{"report_id":"493e46a2-cbed-481b-ac27-65b052792772","version":6,"status":"done","tags":[],"date":"2026-01-24T13:51:55Z","url":{"schema":"https","addr":"ocdrop.app","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":"app"},"ip":{"addr":"91.196.33.99","port":0,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"final":{"url":{"schema":"https","addr":"ocdrop.app/","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"title":"OpenChat","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ocdrop.app","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":"app"},"ip":{"addr":"91.196.33.99","port":0,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-28T13:51:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ocdrop.app","ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-07T07:57:12.505218Z","last_seen":"2026-01-07T07:57:12.505218Z","alert_count":13,"request_count":13,"received_data":5003113,"sent_data":5989,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"oc.app","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-05-24","domain_rank":579408,"first_seen":"2021-05-25T16:53:41Z","last_seen":"2026-01-07T07:56:54.132509Z","alert_count":0,"request_count":1,"received_data":13932,"sent_data":437,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ocdrop.app/","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":true,"md5":"d1ba66be32309a86f8185e9713573d89","sha1":"83d3cfa1eb7c80243c6fd09378b685575717ff98","sha256":"9823e3d6ed23b492bd7d83a8641a36adb939bff00f3e5a62b2b55ae73429e158","sha512":"a3e889d15ff119a97a4cf788adda5639bc8c386d70e9e16747545cef85980f3b76584dddcf8b24e85f51d0b7792ed9cd4f3b63b9cd658c5c7f480d56557f8875","ssdeep":"","tlshash":"10b012f408aa01264075412cc56ed911620560073c347440f69c82dc9f9f05e18f07c0","size":124,"data":"","first_seen":"2025-12-12T13:14:30.022184Z","last_seen":"2026-01-24T13:52:37.690107Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/dropdown-js-2.12.1.min.js","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"c5835480f5da15a6035d17ac7976ab60","sha1":"2c81c910e49079b36798eb34bbf1853af09b4167","sha256":"0c10f8c8cc7e3a2e6fb7a12c1d85ab0528b0459a255bf49e5025360e3de123c1","sha512":"234a32d1e6d89c646fe70bbe1a0ed25d8d9ab10645c4dc4a85c80e72766d341c7b0d9b2a28b068ddcc22c90bfa020d0efacadeec0f4c4147f2f23be60f9f6030","ssdeep":"1536:YVMS7sk0XgtIvVlwC+4sg4w3+skFCTcWCxZWe:YV77sk8gtIvVlsRw3HcWJe","tlshash":"92a385e5694bd0e48e9120ded4b3e815e8289d23cd6cf1a3b96ceec0746df66844713b","size":98686,"data":"","first_seen":"2025-12-12T13:14:30.015749Z","last_seen":"2026-01-24T13:52:37.683702Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/audio-context.cjs.js","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"bfb64c395d375e3e4b9287f899ad7b5c","sha1":"7d66480e59463c5ab4768efada13a45e0b935892","sha256":"b09c7727fbccebac39c249a9581a372a455aa6e9f8a963c70c1badd739eb7a29","sha512":"a3822a137821f83a8f09746b14559920791f5d14427935f1958b7d4cd81811ff9602e75944a0ec6699c730c3dc72f182fe1a470cd222907461cb7c7d8972a914","ssdeep":"6144:tVYflnYrhro/VX6axbCb5KC058Ay8Ckl7JBM6E3iMHD0:tVYEhgBc54+HD0","tlshash":"f6a44f8a31fa2c1ace2055d4426e90b89e634a73c7615deff2c0b1c9e61dd6213dfe91","size":465724,"data":"","first_seen":"2025-12-12T13:14:30.018865Z","last_seen":"2026-01-24T13:52:37.678054Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"Function","is_inline":false,"md5":"88c7864233c495eb135c389084782b50","sha1":"a3260489c40f19fc61191b3ae3c70ccc0eadc57a","sha256":"9ad2a762546a144cee4824e7c23fc536e936b74962da70da5a498f0602ceaeef","sha512":"bd2da3efeb01878c67f8a2ba2efcfd5688e6f5403b53bcfc552bb558598aa72b9c89162a5dad68f3ce8225b82e00d5692f7908563a7bc10ddc20eb3ebf0d59a5","ssdeep":"6144:bePuljzM/VXu1YDl45MQ058Ay8CIn9pBM6E3ieh5S:bfj8Bsp4Ah5S","tlshash":"dca45f4971be2c2ace2055d4466e81b89e634e73c3616deff2c4b188e61cd6213dfe91","size":458616,"data":"","first_seen":"2025-12-12T13:14:30.021333Z","last_seen":"2026-01-24T13:52:37.691217Z","times_seen":9,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/4rVSDI7b.php?s=%2F%40v1%2Fcdn%2Fjs%2Fpdf-lib.theme.cjs.js%3Ft%3D29487711%26u%3DEMYmq6SFEjWU_FzVGDY5MjU2NDQxMjhjZmYzYzM0MDI3YjJiNXCwatkMCAfftFuvTg","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"introduction_type":"scriptElement","is_inline":false,"md5":"c835ce0aa761a791b29ba4c102a85e28","sha1":"828e40328ca8ff740f1090e6f63e170c1592a62c","sha256":"4ee6631554867dc1bfadbfe5f4b4ebf4cec5164ba142f8db92f840c2028496cf","sha512":"49cefc3ca9614cebafe201eef12b5cdebcdd19da6ab30f530d7a81a8ef91fca5f02eb63108b8056c2dbd4c22b8b337aae939a712f4a876bdeef21a1e2a9f3225","ssdeep":"6144:9ujB8gltIeTM5/S8g6zRhNgDzQebuazBzqXQPkBAUvVdZcml4L:ihltVM/g6ZszQeqazNqXQcBvK","tlshash":"29d4bcec970a167788cb97b6423363afef884d1a236b3c406ec19cd1574a74e53ea15c","size":641034,"data":"","first_seen":"2026-01-01T19:22:06.925398Z","last_seen":"2026-03-30T11:52:16.142566Z","times_seen":405,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ocdrop.app/icon.png","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /icon.png HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:31 GMT\r\nContent-Type: image/png\r\nContent-Length: 8244\r\nLast-Modified: Wed, 03 Dec 2025 19:15:49 GMT\r\nConnection: keep-alive\r\nETag: \"69308c65-2034\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8244,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"d7e5e25efdb9502528b398010cc4f5d8","sha1":"ad4760e1f2dbdddc153dd2185019e55e78a97072","sha256":"4aebb82bd805020c51ce2f04c60b0eb49ddae08fa2835088891df7b095f59319","sha512":"3c245b4d5571a002c92605291b2bf9f490385a2cff0b4b6ebafd5c57b8259794e2b0973eba273b5374257e71b723a768031c1baf6f99bf4ca3211ee397d7f2e5","ssdeep":"192:HeiqwhV5AYE6WyfyauSkVxA0TDlF6vL/GBA+PY1kNEfV:Hcw5pfuSkVuGDgL+BAmBud","tlshash":"4b02bfa34e227944903be75f46aa010cec251fef032732a7eb6b19fb99840d26e1442d","first_seen":"2025-12-12T13:14:30.016937Z","last_seen":"2026-01-24T13:52:37.688896Z","times_seen":9,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":148,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-24T13:51:29.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:29 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: 11735\r\nConnection: keep-alive\r\nLast-Modified: Wed, 03 Dec 2025 21:46:28 GMT\r\nETag: \"10792-6451325062dfc-gzip\"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67474,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7669)","md5":"cf66759fa2e49847a1319cf7391a9deb","sha1":"580aad5c415d302a30089dcefff2c710d7e30a54","sha256":"c759b51c71083887a3e278335af4ff83996abb1d7c68f6d3d8ef7c12c4f7f9c1","sha512":"40fe48b807c384918fcfc91641aa017feaa7fd874e48067d9ebb9f9563f72619ea40e9a25456a60ccf6f0c5de7ecf43455bba2b54aeae15add873e4a2ecffc23","ssdeep":"768:C7mk7vraL4Bn/abzMufh2obHncNfCF+szplMga2Zd355J3:C7XEsnHufh/i+pffd355J3","tlshash":"a563a70965a31068a45b523877ff1628327cd187ef0acdac7fcd5288cf89af955e6348","first_seen":"2025-12-12T13:14:30.01799Z","last_seen":"2026-01-24T13:52:04.106024Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1009,"timings":{"blocked":350,"dns":56,"connect":146,"send":0,"wait":302,"receive":1,"ssl":151},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/css2.css","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:30.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /css2.css HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:30 GMT\r\nContent-Type: text/css\r\nLast-Modified: Wed, 03 Dec 2025 19:15:49 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69308c65-686c\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":26732,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1572)","md5":"3838069da1ca291c085589531b66851d","sha1":"14e0c785a9ab25f5d6d7063d035235a3831f1521","sha256":"5d5c1a44420957584e0cd6b98ac88e61efef6e31daf2162523e209aa6bb4708d","sha512":"d039b31ace316d3ad1528165e4bb1eda18fe7662c5095b08102f9dd63d7b2144379387571c9d553748c561f5b6b1e78edcfecdd76e4b36d6cac8ce637886ec60","ssdeep":"192:Ka/y/D4t3WMa9h/8/t31Ta+P/GRt3T1a0j/8htCaWj/UHGt2nql4bqGIwV4vBaqO:C0qatyffR6qY4UrJqY4oxwqY4aT9qY4d","tlshash":"54c2d890042b4000e7876ce223ce7f36fe5ea240b044d939affd175aadceda562a575d","first_seen":"2025-12-12T13:14:30.01473Z","last_seen":"2026-01-24T13:52:37.684868Z","times_seen":9,"resource_available":false,"data":null}},"time_used":732,"timings":{"blocked":278,"dns":1,"connect":150,"send":0,"wait":148,"receive":0,"ssl":152},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/secureproxy?e=ping_proxy","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:30.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /secureproxy?e=ping_proxy HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ocdrop.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:31 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":273,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"c793663e88efcfcf1fc5d45c0781c15c","sha1":"14d4b4bc4e29df4bd109c207e6697ba8e6b1ece7","sha256":"3ba0905257feaa637534b744f63288bb312fa5b881a9262b69c0dc50722e29b9","sha512":"56f1948c6b0c76d87298575ea785644fb5166be729fb95c3a233daa627d12e5ea77fc562d0444eee5a6a92b109a847064d69dcecd111ddee7e5b72ec26331002","ssdeep":"","tlshash":"6dd02b9f5043b3964811246079c125d2268d12faa47a81a82dc6e487529857fce9ad8c","first_seen":"2026-01-07T07:57:16.955944Z","last_seen":"2026-01-24T13:52:04.103483Z","times_seen":4,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/4rVSDI7b.php?s=%2F%40v1%2Fcdn%2Fjs%2Fpdf-lib.theme.cjs.js%3Ft%3D29487711%26u%3DEMYmq6SFEjWU_FzVGDY5MjU2NDQxMjhjZmYzYzM0MDI3YjJiNXCwatkMCAfftFuvTg","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /4rVSDI7b.php?s=%2F%40v1%2Fcdn%2Fjs%2Fpdf-lib.theme.cjs.js%3Ft%3D29487711%26u%3DEMYmq6SFEjWU_FzVGDY5MjU2NDQxMjhjZmYzYzM0MDI3YjJiNXCwatkMCAfftFuvTg HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:32 GMT\r\nContent-Type: text/javascript;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Max-Age: 