{"report_id":"ff72d718-cd3a-46c1-a7d4-9a001069a1e6","version":6,"status":"done","tags":[],"date":"2025-12-21T11:14:05Z","url":{"schema":"http","addr":"img101.savana.com","fqdn":"img101.savana.com","domain":"savana.com","tld":"com"},"ip":{"addr":"104.18.9.25","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"img101.savana.com/","fqdn":"img101.savana.com","domain":"savana.com","tld":"com"},"title":"Fashion and Lifestyle | Shop Online","dom":{"size":4104,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (2281)","md5":"7a750efdb2528c91c0f1092574ef33b6","sha1":"1f463c9b1399ca0e42b1b2a05f68cde135dd198d","sha256":"c6d1a37758ed66644031a1ed107b91f583ccf0bc60e1b60769c32d9d86478204","sha512":"6a6f2f6dfa8632a2619339cb7bd83bb23fb5b12ed086112d9e34f13dd4cad85797e667999cb9dea2dbe055aec5001c9868db2acf0705ff1b9be926b895dc3620","ssdeep":"48:Cux6HlEFzFFVOsFhjQ4qrhRYDwoBK4cOKR3CYuk3MOmF8XwlLraXmF0J0up2Bi1s:h2EjLHHjCrhRywQKdyNk3Dm/R7m1s","tlshash":"ac8197230ed295013a3051aed99e780a4e4cf6964895d8c5f8dd4b9c9b0aaff19cb63c","dom_hash":"domhash9f584c222c41e33b3ee0c0a72a90f1d1","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"img101.savana.com","fqdn":"img101.savana.com","domain":"savana.com","tld":"com"},"ip":{"addr":"104.18.9.25","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-25T11:14:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":1}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-21T11:13:49Z","timestamp":1766315629,"ip_dst":{"addr":"8.222.203.130","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.9","port":37164,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-21T11:13:49.632862+0000\",\"flow_id\":2220742207708201,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":37164,\"dest_ip\":\"8.222.203.130\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"arms-retcode-sg.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":753,\"bytes_toclient\":1598,\"start\":\"2025-12-21T11:13:49.105513+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-12-21T11:13:49Z","timestamp":1766315629,"ip_dst":{"addr":"8.222.203.130","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Singapore","country_code":"SG"},"ip_src":{"addr":"172.18.0.9","port":37170,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)","source":"{\"timestamp\":\"2025-12-21T11:13:49.864347+0000\",\"flow_id\":152311727747507,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.9\",\"src_port\":37170,\"dest_ip\":\"8.222.203.130\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2052581,\"rev\":1,\"signature\":\"ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_05_14\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"TA_Abused_Service\"],\"updated_at\":[\"2024_05_14\"]}},\"tls\":{\"sni\":\"arms-retcode-sg.aliyuncs.com\",\"version\":\"TLS 1.2\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"5d79edf64e03689ff559a54e9d9487bc\",\"string\":\"771,49199,65281-0-11-16-23\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":894,\"bytes_toclient\":1598,\"start\":\"2025-12-21T11:13:49.356787+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"img101.savana.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"img101.savana.com","ip":{"addr":"104.18.9.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2004-03-16","domain_rank":0,"first_seen":"2024-02-21T10:11:10Z","last_seen":"2025-12-15T13:01:42.483242Z","alert_count":3,"request_count":3,"received_data":13919,"sent_data":1647,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"static.mfrcdn.com","ip":{"addr":"104.18.21.