{"report_id":"af42b62b-a30e-4d26-8565-ced095931a78","version":6,"status":"done","tags":[],"date":"2026-04-08T11:46:06Z","url":{"schema":"http","addr":"ibkr.datarapor.com/","fqdn":"ibkr.datarapor.com","domain":"datarapor.com","tld":"com"},"ip":{"addr":"37.27.190.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"final":{"url":{"schema":"http","addr":"ibkr.datarapor.com/","fqdn":"ibkr.datarapor.com","domain":"datarapor.com","tld":"com"},"title":"Powered by CapRover","dom":{"size":2395,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"99225db9f2b5c94ceddbe66c5ece71cd","sha1":"5322acb6b4b2e22d34e52d4a864c03b65cda84ad","sha256":"34f1d388492874939cdb2eef7877f26162e043fd162de672272c150f16ad4ef6","sha512":"51f4681ec655f1138fbe50072c7f4dddf6ccea2236ad97d40c1b78bcb66ac03d31a75e389a2decac4de90346098755a306262db7ff60e9ca053e49ff87701238","ssdeep":"","tlshash":"7341de57a1f30a4b680399a02fe7671567605c13814bec9a3ede7398cf49985c9e23cd","dom_hash":"domhash0189ea7015938608786aeffcf27b639f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"ibkr.datarapor.com/","fqdn":"ibkr.datarapor.com","domain":"datarapor.com","tld":"com"},"ip":{"addr":"37.27.190.123","port":0,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-13T11:46:06Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"ibkr.datarapor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ibkr.datarapor.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2013-12-23","domain_rank":0,"first_seen":"2026-04-08T11:46:06.821994Z","last_seen":"2026-04-08T11:46:06.821994Z","alert_count":3,"request_count":3,"received_data":5205,"sent_data":1251,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ibkr.datarapor.com/","fqdn":"ibkr.datarapor.com","domain":"datarapor.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-08T11:45:44.373Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ibkr.datarapor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-30T15:35:17.961431Z","times_seen":14429233,"resource_available":true,"data":null}},"time_used":79,"timings":{"blocked":0,"dns":17,"connect":28,"send":0,"wait":0,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"ibkr.datarapor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ibkr.datarapor.com/","fqdn":"ibkr.datarapor.com","domain":"datarapor.com","tld":"com"},"ip":{"addr":"37.27.190.123","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-08T11:45:44.464Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ibkr.datarapor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Wed, 08 Apr 2026 11:45:44 GMT\r\nContent-Type: text/html\r\nContent-Length: 2401\r\nLast-Modified: Thu, 26 Feb 2026 06:39:38 GMT\r\nConnection: keep-alive\r\nETag: \"699feaaa-961\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2401,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"375a9b0f91f3f795187f6328b3d3be4f","sha1":"62be5b88e090abcb1b2dcf5e9afaafd1391970b9","sha256":"d8e78a64561df86723017519ecd84a2d8826a1186e800e19520863a9a9a6485e","sha512":"4918d31ed461e32cf981d5b2d13157696ca46141cb936d8ba55d8010d80047103202cc85f859129c0e244332b16c7302224c9b809f787abb992bd800980eaf05","ssdeep":"","tlshash":"c441fe47a1f30b4b680389a03be7271567215813c58bec993ede7398cf49684c9e23cd","first_seen":"2023-05-02T22:25:23Z","last_seen":"2026-04-15T20:09:38.166798Z","times_seen":213,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":14,"dns":1,"connect":14,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"ibkr.datarapor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ibkr.datarapor.com/favicon.ico","fqdn":"ibkr.datarapor.com","domain":"datarapor.com","tld":"com"},"ip":{"addr":"37.27.190.123","port":80,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ibkr.datarapor.com/","date":"2026-04-08T11:45:44.616Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ibkr.datarapor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ibkr.datarapor.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx\r\nDate: Wed, 08 Apr 2026 11:45:44 GMT\r\nContent-Type: text/html\r\nContent-Length: 2401\r\nConnection: keep-alive\r\nETag: \"699feaaa-961\"\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2401,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"375a9b0f91f3f795187f6328b3d3be4f","sha1":"62be5b88e090abcb1b2dcf5e9afaafd1391970b9","sha256":"d8e78a64561df86723017519ecd84a2d8826a1186e800e19520863a9a9a6485e","sha512":"4918d31ed461e32cf981d5b2d13157696ca46141cb936d8ba55d8010d80047103202cc85f859129c0e244332b16c7302224c9b809f787abb992bd800980eaf05","ssdeep":"","tlshash":"c441fe47a1f30b4b680389a03be7271567215813c58bec993ede7398cf49684c9e23cd","first_seen":"2023-05-02T22:25:23Z","last_seen":"2026-04-15T20:09:38.166798Z","times_seen":213,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-04-08","alert":"Sinkholed","trigger":"ibkr.datarapor.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}}]}