{"report_id":"c815eb58-8b1a-4874-9991-3801e4d90638","version":6,"status":"done","tags":[],"date":"2026-03-19T06:11:42Z","url":{"schema":"http","addr":"thrive-nonlive.work/","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":0,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"final":{"url":{"schema":"http","addr":"thrive-nonlive.work/","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"title":"thrive-nonlive.work","dom":{"size":2324,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (727)","md5":"883b9d8df09a517c5dba6119d5ab6944","sha1":"3256c8026c2ccf81871bbba45ada6470fad5b9de","sha256":"25825a2cc2758ba6f749948c4312e438888b57a31d591a5faf83235f85225984","sha512":"97af24c399678f79dcb191966a25b55a8ebccb344145c1470eefee32275c4ed025e75d4edcb71cd8d52681a49d6778163d9f5afd6167be24f69cfcd35d533959","ssdeep":"","tlshash":"a941b743a49840330eb7b79bf46d7b5215d2a05e9c56c054f98d06644feeec28c3729e","dom_hash":"domhashdf520f7b2dcf3d02f71cea420848ed86","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"thrive-nonlive.work/","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":0,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-23T06:11:42Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":6,"urlquery":0,"analyzer":0}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:19Z","timestamp":1773900679,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":56834,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:19.912823+0000\",\"flow_id\":1981773399976857,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56834,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":676,\"bytes_toclient\":1805,\"start\":\"2026-03-19T06:11:19.781209+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":56854,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.095794+0000\",\"flow_id\":1772745931649396,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56854,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/fonts/Inter/Inter-Regular--latin.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":703,\"bytes_toclient\":1805,\"start\":\"2026-03-19T06:11:20.029044+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":56860,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.123147+0000\",\"flow_id\":885281134246147,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56860,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/main-dbee9253.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1119},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":634,\"bytes_toclient\":2603,\"start\":\"2026-03-19T06:11:20.030979+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":56838,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.129576+0000\",\"flow_id\":1523728022793193,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56838,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/fonts/Inter/Inter-SemiBold--latin.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":704,\"bytes_toclient\":1801,\"start\":\"2026-03-19T06:11:20.027625+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":56874,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.206688+0000\",\"flow_id\":2235867960186743,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56874,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/img/Parking.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://thrive-nonlive.work/main-dbee9253.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1147},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":656,\"bytes_toclient\":7710,\"start\":\"2026-03-19T06:11:20.137079+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"Client IP","port":56876,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.313398+0000\",\"flow_id\":1449313419440517,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56876,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1147},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":635,\"bytes_toclient\":7710,\"start\":\"2026-03-19T06:11:20.242053+0000\"}}"}],"analyzer":null,"urlquery":null},"summary":[{"fqdn":"thrive-nonlive.work","ip":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"domain_registered":"2024-04-29","domain_rank":0,"first_seen":"2026-03-19T06:11:42.475719Z","last_seen":"2026-03-19T06:11:42.475719Z","alert_count":7,"request_count":7,"received_data":150960,"sent_data":2864,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"thrive-nonlive.work/","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"dafad0cb7d46bdb6efb4cbfecefab771","sha1":"e137080c97a81035e2580cdfaecbbf76fb39f2d6","sha256":"561694a827d32acaf0ef2868c2a0190cfe91e02ed