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-01-23","domain_rank":1214037,"first_seen":"2024-02-28T18:03:50Z","last_seen":"2025-12-15T13:01:42.733696Z","alert_count":0,"request_count":4,"received_data":7963,"sent_data":1770,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]},{"fqdn":"laz-g-cdn.alicdn.com","ip":{"addr":"199.91.74.177","port":443,"asn":21859,"as":"ZEN-ECN","country":"Mexico","country_code":"MX"},"domain_registered":"2008-06-25","domain_rank":98700,"first_seen":"2017-09-28T07:51:00Z","last_seen":"2025-12-16T09:23:17.88705Z","alert_count":0,"request_count":1,"received_data":43159,"sent_data":397,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}]},{"fqdn":"arms-retcode-sg.aliyuncs.com","ip":{"addr":"8.222.203.130","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Singapore","country_code":"SG"},"domain_registered":"2012-04-01","domain_rank":118752,"first_seen":"2017-12-29T07:07:12Z","last_seen":"2025-12-16T09:59:04.1037Z","alert_count":0,"request_count":1,"received_data":266,"sent_data":784,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"static.mfrcdn.com/fallback/script.js","fqdn":"static.mfrcdn.com","domain":"mfrcdn.com","tld":"com"},"ip":{"addr":"104.18.21.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f1edca837316fcbece06f45c222a86a","sha1":"d344496064bf366d197e46125977aea4c1d28d47","sha256":"852560c7b4abf4dfb3b2f870a09fe133e410b5a91079d1b3daabc4a6b89b9f32","sha512":"e151bbce40f3e9ec8621516853038dcf3bb2fdb27344f0a0931c0e96bfa5f8fce84f7e3d0afc9ac2c0a367ce2e9d3e27b6f25ca054e31db2d5d908aebf1fe0d0","ssdeep":"","tlshash":"f7413ecda1f63115a17321ad366f9116f22540033c0ded84be5c86a25f99daa8ff68ca","size":1908,"data":"","first_seen":"2024-11-18T00:05:33.241709Z","last_seen":"2026-05-23T21:46:54.378419Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.mfrcdn.com/fallback/arms.js","fqdn":"static.mfrcdn.com","domain":"mfrcdn.com","tld":"com"},"ip":{"addr":"104.18.21.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"7283d438a3db0ab5e492ea497f768a96","sha1":"5e6de4fbd2ddda9288ae32eb1c9ce34dec32edd9","sha256":"108cf123a92b90c95d0888c07dea77205fca058d8ec60e09731e3cac1b301304","sha512":"d0ce038c67138ff98e7e945e65e080a99d4d6706f7000d96c7f6d5eaddcd5d603f0a8509c1f73b8af6171b978dcc5ad398eaa8bbc6bfcb8bcbc53444f1d92f3b","ssdeep":"","tlshash":"3101126310dc797401b150eb0b27fe047645210e0773b470bca505842f0c667e6f25ec","size":774,"data":"","first_seen":"2024-11-18T00:05:33.243251Z","last_seen":"2026-05-23T21:46:54.372112Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img101.savana.com/","fqdn":"img101.savana.com","domain":"savana.com","tld":"com"},"ip":{"addr":"104.18.9.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"45da33b38defc2edb99359953c8684f6","sha1":"a911610e7a3dcd7e5c2347539c14520fc0b3f67c","sha256":"ad66a289336c721035566e6d4308c14b173aa556993046c9b6d59d3279b745f5","sha512":"b6053422c58b006513ead404848864a74c9b8ff463a4359fa58988c5e5df2d29eb1bfeef6b26e9c38385a3508b6c05f8ad0e25a28c5dd3b1bfd3b7226de75ae1","ssdeep":"","tlshash":"e9a0044c407531f404d5401d0f47f014d453035f5054c5443d0f03445f1d14d03cdf55","size":78,"data":"","first_seen":"2025-03-25T03:16:10.993324Z","last_seen":"2026-05-23T21:46:54.38569Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laz-g-cdn.alicdn.com/retcode/cloud-sdk/bl.js","fqdn":"laz-g-cdn.