{"report_id":"25bc0450-0187-453e-94fd-a0cb43ebb506","version":6,"status":"done","tags":[],"date":"2026-03-25T16:34:36Z","url":{"schema":"https","addr":"secfeknvxaosxefucwev.supabase.co/functions/v1/redirect-handler","fqdn":"secfeknvxaosxefucwev.supabase.co","domain":"secfeknvxaosxefucwev.supabase.co","tld":"supabase.co"},"ip":{"addr":"104.18.38.10","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"secfeknvxaosxefucwev.supabase.co/functions/v1/redirect-handler","fqdn":"secfeknvxaosxefucwev.supabase.co","domain":"secfeknvxaosxefucwev.supabase.co","tld":"supabase.co"},"title":"secfeknvxaosxefucwev.supabase.co/functions/v1/redirect-handler","dom":{"size":169,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with no line terminators","md5":"daf73c6cb9e9f8d2edf4b18aeae5acc7","sha1":"872be5bc15dd1bb400c289fb22f6564d8d9e50df","sha256":"72cecaf2d39f19653ae41d6e779ad8d63054e9bd25b9e1c7acbb4f2f34e5453b","sha512":"9cfbdc10e5bbe183aa4421ac9bd2fb203bb53dfedaf6563ab78df0aa35230d18e6aa40f762348a25b4362ec043caf35653fe249ab26c3555e478b0355eef6e68","ssdeep":"","tlshash":"20c0ccfb82a0200bba2030c2fc823028a282a000f22b0820f2000038c0c828cc8c0aaa","dom_hash":"domhashc1fec9cafeadbac0b33c1409ff211c3f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"secfeknvxaosxefucwev.supabase.co/functions/v1/redirect-handler","fqdn":"secfeknvxaosxefucwev.supabase.co","domain":"secfeknvxaosxefucwev.supabase.co","tld":"supabase.co"},"ip":{"addr":"104.18.38.10","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-29T16:34:36Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":3}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-25T16:34:14Z","timestamp":1774456454,"ip_dst":{"addr":"104.18.38.10","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59684,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Observed Online Application Hosting Domain (supabase .co in TLS SNI)","source":"{\"timestamp\":\"2026-03-25T16:34:14.557585+0000\",\"flow_id\":330296113648078,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":59684,\"dest_ip\":\"104.18.38.10\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2050130,\"rev\":1,\"signature\":\"ET INFO Observed Online Application Hosting Domain (supabase .co in TLS SNI)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"High\"],\"created_at\":[\"2024_01_17\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2024_01_17\"]}},\"tls\":{\"sni\":\"secfeknvxaosxefucwev.supabase.co\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"0faf2a91198d40dbd58b9308f3fca2fd\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-65037,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":934,\"bytes_toclient\":3514,\"start\":\"2026-03-25T16:34:14.545230+0000\"}}"}],"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"secfeknvxaosxefucwev.supabase.co","ip":{"addr":"104.18.38.10","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-03-20T08:35:18.933675Z","last_seen":"2026-03-20T08:35:18.933675Z","alert_count":6,"request_count":2,"received_data":1829,"sent_data":1030,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"secfeknvxaosxefucwev.supabase.co/functions/v1/redirect-handler","fqdn":"secfeknvxaosxefucwev.supabase.co","domain":"secfeknvxaosxefucwev.supabase.co","tld":"supabase.co"},"ip":{"addr":"104.18.38.10","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-25T16:34:14.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"supabase.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Mar 2026 06:43:00 GMT","end":"Sun, 31 May 2026 07:42:47 GMT"},"fingerprint":{"sha1":"9E:9E:40:F8:56:B5:7F:B2:5C:52:C4:07:26:47:4E:69:AD:77:F0:96","sha256":"39:8B:CC:E2:D9:95:CB:23:CB:09:2A:93:7B:5B:58:BD:95:B4:08:A4:5F:BF:89:AB:7B:B1:14:03:47:89:AE:7D"}}},"request":{"raw":"GET /functions/v1/redirect-handler HTTP/1.1\r\nHost: secfeknvxaosxefucwev.supabase.