{"report_id":"e33af23d-87cf-48cf-bdfd-db3510de9ba0","version":6,"status":"done","tags":[],"date":"2025-11-14T14:52:33Z","url":{"schema":"http","addr":"redir.blowingwind.xyz/","fqdn":"redir.blowingwind.xyz","domain":"blowingwind.xyz","tld":"xyz"},"ip":{"addr":"198.211.113.186","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"redir.blowingwind.xyz/","fqdn":"redir.blowingwind.xyz","domain":"blowingwind.xyz","tld":"xyz"},"title":"redir.blowingwind.xyz/","dom":{"size":18486,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (18486), with no line terminators","md5":"a601cd89e735349f1a470b79884aca4b","sha1":"1cae3a2c9166192928dca9d59758adee31eecb3b","sha256":"205dca408958afb430c2b94a05a07bbc207c4cd12663cc62252db11c9a3977da","sha512":"50fa4ecd98d7df0e3abe0452c98605ae31b180cce3e9511f21fef85c16e8ee027eeb57e615e190aa56823e4c5644868a9fb6daeadb7a765a595897c41068f2a3","ssdeep":"96:H5rZrLDbV+CZXUgpk5POtQw07/4P4lHFj5OvMaSTlrwSTCOu:3Db9X04P4lHFj2onO","tlshash":"af829fe17dd28c38f58516c8f0b1ee29a1d3f69bdce3d884e9d411f827caa94750d1a8","dom_hash":"domhash7ab352d6692773eeabe8bdf1dbd49c38","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"redir.blowingwind.xyz/","fqdn":"redir.blowingwind.xyz","domain":"blowingwind.xyz","tld":"xyz"},"ip":{"addr":"198.211.113.186","port":0,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-19T14:52:33Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"redir.blowingwind.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"redir.blowingwind.xyz","ip":{"addr":"198.211.113.186","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"domain_registered":"2022-08-03","domain_rank":6197648,"first_seen":"2022-12-09T14:19:31Z","last_seen":"2025-11-10T05:16:34.694019Z","alert_count":1,"request_count":1,"received_data":388,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"redir.blowingwind.xyz/","fqdn":"redir.blowingwind.xyz","domain":"blowingwind.xyz","tld":"xyz"},"ip":{"addr":"198.211.113.186","port":443,"asn":14061,"as":"DIGITALOCEAN-ASN","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-14T14:52:10.738Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"redir.blowingwind.xyz","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Tue, 11 Nov 2025 06:30:50 GMT","end":"Mon, 09 Feb 2026 06:30:49 GMT"},"fingerprint":{"sha1":"FC:50:4E:5B:E7:64:8E:1D:01:23:02:B3:70:84:02:D7:9D:F9:B4:1B","sha256":"04:05:77:5D:FB:5D:5C:16:B8:E6:53:7B:26:64:44:BB:DC:B7:D4:F6:26:F7:33:54:1D:E6:A5:5D:22:E0:80:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: redir.blowingwind.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nX-Powered-By: Express\r\nSurrogate-Control: no-store\r\nCache-Control: no-store, no-cache, must-revalidate, proxy-revalidate\r\nExpires: 0\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 42\r\nETag: W/\"2a-W9eYLkCMEy+DW7L8IRGcd1TvWp8\"\r\nDate: Fri, 14 Nov 2025 14:52:11 GMT\r\nConnection: keep-alive\r\nKeep-Alive: timeout=5\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":42,"size_decoded":0,"mime_type":"application/vnd.mozilla.json.view; charset=utf-8","magic":"JSON text data","md5":"3a2c6eab9bb50c703d538dcd9fc20100","sha1":"5bd7982e408c132f835bb2fc21119c7754ef5a9f","sha256":"11a14714c90f016130f04ef69e0cfe54dbad1411dd14dca796935cca89f490e3","sha512":"36f66878c3054d5424a7f7e46ad0839756162045fad01ff84cdc2080645e0dbea3d4fb17f9fdce1fd4b743e00e5751cc73c4b08a9dc803da27c95bc30027043e","ssdeep":"","tlshash":"8b90040d0d4501cf4501711455dc1c3055c441c054505d14c145d01dd7410c15c5144d","first_seen":"2023-04-26T22:51:13Z","last_seen":"2026-03-12T20:03:18.319502Z","times_seen":24,"resource_available":true,"data":null}},"time_used":543,"timings":{"blocked":222,"dns":15,"connect":98,"send":0,"wait":99,"receive":0,"ssl":106},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-14","alert":"Sinkholed","trigger":"redir.blowingwind.xyz","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}