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"199.91.74.177","port":443,"asn":21859,"as":"ZEN-ECN","country":"Mexico","country_code":"MX"},"introduction_type":"scriptElement","is_inline":false,"md5":"e31ead706e55b7c4c100d87a5928f099","sha1":"5acc29a266fd91e1bb438bc2b7851d97468a5617","sha256":"caa17208ba4e8fc27121fb29036b6f39ae9d31778a453df5ed9f32cba2bf3197","sha512":"8185bb597648afce20b81e15b616576ac655a977a821a46720500de8e06c4abd43515f756e065b18c618878ac3187904d7e4e39474710901941f5c8f7c041a7e","ssdeep":"384:q5mDF0gzqCPaTkYJQd1t6AReVsR7Q0VdgM/gJgDsf5Z3OzgGcKc2kxFVJsOLVwZe:q5BgAhawAAVEgq/zGLvAk09hqRd8nfTO","tlshash":"6e1308cab6c1745207933010512f6107b1bb1aa4284f91a4fa76d9e6aeb864fc273f3d","size":41828,"data":"","first_seen":"2023-03-07T12:02:12Z","last_seen":"2026-06-09T07:03:21.295807Z","times_seen":74505,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"img101.savana.com/","fqdn":"img101.savana.com","domain":"savana.com","tld":"com"},"ip":{"addr":"104.18.9.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-21T11:13:45.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"savana.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:07:28 GMT","end":"Sat, 28 Feb 2026 16:07:26 GMT"},"fingerprint":{"sha1":"4D:E2:2E:A8:C3:9A:DA:E8:78:69:9F:00:A0:69:96:BE:4E:AD:83:6B","sha256":"16:D3:93:86:D3:20:8A:C4:A2:AC:FE:B6:65:43:EC:98:67:D6:E9:D0:E1:56:22:0D:49:DC:70:BB:67:AB:56:87"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: img101.savana.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _cfuvid=nZ9iOBcEKHKJGk9QtYas7sKwmv4bL0s38hGE2F3JpKM-1766315624910-0.0.1.1-604800000; __cf_bm=XlESByasKDuYXS2aSnwXFnSyh6TBBuSinJQm8anu3Wc-1766315625-1.0.1.1-FBLmZuEcc73V1W_Wv4iE3kEoHKavXtgTKzMDaZXb8ZxlKrMsB.d29NgwSGMNK8BxYvlnGmVQ2mJUFoTrxNCKjNIJGSOMlFr1zaxq0UxrWkA\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Sun, 21 Dec 2025 11:13:45 GMT\r\ncontent-type: text/html\r\npriority: u=1,i=?0\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: same-origin\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nserver: cloudflare\r\ncf-ray: 9b16f3b078805a0f-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4046,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2282)","md5":"e1e62dadf85c9629e5389494f3c6e6e9","sha1":"4d727f778f376ca5e94e60ab1ffa305d5904b8ad","sha256":"84a6fe1911674613178927a9978edca5c8f66face05dd572b1e0583f40b43566","sha512":"2a01cdd1fc95e6b351d612a86f30d97d667088feb123e46c4788d49656be0fc2b94ca0294c7b9ecb1fb8e6fcce2df449d1349af5384fe15da96a937c346a8ce6","ssdeep":"","tlshash":"958198230ed294013a30516bd98e780a5e5cf6d349c89895f8dd4bdc9f0aabe15cf778","first_seen":"2024-11-18T00:05:33.232988Z","last_seen":"2026-01-26T10:24:03.66669Z","times_seen":11,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"img101.savana.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.mfrcdn.com/fallback/style.css","fqdn":"static.mfrcdn.com","domain":"mfrcdn.com","tld":"com"},"ip":{"addr":"104.18.21.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://img101.savana.com/","date":"2025-12-21T11:13:45.