3600\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":641034,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"c835ce0aa761a791b29ba4c102a85e28","sha1":"828e40328ca8ff740f1090e6f63e170c1592a62c","sha256":"4ee6631554867dc1bfadbfe5f4b4ebf4cec5164ba142f8db92f840c2028496cf","sha512":"49cefc3ca9614cebafe201eef12b5cdebcdd19da6ab30f530d7a81a8ef91fca5f02eb63108b8056c2dbd4c22b8b337aae939a712f4a876bdeef21a1e2a9f3225","ssdeep":"6144:9ujB8gltIeTM5/S8g6zRhNgDzQebuazBzqXQPkBAUvVdZcml4L:ihltVM/g6ZszQeqazNqXQcBvK","tlshash":"29d4bcec970a167788cb97b6423363afef884d1a236b3c406ec19cd1574a74e53ea15c","first_seen":"2026-01-01T19:22:06.925398Z","last_seen":"2026-03-30T11:52:16.142566Z","times_seen":405,"resource_available":true,"data":null}},"time_used":1762,"timings":{"blocked":44,"dns":0,"connect":0,"send":0,"wait":1417,"receive":301,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/secureproxy.php?e=jscdn/getFile","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"POST /secureproxy.php?e=jscdn/getFile HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ocdrop.app/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://ocdrop.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"4iufi6wrxzj7zdt8hu8i\"}"}},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:33 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Max-Age: 3600\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3687949,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"5fa2534d3bac579747dae9f87b603314","sha1":"17b6ddfbbad9acd86762475fab0ea2c950bea99a","sha256":"8d4c2aa30dad24c8d37352ab0c8d195bf48cafe833c4317615d90efc2b680bbd","sha512":"515821fbb0c138c3a226a81c78b40b88496f793515ec91cf5120c2e6cb2387c0a23b0ecd80b2aa9a7f98aadc247543af99b5fe22767160a593017713966335bb","ssdeep":"24576:hbVXAzJDPzV/n6jiPKyDnsoso83DR34fXjcjGb/YWtPbg+lsVob:hbVQzJDrR6jiSyDnsa8393ycjsxt","tlshash":"3425e1ca0802909ccbdb126ab5f14a096acd88de4bd8633b8cb9fd873554b7ccde5157","first_seen":"2026-01-24T13:51:57.509074Z","last_seen":"2026-01-24T13:52:04.107591Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2793,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1781,"receive":1012,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app//4rVSDI7b.php?s=%2Fjmpd%2F","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:33.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"POST //4rVSDI7b.php?s=%2Fjmpd%2F HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ocdrop.app/\r\ncontent-type: application/json\r\nContent-Length: 2190\r\nOrigin: https://ocdrop.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2190,"data":"{\"route\":\"8XUwkBv9vhPYfVpD1fxb7EC65sUXJdqr\",\"payload\":\"aTDdin1CFDiv2Jf6ZCgtEz8dqGhNNE9S2TuHKs8EjrXXmiEhywXVELkF1VD97AEQKmkPqaPcW3kiSBQgAJPiuZ3VDmWZHGKrff1WY1MKkrMdZzsuUQHbYXua3uFiVs7rCQEJJmoWLFfArMSmi1W6bYv6K4Nx6LCzR3DLTpYE4KaP6YztPz1ku6XuP4PktYFbZeuLCdE5cV116P15vdnGFWsgGQDcNNAZQpE8H67bk2aDqFMwbRj2LzDp5rRwARMUtwwxm4MdfWFURekA3K7yXQWEeVw16eXkBLjsR7sXGPKHt7vbh9ujL2AgpXtkuxBuqTdXx7gMRWt1rUTuTjtjbfzmHRZBPrG4wZuqD3CqDNTBnGWeh6RVeVwKvjhxBovXQwSpm4Kf7M99J1fvix9xt9kLjFhjyFV2KWVkPNEZ4PS8MTfTiC19aavz8vavrGrYXo3SGccbE35eCGTYfGZGkPv49WUwKMBoS9Z3K2nstJQE7QgTDNHpXi86DawQF7bkwfjHsbUsxYHzwiNaV3wxsnNtvAashup47X4cNaqG6Gdyg8F7EwyUT3D4sdkbkRkpuGVm6hJV6Auh1Hvj5ngdkEqRZtmbKHniF4RfysceP9FfL3iq63aPT3bj3vKVNxfjW4zSF8zEN4Ms1v7