8ea96cf87a8c805edb22da9","sha512":"d2fbcda3895475ec0ecd9854a2eb0887557bc16ac80e7562d951c33e162ea98abd36e1c7c768b3a175271de634a71ec8c972e39b5222fa520fc1d9570a3e457e","ssdeep":"","tlshash":"cad0a72b7764087206fba535925db7552627104305c5c80eaf985a411fd8f8b50f9286","size":228,"data":"","first_seen":"2026-03-19T06:11:46.404174Z","last_seen":"2026-03-19T06:11:46.404174Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:19Z","timestamp":1773900679,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56834,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:19.912823+0000\",\"flow_id\":1981773399976857,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56834,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":676,\"bytes_toclient\":1805,\"start\":\"2026-03-19T06:11:19.781209+0000\"}}"}],"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"thrive-nonlive.work/favicon.ico","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://thrive-nonlive.work/","date":"2026-03-19T06:11:20.241Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: thrive-nonlive.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://thrive-nonlive.work/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 19 Mar 2026 06:11:20 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 24838\r\nLast-Modified: Tue, 05 Nov 2024 16:05:16 GMT\r\nConnection: close\r\nETag: \"672a423c-6106\"\r\nExpires: Thu, 19 Mar 2026 07:11:20 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":24838,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"d98661ca3371e1a8fa03e00ed8bd603e","sha1":"b05a91f76c8bc3df0eaf5ba45229ec4525fe492e","sha256":"2ca8a7d5bf257b1522cc51f7c192f63132bead19555afd3149bfb63d5203ac5a","sha512":"c69479a7fa73235ab8ee6c62c3a4b0cf9709445efee156227dd309db622ee2150a431d7f8d31728a256b2f1e5bf2189ff0fdaa7fc1276452756ba7792c14e9dc","ssdeep":"768:DvZsxnI85ow5O8ALZyjMqk5hxLJqgtXvRKK:DvZsxI85ow5+D","tlshash":"87b2738b6e447c45c4c44c7821b2eb6b0ee54c672858bd47a9ebf3b7a13e5b74b21309","first_seen":"2023-05-04T20:02:33Z","last_seen":"2026-06-11T02:59:39.694588Z","times_seen":5536,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":1,"connect":36,"send":0,"wait":38,"receive":33,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56876,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.313398+0000\",\"flow_id\":1449313419440517,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56876,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1147},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":635,\"bytes_toclient\":7710,\"start\":\"2026-03-19T06:11:20.242053+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"thrive-nonlive.work/","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-19T06:11:19.629Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: thrive-nonlive.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-12T01:48:45.160697Z","times_seen":16340841,"resource_available":true,"data":null}},"time_used":88,"timings":{"blocked":88,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:19Z","timestamp":1773900679,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56834,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:19.912823+0000\",\"flow_id\":1981773399976857,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56834,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":676,\"bytes_toclient\":1805,\"start\":\"2026-03-19T06:11:19.781209+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thrive-nonlive.work/","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-19T06:11:19.784Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: thrive-nonlive.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 19 Mar 2026 06:11:19 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nContent-Security-Policy: default-src 'self'; script-src 'nonce-489ab0f226d3460485867e217ce805f5';\r\nVary: Accept-Encoding, Accept-Language\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2374,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (729)","md5":"15937bdf787732511ac8bd981c12cf37","sha1":"dfc70cc45d81ccb31c600cb787e1a305f89525a3","sha256":"ecd68199571ceb2b173362457dbe9f9c58db18fd40dc70a11cb804b3c543ce89","sha512":"50a29b441651e157503729930b66e90e591dcf792638e45009a602b883084e1931e90155a95818186bc935d974f991a218e4cef5ca7a58fc309015af54792bb5","ssdeep":"","tlshash":"8241b613a49840330eb3bb97f4697b5205e3a05a9d56c094f98d0a554feeec1883729e","first_seen":"2026-03-19T06:11:46.392479Z","last_seen":"2026-03-19T06:11:46.392479Z","times_seen":1,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":42,"dns":1,"connect":45,