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mfrcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 03:56:46 GMT","end":"Mon, 02 Mar 2026 04:56:29 GMT"},"fingerprint":{"sha1":"7C:13:C3:2F:91:DF:DF:74:85:1B:9A:EC:B6:4D:5D:98:74:00:1F:95","sha256":"6C:2E:D1:0F:10:EB:4B:8B:68:97:F2:E3:E2:69:24:D6:B8:98:CA:96:64:D6:01:1F:01:39:6C:0D:21:84:3A:DE"}}},"request":{"raw":"GET /fallback/style.css HTTP/1.1\r\nHost: static.mfrcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 11:13:45 GMT\r\ncontent-type: text/css\r\ncontent-encoding: br\r\nx-amz-id-2: ciosS/qFX0o9wGqT+iVaX2ugBwwEIKIEi5J8bmosFKRNGZbcVPJY8kEqPU7JvKUroJ/Lmnbif8BMi67wFKs9PHz7QBWr2UgqnTqLNbdAPR4=\r\nx-amz-request-id: YR48R3BWY8RVJ0JQ\r\nlast-modified: Tue, 05 Nov 2024 03:14:34 GMT\r\netag: W/\"9fdcf4e7dd2211b98d000e4c45dbf588\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: xjyMl_EovkN.Oez8Due6i0G.eUPcY1Oi\r\ncf-cache-status: HIT\r\nage: 49207\r\nexpires: Sun, 21 Dec 2025 15:13:45 GMT\r\ncache-control: public, max-age=14400\r\nset-cookie: __cf_bm=PfPKIgzEtakc9XDasseMBoY4aDv8DUxzzXPRGZu2.5U-1766315625-1.0.1.1-vK878BLVeIQlafM.XiMj07m0j8o14RzSkb8aY3d0suqoR_TZEnyS8JP127fXJKliAwiJlyU7H.CmvL6f4hkZSYflpAunhf6Wxlmw6L43D9A; path=/; expires=Sun, 21-Dec-25 11:43:45 GMT; domain=.mfrcdn.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9b16f3b168f532fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":1945,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"9fdcf4e7dd2211b98d000e4c45dbf588","sha1":"cb0050e71e23aa7f5564c9f64856a567e2384013","sha256":"ac79cd44eba8dd20bd03524d67cc3be935793d4b952160cb3a76827b90139794","sha512":"43e27905ce568b61e905328920f1645dd66065b6623188d8c4b7091f0c2e36ba1422044482589d8f38f167aaa939a02988295314a9378bacc67021bff4004fda","ssdeep":"","tlshash":"6a4115cf16949d1338158acb7413ed70d31c9012874fceb53d8a3e8d6e8e8169260fa6","first_seen":"2024-11-18T00:05:33.235132Z","last_seen":"2026-05-23T21:46:54.367208Z","times_seen":12,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":43,"dns":17,"connect":1,"send":0,"wait":12,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"laz-g-cdn.alicdn.com/retcode/cloud-sdk/bl.js","fqdn":"laz-g-cdn.alicdn.com","domain":"alicdn.com","tld":"com"},"ip":{"addr":"199.91.74.177","port":443,"asn":21859,"as":"ZEN-ECN","country":"Mexico","country_code":"MX"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://img101.savana.com/","date":"2025-12-21T11:13:45.468Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"laz-g-cdn.alicdn.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 22 Apr 2025 02:21:08 GMT","end":"Sun, 24 May 2026 02:21:07 GMT"},"fingerprint":{"sha1":"A5:45:B9:D4:07:B7:25:BF:8B:2F:B5:D1:76:4B:72:0B:04:FD:10:91","sha256":"D6:9F:A3:0F:B9:09:E4:63:05:D1:8F:DC:37:70:16:3B:94:9C:18:3D:DC:FE:8D:81:4D:3D:23:FF:EF:72:95:BD"}}},"request":{"raw":"GET /retcode/cloud-sdk/bl.js HTTP/1.1\r\nHost: laz-g-cdn.alicdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 11:13:48 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 17048\r\nserver: openresty\r\nvary: Accept-Encoding\r\nx-oss-request-id: 692FF473D0923535339E6C46\r\nx-oss-object-type: Normal\r\nx-oss-hash-crc64ecma: 7956181089051082725\r\nx-oss-storage-class: Standard\r\ncontent-md5: 4x6tcG5Vt8TBANh6WSjwmQ==\r\nx-oss-server-time: 4\r\naccess-control-allow-origin: *\r\nx-source-scheme: https\r\ncontent-encoding: gzip\r\nvia: LA-MEX-queretaro-EDGE1-CACHE4[2],LA-MEX-queretaro-EDGE1-CACHE1[0,TCP_HIT,0],LA-MEX-mexicocity-GLOBAL1-CACHE25[3],LA-MEX-mexicocity-GLOBAL1-CACHE20[0,TCP_HIT,1],ens-cache13.l2nu20-20[134,135,200-0,M], ens-cache13.l2nu20-20[136,0], ens-cache16.l2hk11[167,168,200-0,M], ens-cache21.l2hk11[169,0], ens-cache3.l2us3[391,390,200-0,M], ens-cache5.l2us3[392,0], ens-cache6.mx1[0,0,200-0,H], ens-cache4.mx1[2,0]\r\nali-swift-global-savetime: 