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 400 Bad Request\r\ndate: Wed, 25 Mar 2026 16:34:14 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 65\r\nserver: cloudflare\r\ncf-ray: 9e1f52691cd00883-OSL\r\ncf-cache-status: DYNAMIC\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\naccess-control-allow-headers: Content-Type, Authorization, X-Client-Info, Apikey, X-API-Key\r\naccess-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS\r\nsb-gateway-version: 1\r\nsb-project-ref: secfeknvxaosxefucwev\r\nsb-request-id: 019d25d8-bdcf-7588-8d7a-932dcbdc7356\r\nx-deno-execution-id: ad036e5a-add8-4748-822b-ac82b221a349\r\nx-sb-edge-region: eu-central-1\r\nx-served-by: supabase-edge-runtime\r\nset-cookie: __cf_bm=9u0Rh8hEC0OlP15Cb_LbxAQBTnJpB8ciQ.l0VlL4Y3E-1774456454-1.0.1.1-ckFz_qxoFy3y0oqVU.MDW0Sq44fDNyIMlLY5hZQ0tJfMY4eJjAAkuvyyA10RWeo9hZ653xYFjVf3pbjraYc.wDAyZH2ABdmZX2B.VPqGWdI; path=/; expires=Wed, 25-Mar-26 17:04:14 GMT; domain=.supabase.co; HttpOnly; Secure; SameSite=None\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"Bad Request","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"77f3b75f942fc335cd4fcdbe093b525f","sha1":"7d796ef3aa048e7d6c0b05826b18c9ffefed30e4","sha256":"da8a570c4c4d8dfab4be857f2fe3868e252ecd64640fccdfc4c3d3ace0ce2e0f","sha512":"cabce4ebc59c54b7919695066b9d57952d8a1417218154c76a584258c0d682653f8ad14f6dd7ca52dc781f828d17cafac419ed5b0dba0f633aef8bad1d2ac6a0","ssdeep":"","tlshash":"559002a586e46055241140523851a4684306a1206b520195942545695449095999003a","first_seen":"2026-03-25T16:34:37.622266Z","last_seen":"2026-03-25T16:34:37.622266Z","times_seen":1,"resource_available":false,"data":null}},"time_used":472,"timings":{"blocked":43,"dns":23,"connect":3,"send":0,"wait":381,"receive":1,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"secfeknvxaosxefucwev.supabase.co/favicon.ico","fqdn":"secfeknvxaosxefucwev.supabase.co","domain":"secfeknvxaosxefucwev.supabase.co","tld":"supabase.co"},"ip":{"addr":"104.18.38.10","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://secfeknvxaosxefucwev.supabase.co/functions/v1/redirect-handler","date":"2026-03-25T16:34:15.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"supabase.co","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Mar 2026 06:43:00 GMT","end":"Sun, 31 May 2026 07:42:47 GMT"},"fingerprint":{"sha1":"9E:9E:40:F8:56:B5:7F:B2:5C:52:C4:07:26:47:4E:69:AD:77:F0:96","sha256":"39:8B:CC:E2:D9:95:CB:23:CB:09:2A:93:7B:5B:58:BD:95:B4:08:A4:5F:BF:89:AB:7B:B1:14:03:47:89:AE:7D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: secfeknvxaosxefucwev.supabase.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://secfeknvxaosxefucwev.supabase.co/functions/v1/redirect-handler\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 25 Mar 2026 16:34:15 GMT\r\ncontent-type: application/json\r\ncontent-length: 37\r\npriority: u=6,i=?0\r\nset-cookie: __cf_bm=LH89fkKOXwCx7P9xOQpC4pzZxNjfGVeQ.mr0LZJxOOU-1774456455-1.0.1.1-Bps5NTriS3iYqsY3HDPOopDEYVFbQXsOB0a76DvCiwCN4p3agU0Q88K3OqVANCifyv7oiZAbdLqrRbUmigTChuDKm576LefXoTxW5VDXsP4; path=/; expires=Wed, 25-Mar-26 17:04:15 GMT; domain=.supabase.co; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nserver: cloudflare\r\ncf-ray: 9e1f526c4d145ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"fef992e9ff08447252a8e94d297b2910","sha1":"04a96c7745ea234e7bd799883524c6e0f6d7e85b","sha256":"2b87bc4816733d2cf987c3b26629e4a98acacdb7090c3c75ff08c9bb6889d9e7","sha512":"a9f76a179f01fcd367c87a908849be99410071c352f7fabd8f6d1d027b556453a096fab30fde65c9995b5c180f3b2ec116747de3b9969eccb9405c2cb34d17c1","ssdeep":"","tlshash":"ae800083008008abcfa203c82e8a0e3282c3e2cc22200ca2202a03cc00c8ae38a8030a","first_seen":"2024-07-06T16:07:11Z","last_seen":"2026-05-27T13:27:15.623909Z","times_seen":490,"resource_available":true,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-03-25","alert":"Sinkholed","trigger":"secfeknvxaosxefucwev.supabase.co","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}