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:19Z","timestamp":1773900679,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56834,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:19.912823+0000\",\"flow_id\":1981773399976857,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56834,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":676,\"bytes_toclient\":1805,\"start\":\"2026-03-19T06:11:19.781209+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thrive-nonlive.work/main-dbee9253.css","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"http://thrive-nonlive.work/","date":"2026-03-19T06:11:20.031Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /main-dbee9253.css HTTP/1.1\r\nHost: thrive-nonlive.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://thrive-nonlive.work/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 19 Mar 2026 06:11:20 GMT\r\nContent-Type: text/css\r\nLast-Modified: Tue, 05 Nov 2024 16:05:16 GMT\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nVary: Accept-Encoding\r\nETag: W/\"672a423c-1952\"\r\nExpires: Thu, 19 Mar 2026 07:11:20 GMT\r\nCache-Control: max-age=3600\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6482,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6482), with no line terminators","md5":"58a7e96142827f902472f6ac112ede3b","sha1":"7cc03bad30fc036eba66e75c4aa6390771f8a347","sha256":"4eb3f5c342b60894d3d27170875c07d50a79afa5447ae7ccb169b14799b0d17e","sha512":"b79462fd0e5fcc52ab7d770af499e09471022659d5d18a93bc8d630969cdc9890cf876a333c70b724282e1a1edbb4e2057f5a4ed3957ed4e493e13302825b61b","ssdeep":"96:x70U+ed6n6Ma6tCmRE3OqrpJEwlxfoYSyJxIf/ovwNx4xW:xws46Ma6tCmyXrfV2AvwNCk","tlshash":"6dd196324a027125f52bae37b1ca3e873824102356179ab6f8152ef4cffb5562b7178d","first_seen":"2024-11-12T18:30:28.667011Z","last_seen":"2026-06-09T06:21:32.200712Z","times_seen":1591,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":44,"dns":1,"connect":45,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56860,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.123147+0000\",\"flow_id\":885281134246147,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56860,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/main-dbee9253.css\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/css\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1119},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":4,\"bytes_toserver\":634,\"bytes_toclient\":2603,\"start\":\"2026-03-19T06:11:20.030979+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thrive-nonlive.work/fonts/Inter/Inter-SemiBold--latin.woff2","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://thrive-nonlive.work/","date":"2026-03-19T06:11:20.038Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /fonts/Inter/Inter-SemiBold--latin.woff2 HTTP/1.1\r\nHost: thrive-nonlive.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://thrive-nonlive.work/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 19 Mar 2026 06:11:20 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nContent-Security-Policy: default-src 'self'; script-src 'nonce-f4d1e2d05efe4a4d9749e3e956ea0a4d';\r\nVary: Accept-Encoding, Accept-Language\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2374,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (729)","md5":"976fb046aa6f763794cf9cb87dfb7462","sha1":"6f2e32f27b51000768c452d950279cd319f40a4b","sha256":"8e224292a7ae27354254477bcceb563ed5989dc99c103cde8bc57298b7055e27","sha512":"d70b9beb7f01d52b85e8d0cd7bad175fd75d792e0b27204a4103fc0fe995047cc449055f90c43c0d4225db7e4000f4a18850ebf66c3b6a82c5ec9c53a35752aa","ssdeep":"","tlshash":"d3419302a45884330ea3bbabf4a97f531593a06f5d96c050f98806255beefc18c3629e","first_seen":"2026-03-19T06:11:46.397189Z","last_seen":"2026-03-19T06:11:46.397189Z","times_seen":1,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":37,"dns":1,"connect":47,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56838,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.129576+0000\",\"flow_id\":1523728022793193,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56838,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/fonts/Inter/Inter-SemiBold--latin.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":704,\"bytes_toclient\":1801,\"start\":\"2026-03-19T06:11:20.027625+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thrive-nonlive.work/fonts/Inter/Inter-Regular--latin.woff2","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"font","requested_by":"http://thrive-nonlive.work/","date":"2026-03-19T06:11:20.036Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /fonts/Inter/Inter-Regular--latin.woff2 HTTP/1.1\r\nHost: thrive-nonlive.