1764750451\r\nx-cache: HIT TCP_MEM_HIT dirn:-2:-2\r\nx-swift-savetime: Wed, 03 Dec 2025 08:27:32 GMT\r\nx-swift-cachetime: 59\r\ntiming-allow-origin: *\r\neagleid: a3b5339817647504520917082e\r\nx-ccdn-expires: 1561277\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 3de1e4ee1994ab4d0b5e973821f67ab1\r\nalt-svc: h3=\":443\"; ma=2592000\r\nnginx-hit: 1\r\nage: 1062312\r\ncache-control: max-age=86400,s-maxage=60\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Alibaba Cloud Object Storage Service","description":"Alibaba Cloud Object Storage Service (OSS) is a cloud-based object storage service provided by Alibaba Cloud, which allows users to store and access large amounts of data in the cloud.","website":"https://www.alibabacloud.com/product/object-storage-service","common_platform_enumeration":"","icon":"Alibaba Cloud.svg","categories":["IaaS"]}],"data":{"size":41828,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41828), with no line terminators","md5":"e31ead706e55b7c4c100d87a5928f099","sha1":"5acc29a266fd91e1bb438bc2b7851d97468a5617","sha256":"caa17208ba4e8fc27121fb29036b6f39ae9d31778a453df5ed9f32cba2bf3197","sha512":"8185bb597648afce20b81e15b616576ac655a977a821a46720500de8e06c4abd43515f756e065b18c618878ac3187904d7e4e39474710901941f5c8f7c041a7e","ssdeep":"384:q5mDF0gzqCPaTkYJQd1t6AReVsR7Q0VdgM/gJgDsf5Z3OzgGcKc2kxFVJsOLVwZe:q5BgAhawAAVEgq/zGLvAk09hqRd8nfTO","tlshash":"6e1308cab6c1745207933010512f6107b1bb1aa4284f91a4fa76d9e6aeb864fc273f3d","first_seen":"2023-03-07T12:02:12Z","last_seen":"2026-06-09T07:03:21.295807Z","times_seen":74505,"resource_available":true,"data":null}},"time_used":6839,"timings":{"blocked":3268,"dns":2957,"connect":150,"send":0,"wait":205,"receive":97,"ssl":158},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.mfrcdn.com/favicon.ico","fqdn":"static.mfrcdn.com","domain":"mfrcdn.com","tld":"com"},"ip":{"addr":"104.18.21.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://img101.savana.com/","date":"2025-12-21T11:13:45.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mfrcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 03:56:46 GMT","end":"Mon, 02 Mar 2026 04:56:29 GMT"},"fingerprint":{"sha1":"7C:13:C3:2F:91:DF:DF:74:85:1B:9A:EC:B6:4D:5D:98:74:00:1F:95","sha256":"6C:2E:D1:0F:10:EB:4B:8B:68:97:F2:E3:E2:69:24:D6:B8:98:CA:96:64:D6:01:1F:01:39:6C:0D:21:84:3A:DE"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: static.mfrcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __cf_bm=UtGnBLiE_9KnkTpZmd8_Owb.0ajvbW_Rqy_qlu9rIp0-1766315625-1.0.1.1-iuouAKfiidnkkh4f5Ztbl4VBY0L3L6nW5QeGVJ0SLw4b3zj5GmcrSIKmlZOGWmA.L8P7WCObaygjlAxrjICDczQ5X2xDJuQxz6ywOYpbjC0\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 403 Forbidden\r\ndate: Sun, 21 Dec 2025 11:13:45 GMT\r\ncontent-type: text/html\r\npriority: u=6,i=?0\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: same-origin\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nserver: cloudflare\r\ncf-ray: 