jTnKai3xrFAraBeKu8Q2EYuk4kDZYGbrpwNXvoMy33r2SnLsT4VHURb63bkBA8dbmaK13BEyrfPaUTuJyMUnBTRzECVDkz3yXew7a3Snc8MTdz61tVX1T3WKkaHAVv4mxZoLEmr9zha6pU1hzdBiy5396UPkWZUNFCct3WcSfvAFFskEAU82GPPafokbXk55EkPK3qW7FwzBn949QkMVH5EU75QFjWL5uL1q7rStUruMMdUCKguBQVBCX1WPuiiis9WbRPFc1fFGpTmUXPjmHAixagBZGhb9mi1EqHRbtawaAuiFgNMxtpoQwrNXnLnQEPT8sXgiwA7gRx1LQueptrMzSZQpPd7NdrYxtzvRjhcuJu1D2xWbtDUcZqk7UTDrXWDptS1txctQcLnBT4qoWMkYdwedusKy6f32fyLzAWEL3jh4Krv9TEXp5aH9dNVkoSVMcNgCfUwpgEu9n6rQ12fzc3EiBoNCQYpKnv1qRTFinVYBDDJBXFJ4wNBaLSf4JbRkiKKhA5MTBtsdL7PwCmNVXYDrKQboRq7yxCP5rfvPLhb5nfEnZcKTSA7t1nAwRzHKyMxG6JqtkzHFqqUs4BoSLTrb7wyBYFXi1HP6CmPCB7LTSLotgQ9JMjwEXoGMWuVrn7gjWrT1dsMYs6dL6QnMQJssuGAkKQ6g6mRiYBF93Nt7Tbqf7ih5Tj9foxt4zb5B2J6BxM3axxggoJf5dH2r26NaU6LBk6adLEostG3dTGMv7XDbAzeKsVaJadA6kJ21PZ5uspapFSU28T5Y4Lfb8yHmDaWLYwo6gjnV9svkCyU3hkMHyknt1UkfBF7XEQ3jyTTTRVucPpGq4h8mGx3oHgXHGK9SE9KhhFPtjKXt4CrfYLdQhWfnTZz1o8sD1dmz1A61Nschh8fyvKQPpQBGavzPwffx2ueHM7RvG9gpbhxvsCvnzP6BJEvoY6TBnKfYQyYoUiLRagQNkJGFa2NE26B9bBAMLj4kTLXkRiLJweFGRXt86KpTnwt6GVqcW5GpJGKwDUbVgFi6R13SrxufM8QH3VMqMFGfwCJRi2PyHcQJrRi4qYTSEbMBVTtQRCdnhk29SpNH5y6EuhHeTQFjb2Dnse63zeM2fHe7dJbVPUPqXVAbTAHKXHyXz3ZCBYAyAssMB5A6U6eVgNVkqyf69WmfCtwiwnZ3KYxAJix1vB241yfKvCZZi55M6yreVXHZdSFuRZUoe74Jn7A5s9dGHxncr1poDiFP1HFtmiuUEDNgqTC1eP4dstQgc91e8KK2w9nPFzreKjvRF8SGSWPgZuWTuPUbx7egNdtc2pNZNcPpccjNz89dQ5jAstov6Qzehsu4gNMePJ6cNJ1iLytG18ECkWMctpMMx6vHp8T5jxNAGSdwnL99j2ShbtCDyYsxtDL3GsaQv4zdYyqBtqmMP2rGJdS4xjjuMWnyt8RNY4vzzuwa1dgRV2z3kameKsUq5a\"}"}},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:33 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, HEAD, POST, OPTIONS\r\nAccess-Control-Allow-Headers: *\r\nAccess-Control-Max-Age: 3600\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-13T17:33:37.826371Z","times_seen":16391923,"resource_available":true,"data":null}},"time_used":539,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":539,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/audio-context.cjs.js","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:29.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /audio-context.cjs.js HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:30 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Wed, 03 Dec 2025 20:16:20 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69309a94-71b3c\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":465724,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65475)","md5":"bfb64c395d375e3e4b9287f899ad7b5c","sha1":"7d66480e59463c5ab4768efada13a45e0b935892","sha256":"b09c7727fbccebac39c249a9581a372a455aa6e9f8a963c70c1badd739eb7a29","sha512":"a3822a137821f83a8f09746b14559920791f5d14427935f1958b7d4cd81811ff9602e75944a0ec6699c730c3dc72f182fe1a470cd222907461cb7c7d8972a914","ssdeep":"6144:tVYflnYrhro/VX6axbCb5KC058Ay8Ckl7JBM6E3iMHD0:tVYEhgBc54+HD0","tlshash":"f6a44f8a31fa2c1ace2055d4426e90b89e634a73c7615deff2c0b1c9e61dd6213dfe91","first_seen":"2025-12-12T13:14:30.018865Z","last_seen":"2026-01-24T13:52:37.678054Z","times_seen":9,"resource_available":true,"data":null}},"time_used":587,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":147,"receive":440,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/dropdown-js-2.12.1.min.js","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:30.019Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /dropdown-js-2.12.1.min.js HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:30 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nLast-Modified: Wed, 03 Dec 2025 19:00:43 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"693088db-1817e\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":98686,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c5835480f5da15a6035d17ac7976ab60","sha1":"2c81c910e49079b36798eb34bbf1853af09b4167","sha256":"0c10f8c8cc7e3a2e6fb7a12c1d85ab0528b0459a255bf49e5025360e3de123c1","sha512":"234a32d1e6d89c646fe70bbe1a0ed25d8d9ab10645c4dc4a85c80e72766d341c7b0d9b2a28b068ddcc22c90bfa020d0efacadeec0f4c4147f2f23be60f9f6030","ssdeep":"1536:YVMS7sk0XgtIvVlwC+4sg4w3+skFCTcWCxZWe:YV77sk8gtIvVlsRw3HcWJe","tlshash":"92a385e5694bd0e48e9120ded4b3e815e8289d23cd6cf1a3b96ceec0746df66844713b","first_seen":"2025-12-12T13:14:30.015749Z","last_seen":"2026-01-24T13:52:37.683702Z","times_seen":9,"resource_available":true,"data":null}},"time_used":871,"timings":{"blocked":275,"dns":0,"connect":147,"send":0,"wait":293,"receive":2,"ssl":151},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/index_2.html","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /index_2.html HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:31 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":273,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"c793663e88efcfcf1fc5d45c0781c15c","sha1":"14d4b4bc4e29df4bd109c207e6697ba8e6b1ece7","sha256":"3ba0905257feaa637534b744f63288bb312fa5b881a9262b69c0dc50722e29b9","sha512":"56f1948c6b0c76d87298575ea785644fb5166be729fb95c3a233daa627d12e5ea77fc562d0444eee5a6a92b109a847064d69dcecd111ddee7e5b72ec26331002","ssdeep":"","tlshash":"6dd02b9f5043b3964811246079c125d2268d12faa47a81a82dc6e487529857fce9ad8c","first_seen":"2026-01-07T07:57:16.955944Z","last_seen":"2026-01-24T13:52:04.103483Z","times_seen":4,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":152,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/burst_dark.svg","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /burst_dark.svg HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:31 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 03 Dec 2025 19:15:49 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69308c65-3bd\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":957,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5a80c38ff4db205b9e796c70e1b2130a","sha1":"fdae09ab3bfa73d4e75539882826294588d4f2b3","sha256":"af82b8277966c6434e3a18dc58b3e0fda30b8b22260980ed905dc87f16c990f5","sha512":"4b0fffa68edf4146a4aa08871ebe408325e929cb380a62b33eb6ba1eaa5d6bfb4526efd9a5927cc4532d752644d7899d483c55b93d5e0a4b397ac1c0acf47f52","ssdeep":"","tlshash":"25110034d2f9a416b327c06cff9acc562a64e0c38144429cf46e6e75572ecc3698f2a8","first_seen":"2025-12-12T13:14:30.011228Z","last_seen":"2026-01-24T13:52:37.680195Z","times_seen":9,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/secureproxy?e=jscdn/getFile","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.122Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"POST /secureproxy?e=jscdn/getFile HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ocdrop.app/\r\nContent-Type: application/json\r\nContent-Length: 37\r\nOrigin: https://ocdrop.