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://thrive-nonlive.work/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 19 Mar 2026 06:11:20 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: close\r\nContent-Security-Policy: default-src 'self'; script-src 'nonce-780b32259923473da0d583040f92c596';\r\nVary: Accept-Encoding, Accept-Language\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2374,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (729)","md5":"238de7048aa8e8aaec90a273a44ae484","sha1":"8f3d1e1f8a7c1d62dae04fe3943017a77992fce7","sha256":"02850ae6b2b049d0b3377c863d10687bbae458fc215dd2716fb7cebe0646d141","sha512":"ce02aebd853958a3e2befd31db14f8962afc8d554faf4f572aff331388cd2f8b47fd74cfc552da988e96197ad35f3b5e11c75d1af5e26dc7390a98cffd47cc6f","ssdeep":"","tlshash":"2941c612a45880330ea3bbabf4697b5614d3a09e5d47c094f98c06215feeec198372de","first_seen":"2026-03-19T06:11:46.399915Z","last_seen":"2026-03-19T06:11:46.399915Z","times_seen":1,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":24,"dns":1,"connect":31,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56854,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.095794+0000\",\"flow_id\":1772745931649396,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56854,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/fonts/Inter/Inter-Regular--latin.woff2\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://thrive-nonlive.work/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1136},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":703,\"bytes_toclient\":1805,\"start\":\"2026-03-19T06:11:20.029044+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"thrive-nonlive.work/img/Parking.jpg","fqdn":"thrive-nonlive.work","domain":"thrive-nonlive.work","tld":"work"},"ip":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://thrive-nonlive.work/","date":"2026-03-19T06:11:20.137Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /img/Parking.jpg HTTP/1.1\r\nHost: thrive-nonlive.work\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://thrive-nonlive.work/main-dbee9253.css\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 19 Mar 2026 06:11:20 GMT\r\nContent-Type: image/jpeg\r\nContent-Length: 110669\r\nLast-Modified: Tue, 05 Nov 2024 16:05:16 GMT\r\nConnection: close\r\nETag: \"672a423c-1b04d\"\r\nExpires: Thu, 19 Mar 2026 07:11:20 GMT\r\nCache-Control: max-age=3600\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":110669,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3","md5":"39c4f6a8b299c72932002c05fc807a63","sha1":"074c34cc29c6a863321f32ba8fd14e687c21a993","sha256":"946c31be4929e8fb324836480c317c5dc4978b9d3e4e9ac00d46e4f9be5d3ece","sha512":"4aa1cf5a6213a5d58359d8e286551ed44900ef4082210fa959959a61d6ed272cb420c945d653959ba6c7cae7a686b56b382f5e5e60f23f345cf3d20ca474624b","ssdeep":"3072:odTzq2GzU/x9uPRTXYVZrJV/kRB/X1amHv3mjp/s4r:odiB4XuRMlQb/FamHvup/sY","tlshash":"06b30296df79b625dd8a76336e8b2d067f099d040b67e66743d3be32c1922470f252c0","first_seen":"2023-05-04T20:02:33Z","last_seen":"2026-06-09T01:51:04.309517Z","times_seen":1817,"resource_available":false,"data":null}},"time_used":214,"timings":{"blocked":34,"dns":1,"connect":34,"send":0,"wait":36,"receive":109,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-19T06:11:20Z","timestamp":1773900680,"ip_dst":{"addr":"217.70.184.38","port":80,"asn":29169,"as":"GANDI SAS","country":"France","country_code":"FR"},"ip_src":{"addr":"172.18.0.19","port":56874,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO HTTP Request to Suspicious *.work Domain","source":"{\"timestamp\":\"2026-03-19T06:11:20.206688+0000\",\"flow_id\":2235867960186743,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.19\",\"src_port\":56874,\"dest_ip\":\"217.70.184.38\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027877,\"rev\":5,\"signature\":\"ET INFO HTTP Request to Suspicious *.work Domain\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2019_08_13\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_11_21\"]}},\"http\":{\"hostname\":\"thrive-nonlive.work\",\"url\":\"/img/Parking.jpg\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/jpeg\",\"http_refer\":\"http://thrive-nonlive.work/main-dbee9253.css\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":1147},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":7,\"bytes_toserver\":656,\"bytes_toclient\":7710,\"start\":\"2026-03-19T06:11:20.137079+0000\"}}"}],"analyzer":null,"urlquery":null}}]}