9b16f3b3dd45c759-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":74,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":74,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arms-retcode-sg.aliyuncs.com/r.png?t=pv\u0026times=1\u0026page=%5Bindex%5D\u0026tag=\u0026release=4.1.0\u0026environment=prod\u0026begin=1766315629054\u0026uid=6Om74jsXfv4mnkppOxdjxInaLebw\u0026dt=Fashion%20and%20Lifestyle%20%7C%20Shop%20Online\u0026dr=\u0026dpr=1.00\u0026de=utf-8\u0026ul=\u0026sr=1280x1024\u0026vp=1280x1024\u0026ct=\u0026sid=7sm81j86faLmsepyqxh1xzhbte8O\u0026pid=fha4mtl30g%4044aa976bb0e0a0f\u0026_v=1.8.30\u0026pv_id=yamp2jmzfRCmqmpedxpbxsn7L80b\u0026sampling=1\u0026dl=https%3A%2F%2Fimg101.savana.com%2F\u0026z=mjfmpxx7","fqdn":"arms-retcode-sg.aliyuncs.com","domain":"aliyuncs.com","tld":"com"},"ip":{"addr":"8.222.203.130","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://img101.savana.com/","date":"2025-12-21T11:13:49.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.arms.aliyuncs.com","organization":"Alibaba (China) Technology Co., Ltd."},"issuer":{"commonName":"GlobalSign GCC R3 OV TLS CA 2024","organization":"GlobalSign nv-sa"},"validity":{"start":"Thu, 16 Jan 2025 03:36:01 GMT","end":"Tue, 17 Feb 2026 03:36:00 GMT"},"fingerprint":{"sha1":"42:C0:78:4D:62:EF:4A:4A:B5:99:FD:F6:CF:76:75:66:EC:DC:7C:4D","sha256":"47:92:5C:65:29:91:79:5A:45:6A:62:CB:42:BF:AB:81:64:45:72:25:CD:5C:B7:34:55:2E:44:4D:B3:DD:47:45"}}},"request":{"raw":"HEAD /r.png?t=pv\u0026times=1\u0026page=%5Bindex%5D\u0026tag=\u0026release=4.1.0\u0026environment=prod\u0026begin=1766315629054\u0026uid=6Om74jsXfv4mnkppOxdjxInaLebw\u0026dt=Fashion%20and%20Lifestyle%20%7C%20Shop%20Online\u0026dr=\u0026dpr=1.00\u0026de=utf-8\u0026ul=\u0026sr=1280x1024\u0026vp=1280x1024\u0026ct=\u0026sid=7sm81j86faLmsepyqxh1xzhbte8O\u0026pid=fha4mtl30g%4044aa976bb0e0a0f\u0026_v=1.8.30\u0026pv_id=yamp2jmzfRCmqmpedxpbxsn7L80b\u0026sampling=1\u0026dl=https%3A%2F%2Fimg101.savana.com%2F\u0026z=mjfmpxx7 HTTP/1.1\r\nHost: arms-retcode-sg.aliyuncs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 11:13:50 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\naccess-control-allow-headers: Keep-Alive,User-Agent,X-Requested-With,Cache-Control,Content-Type,Authorization,X-Dtc\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"image/png","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":2001,"timings":{"blocked":867,"dns":47,"connect":259,"send":0,"wait":267,"receive":0,"ssl":557},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"img101.savana.com/","fqdn":"img101.savana.com","domain":"savana.com","tld":"com"},"ip":{"addr":"104.18.9.25","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-21T11:13:43.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"savana.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 30 Nov 2025 15:07:28 GMT","end":"Sat, 28 Feb 2026 16:07:26 GMT"},"fingerprint":{"sha1":"4D:E2:2E:A8:C3:9A:DA:E8:78:69:9F:00:A0:69:96:BE:4E:AD:83:6B","sha256":"16:D3:93:86:D3:20:8A:C4:A2:AC:FE:B6:65:43:EC:98:67:D6:E9:D0:E1:56:22:0D:49:DC:70:BB:67:AB:56:87"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: img101.savana.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ndate: Sun, 21 Dec 2025 11:13:44 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: same-origin\r\ncache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nexpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nset-cookie: _cfuvid=nZ9iOBcEKHKJGk9QtYas7sKwmv4bL0s38hGE2F3JpKM-1766315624910-0.0.1.1-604800000; path=/; domain=.savana.