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":37,"data":"{\"permit_key\":\"4iufi6wrxzj7zdt8hu8i\"}"}},"response":{"raw":"HTTP/1.1 404 Not Found\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:31 GMT\r\nContent-Type: text/html; charset=iso-8859-1\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":273,"size_decoded":0,"mime_type":"text/html; charset=iso-8859-1","magic":"HTML document, ASCII text","md5":"c793663e88efcfcf1fc5d45c0781c15c","sha1":"14d4b4bc4e29df4bd109c207e6697ba8e6b1ece7","sha256":"3ba0905257feaa637534b744f63288bb312fa5b881a9262b69c0dc50722e29b9","sha512":"56f1948c6b0c76d87298575ea785644fb5166be729fb95c3a233daa627d12e5ea77fc562d0444eee5a6a92b109a847064d69dcecd111ddee7e5b72ec26331002","ssdeep":"","tlshash":"6dd02b9f5043b3964811246079c125d2268d12faa47a81a82dc6e487529857fce9ad8c","first_seen":"2026-01-07T07:57:16.955944Z","last_seen":"2026-01-24T13:52:04.103483Z","times_seen":4,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":130,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ocdrop.app/spinner.svg","fqdn":"ocdrop.app","domain":"ocdrop.app","tld":""},"ip":{"addr":"91.196.33.99","port":443,"asn":31480,"as":"SilverCom.RU Ltd.","country":"Russia","country_code":"RU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.111Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ocdrop.app","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Dec 2025 17:58:02 GMT","end":"Tue, 03 Mar 2026 17:58:01 GMT"},"fingerprint":{"sha1":"C7:13:BF:B5:50:61:8B:2A:E9:D2:66:9F:59:8C:DE:09:DA:B5:ED:D5","sha256":"B2:AB:E2:AF:03:6A:0A:A8:97:D6:0F:14:73:56:C9:76:98:87:8B:BA:14:D8:D6:DB:E7:6A:3D:3C:A7:C2:0F:56"}}},"request":{"raw":"GET /spinner.svg HTTP/1.1\r\nHost: ocdrop.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Sat, 24 Jan 2026 13:51:31 GMT\r\nContent-Type: image/svg+xml\r\nLast-Modified: Wed, 03 Dec 2025 19:15:49 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nETag: W/\"69308c65-7ca\"\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1994,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d64f1d1110ff4ca9a700eb704243cd6c","sha1":"2c7cf2b83d08b53178061c3ca02c126dc64640b9","sha256":"1c013f0f09cf67b7c46963b6f6e735c2a63ae497fe8fa4ce9b248313e3c8faa0","sha512":"c2b0ae6f6da5ca8c3f2f528f9097a8bb9468f755de80faf86bd6e142b4021a57a8a413af8132f45dc6a4f24f48d4d8ab79e3fd3a1e18ca24b5bc0eba3e8681e6","ssdeep":"","tlshash":"1d4141b5d5ad892bd20ec088ce815c1e9b3dc2fb625084d9f09d1e7c5b7e0d1888fac2","first_seen":"2025-12-12T13:14:30.009679Z","last_seen":"2026-01-24T13:52:37.686273Z","times_seen":9,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":30,"dns":0,"connect":0,"send":0,"wait":146,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-24","alert":"Sinkholed","trigger":"ocdrop.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oc.app/_/raw/apple-touch-icon.png","fqdn":"oc.app","domain":"oc.app","tld":""},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ocdrop.app/","date":"2026-01-24T13:51:31.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"oc.app","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 30 Dec 2025 01:33:42 GMT","end":"Mon, 30 Mar 2026 02:31:57 GMT"},"fingerprint":{"sha1":"5D:8B:EE:DE:F0:6D:96:1D:01:CF:E0:32:AD:7F:C4:17:CA:A0:9F:06","sha256":"4D:3E:D0:8F:19:FF:05:A2:51:3B:AD:66:62:E7:F0:F5:01:2F:3B:1C:EF:A7:76:B8:30:9D:45:B6:8E:E0:9E:9D"}}},"request":{"raw":"GET /_/raw/apple-touch-icon.png HTTP/1.1\r\nHost: oc.