] No command line input provided. Set $release_note to Minor update
Reinitialized existing Git repository in /home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/gen/iwfidl/.git/
On branch master
nothing to commit, working tree clean
fatal: couldn't find remote ref master
Git pushing to https://github.com/indeedeng/iwf-idl.git
Username for 'https://github.com':
/bin/bash /home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/lite/start-lite-server.sh
temporal server started...
now trying to register iWF system search attributes...
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/lite/start-lite-server.sh: line 13: temporal: command not found
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/lite/start-lite-server.sh: line 20: temporal: command not found
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/lite/start-lite-server.sh: line 22: temporal: command not found
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/lite/start-lite-server.sh: line 24: temporal: command not found
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/lite/start-lite-server.sh: line 5: temporal: command not found
/bin/bash /home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/docker-compose/init-ci-cadence.sh
now trying to register iWF system search attributes...
/home/qenmity/AndroidStudioProjects/d1g174lgtek33pr/app/src/iwf/docker-compose/init-ci-cadence.sh: line 6: cadence: command not foundNetwork Activity & Cloudflare Interaction:
•Multiple requests were made to cloudflareinsights.com/cdn-cgi/rum
And indeed.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=....
These are typical Cloudflare URLs related to Real User Monitoring (RUM) and security challenges (like CAPTCHAs or bot detection).
•The HTTP headers show a User-Agent of Chrome 139 on Linux.
•Cookies (__cf_bm) are being set by Cloudflare, likely for bot management and security.
•A POST request was made to t.indeed.com/signals/v1/log with a JSON payload indicating a "first-interaction-mouse" on a "captcha" page, again pointing to Cloudflare's security measures.
•A Communication error: t.indeed.com was logged by Burp Suite - "Sequencer," suggesting a potential issue in sending these signals.
__cf_bm=CBo.Wpwcri_jvtvoSBJJPaVTsqsezGLMmoIDcCGtVKc-1756767458-1.0.1.1-ykvxZ68nliptQosYND7zxRE6rS4jDZ2G.b1rmjnvZwejWH5fMHRw4IIafZIgoiZns6MweGzGvfWbqKSXGBQbJi9D.u4HqO5RVGOEsR0Rvok
https://cloudflareinsights.com/cdn-cgi/rum
https://cloudflareinsights.com/cdn-cgi/rum
https://cloudflareinsights.com/cdn-cgi/rum// v1?ray=97885e2888cd3cd0
GE = dU,
X = {
'gauhv': function(h, G) {
return h > G
},
'bGpTY': function(h) {
return h()
}
},
function XH(h, G, E, Z, T, n, N, V, W, ZC, ZD, dz, U, H, O, s) {
return ZC = {
// VM197
["keydown", "click"].forEach((function(e) {
addEventListener(e, (function() {
return setTimeout(c, 0)
}
), !0)
}
1756767896231 Error Sequencer [6] Communication error: t.indeed.com• SSL certificates for indeed.com and *.indeed.com (issued by Google Trust Services) were found on ports 443 and 8443.
The OS was identified as Linux (likely kernel 5.x).
•There are numerous TCP retransmissions, duplicate ACKs, and RST (reset) packets, particularly towards port 53 and 34887 on the remote server. This could indicate network congestion, firewall interference, or a service not properly responding on the target ports.