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\ncf-ray: 9b16f3a9b87c0b49-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4046,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (2282)","md5":"e1e62dadf85c9629e5389494f3c6e6e9","sha1":"4d727f778f376ca5e94e60ab1ffa305d5904b8ad","sha256":"84a6fe1911674613178927a9978edca5c8f66face05dd572b1e0583f40b43566","sha512":"2a01cdd1fc95e6b351d612a86f30d97d667088feb123e46c4788d49656be0fc2b94ca0294c7b9ecb1fb8e6fcce2df449d1349af5384fe15da96a937c346a8ce6","ssdeep":"","tlshash":"958198230ed294013a30516bd98e780a5e5cf6d349c89895f8dd4bdc9f0aabe15cf778","first_seen":"2024-11-18T00:05:33.232988Z","last_seen":"2026-01-26T10:24:03.66669Z","times_seen":11,"resource_available":false,"data":null}},"time_used":993,"timings":{"blocked":20,"dns":1,"connect":1,"send":0,"wait":952,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"img101.savana.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"img101.savana.com/","fqdn":"img101.savana.com","domain":"savana.com","tld":"com"},"ip":{"addr":"104.18.9.25","port":80,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-21T11:13:44.995Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: img101.savana.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sun, 21 Dec 2025 11:13:45 GMT\r\nContent-Type: text/html\r\nContent-Length: 167\r\nConnection: keep-alive\r\nCache-Control: max-age=3600\r\nExpires: Sun, 21 Dec 2025 12:13:45 GMT\r\nLocation: https://img101.savana.com/\r\nSet-Cookie: __cf_bm=XlESByasKDuYXS2aSnwXFnSyh6TBBuSinJQm8anu3Wc-1766315625-1.0.1.1-FBLmZuEcc73V1W_Wv4iE3kEoHKavXtgTKzMDaZXb8ZxlKrMsB.d29NgwSGMNK8BxYvlnGmVQ2mJUFoTrxNCKjNIJGSOMlFr1zaxq0UxrWkA; path=/; expires=Sun, 21-Dec-25 11:43:45 GMT; domain=.savana.com; HttpOnly\n_cfuvid=QePOZVwIHMzh9rz_pv5OVRYsTkJ_IipDIbzRZg4QNkc-1766315625033-0.0.1.1-604800000; path=/; domain=.savana.com; HttpOnly\r\nVary: Accept-Encoding\r\nServer: cloudflare\r\nCF-RAY: 9b16f3b03a77b4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4046,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":40,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-21","alert":"Sinkholed","trigger":"img101.savana.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.mfrcdn.com/fallback/script.js","fqdn":"static.mfrcdn.com","domain":"mfrcdn.com","tld":"com"},"ip":{"addr":"104.18.21.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://img101.savana.com/","date":"2025-12-21T11:13:45.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mfrcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 03:56:46 GMT","end":"Mon, 02 Mar 2026 04:56:29 GMT"},"fingerprint":{"sha1":"7C:13:C3:2F:91:DF:DF:74:85:1B:9A:EC:B6:4D:5D:98:74:00:1F:95","sha256":"6C:2E:D1:0F:10:EB:4B:8B:68:97:F2:E3:E2:69:24:D6:B8:98:CA:96:64:D6:01:1F:01:39:6C:0D:21:84:3A:DE"}}},"request":{"raw":"GET /fallback/script.js HTTP/1.1\r\nHost: static.mfrcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 11:13:45 GMT\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nx-amz-id-2: r5lUUSqP+4zh0KAVGU+9sjco6LAxpK2ZUeELcdr4CuRMGF/DRH/D6BWtONY8ZWd9Sv4mdSvN3537cohFtR8hotyENHBR5rec\r\nx-amz-request-id: ZJD7224QJHHETSJE\r\nlast-modified: Tue, 03 Sep 2024 03:19:05 GMT\r\netag: W/\"3f1edca837316fcbece06f45c222a86a\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: x27Pfnn28MQWldN64aTQmPivipDWBqTT\r\nage: 327838\r\nexpires: Sun, 21 Dec 2025 15:13:45 GMT\r\ncache-control: public, max-age=14400\r\ncf-cache-status: HIT\r\nset-cookie: __cf_bm=UtGnBLiE_9KnkTpZmd8_Owb.0ajvbW_Rqy_qlu9rIp0-1766315625-1.0.1.1-iuouAKfiidnkkh4f5Ztbl4VBY0L3L6nW5QeGVJ0SLw4b3zj5GmcrSIKmlZOGWmA.L8P7WCObaygjlAxrjICDczQ5X2xDJuQxz6ywOYpbjC0; path=/; expires=Sun, 21-Dec-25 11:43:45 GMT; domain=.mfrcdn.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9b16f3b168ff32fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":1908,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"3f1edca837316fcbece06f45c222a86a","sha1":"d344496064bf366d197e46125977aea4c1d28d47","sha256":"852560c7b4abf4dfb3b2f870a09fe133e410b5a91079d1b3daabc4a6b89b9f32","sha512":"e151bbce40f3e9ec8621516853038dcf3bb2fdb27344f0a0931c0e96bfa5f8fce84f7e3d0afc9ac2c0a367ce2e9d3e27b6f25ca054e31db2d5d908aebf1fe0d0","ssdeep":"","tlshash":"f7413ecda1f63115a17321ad366f9116f22540033c0ded84be5c86a25f99daa8ff68ca","first_seen":"2024-11-18T00:05:33.241709Z","last_seen":"2026-05-23T21:46:54.378419Z","times_seen":14,"resource_available":true,"data":null}},"time_used":357,"timings":{"blocked":44,"dns":17,"connect":3,"send":0,"wait":265,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"static.mfrcdn.com/fallback/arms.js","fqdn":"static.mfrcdn.com","domain":"mfrcdn.com","tld":"com"},"ip":{"addr":"104.18.21.177","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://img101.savana.com/","date":"2025-12-21T11:13:45.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mfrcdn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 02 Dec 2025 03:56:46 GMT","end":"Mon, 02 Mar 2026 04:56:29 GMT"},"fingerprint":{"sha1":"7C:13:C3:2F:91:DF:DF:74:85:1B:9A:EC:B6:4D:5D:98:74:00:1F:95","sha256":"6C:2E:D1:0F:10:EB:4B:8B:68:97:F2:E3:E2:69:24:D6:B8:98:CA:96:64:D6:01:1F:01:39:6C:0D:21:84:3A:DE"}}},"request":{"raw":"GET /fallback/arms.js HTTP/1.1\r\nHost: static.mfrcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 21 Dec 2025 11:13:45 GMT\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\nx-amz-id-2: yXYXOkhJvgPluyx9W3t2sMy1OCjlgQYBAmvwtyLSkvw23qqBT2cAAOFiLOc4XjO5BAFARYxlzKvaQhMCCe8ZrO1K4w7l8OsL\r\nx-amz-request-id: RQQE3XR5QTN59YH7\r\nlast-modified: Tue, 03 Sep 2024 03:19:04 GMT\r\netag: W/\"7283d438a3db0ab5e492ea497f768a96\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 6JsngWGfYKXCKjdU4NYeGgHQxri7lWAL\r\nexpires: Sun, 21 Dec 2025 15:13:45 GMT\r\ncache-control: public, max-age=14400\r\ncf-cache-status: HIT\r\nset-cookie: __cf_bm=pgq5KTiODyQKxrtHmfZkJlYix8mF4Q5Nc0sLtOc6pww-1766315625-1.0.1.1-3.LesGKzVNZnXHMZcRKZj.v6IUHjNivtjuXRrsM2a3lMUjg9KoxZsh9k1FL3LwD9YbSzr3ONGoMuNCEpwt1qOP7psOwYYA.K0r4Ql9bNTV4; path=/; expires=Sun, 21-Dec-25 11:43:45 GMT; domain=.mfrcdn.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9b16f3b168f732fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":774,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"7283d438a3db0ab5e492ea497f768a96","sha1":"5e6de4fbd2ddda9288ae32eb1c9ce34dec32edd9","sha256":"108cf123a92b90c95d0888c07dea77205fca058d8ec60e09731e3cac1b301304","sha512":"d0ce038c67138ff98e7e945e65e080a99d4d6706f7000d96c7f6d5eaddcd5d603f0a8509c1f73b8af6171b978dcc5ad398eaa8bbc6bfcb8bcbc53444f1d92f3b","ssdeep":"","tlshash":"3101126310dc797401b150eb0b27fe047645210e0773b470bca505842f0c667e6f25ec","first_seen":"2024-11-18T00:05:33.243251Z","last_seen":"2026-05-23T21:46:54.372112Z","times_seen":14,"resource_available":true,"data":null}},"time_used":348,"timings":{"blocked":42,"dns":16,"connect":3,"send":0,"wait":261,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}