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ocdrop.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 24 Jan 2026 13:51:31 GMT\r\ncontent-type: image/png\r\ncontent-length: 8969\r\nic-certificateexpression: default_certification(ValidationArgs{certification: Certification{no_request_certification: Empty{}, response_certification: ResponseCertification{certified_response_headers: ResponseHeaderList{headers: [\"content-type\", \"Cache-Control\", \"X-Cacheable-Resource\"]}}}})\r\ncache-control: public, max-age=2592000\r\nx-cacheable-resource: true\r\nic-certificate: version=2, certificate=:2dn3o2R0cmVlgwGDAYMBggRYICHXWQ3r6VKNOHdcQvARnQKAk9V/Vya1j1AIBYRcpSCtgwJIY2FuaXN0ZXKDAYMBgwGDAYMBgwGDAYMBgwGDAYMBgwGDAYMBggRYIK/jKbvX+KdDClQ3SnpLHXy/S9N0HAcD8EwDwUHUHwJbgwGDAYIEWCAizOjaEh3F7xZGtXuCMsjnzXsg8NeVmJqf5yItoSBl1IMBggRYIFDYvLWICg43FIeNNcGcWM+MDnOzcg0hhJHIm7Tx6wabgwJKAAAAAACgAAsBAYMBgwGDAk5jZXJ0aWZpZWRfZGF0YYIDWCC2aypzs7h6KYTZaMsdXmtU3shZrx8CaHjZS1C9QNXDf4IEWCAas6O9t0h6RiQhz+h45J+danBKJUYIzXGF3OFX0Yy0AIIEWCDQTa0QfZpyYZsnjKL9Dl+uP2tC2voAD2jJKD+I+bslioIEWCDA8o4rEWC8cdJNP0nbaOasqpj0UV5HbzLD7EKl6jTshIIEWCB8/mq7kzufP3BVOkUdszR8pVSxq+taMSbR6RfB0GC4jYIEWCCDgUSemkt5yNoR5pvOhs5oSdU60bBL604Ir1brfWxTHYIEWCAEC1ia7SQZj9uJxQrjwOlgjXpfGTtRs9JiQzvDvjGwBoIEWCADOk+XFY2fJcrSuBhpHjDd/u466nBHjqFR8l7z1UDrB4IEWCBTZKnYlXw5dqAfnpG46MPIlVXyz/z+Ex18x02BLFCkI4IEWCA+m4J4ctuiHOGCYZm9cReOdZb3c8Kfpqhsa48Plc6JBoIEWCAeo4SZeMjdTlMqp+D6c+aAlyJ7H25WiZfLM+1IPSbioIIEWCD9msYKDxhX/DK/NGdc8SE2LvjVWeHFWSD0LOvxGrG4/IIEWCAXpRbyv6qVPH2H4kLJX9DLkp+R+9BAkW2MQKxfauhH7YIEWCDro1IR1mxRw5oiqe8d1z3pplDyfVRiYJ4uRxr/rRG5V4IEWCCNuGZ9eLXsuWo5mUmSfHjf2v2a5g74ZN+hQibMXLnicYIEWCAnlsECja8RCBvG7mn8h/nOgKrhnDH226adtkx2vujL5IIEWCD4QBrZl158pGS596O6RercMMWjHfAsrH34yoi7PZJZfoIEWCCXG89zZzWP9bL6CyeUUL4BaKFJ4rTJ3obswOhud9phqYMBggRYIAjC9RibCT8z/41GzB/opjaHC5F7AObLZrPydeG2JUrPgwGCBFggmCTGMp6921v30zktbgq+I5dIzOukC9C7N7ARGHiLfOKDAkR0aW1lggNJiPKsxLDh2sYYaXNpZ25hdHVyZVgwpRUBqI/kHkruEj+Nn4A1UwUTUh3bV3liC2IwU/jltjEbg8wPV+FTVGbHkXU++aGoamRlbGVnYXRpb26iaXN1Ym5ldF9pZFgdMFgKGnZDBJUT+PfW/+b1EABXA0WmMWDKt3hMWQJrY2VydGlmaWNhdGVZAn3Z2feiZHRyZWWDAYIEWCAmrjv9qiOrMKtnBtV157aRThBWhZzgXLMIKA4W3oXqU4MBggRYIBs84m1MQwvpvGptOPJvI45bGxRQc5RS7cSg76llBcA7gwGDAkZzdWJuZXSDAYMBgwGCBFggcTh69trE1jUIJL8cJMjdCvQ6kQstrYzoY5DIFuY4FhWDAYIEWCDgV4GUKoa4Z4s4bT7rgY36usF0RdQv1QKd2YmnKQ1mzIMBgwGDAlgdMFgKGnZDBJUT+PfW/+b1EABXA0WmMWDKt3hMWQKDAYMCT2NhbmlzdGVyX3Jhbmdlc4IDWBvZ2feBgkoAAAAAAKAAAAEBSgAAAAAAr///AQGDAkpwdWJsaWNfa2V5ggNYhTCBgjAdBg0rBgEEAYLcfAUDAQIBBgwrBgEEAYLcfAUDAgEDYQCFyIEbDK8V+a0uNPGEGngg3RpwZC4hNidIvwknxv1n3cDBMp/dhA4GoW04MCPEwA8GLxc+YoUo64AcFSWOLkF9UR/kujwXVGlXDMjhM45UV+1rMbcrE5tTdVTwCxT9aRWCBFggtrgRTnYEHZnwHkoX9uYQlMQtVL8g/QBi4v9qQ14mOduCBFggdvQplW2dTZu5pc/8F+6h6HCMTYbl9yWBtgCciPq09q+CBFggr6qIMhAbzuI+uHH2o7NyuSfrOtW6y7v2eqTfKWv4xJOCBFggJlKO8HOTw19FWicBJ4T135Q9KtrxOcTuXToYlpR8G1eDAkR0aW1lggNJkKriitrc2sYYaXNpZ25hdHVyZVgwj1fkJ3eYaPw2QBME3oUFnH0nj8wRzw/669OWK0oclb6VFYp7SWl6QdatDorbs+xh:, tree=:2dn3gwGCBFggPk3zLctEHe3DfgABE+yXGKNeOuon3fvPQarGSnrNVCKDAklodHRwX2V4cHKDAYMBggRYIO68NMiQp/DTbTy02+k6Fe9rTxK8UkLO8KAMRtrk0KFEgwGCBFggEEaGYoNK51p/sd45NEC3FVq9mdLPotnI8MIQz0mH5KqDAYIEWCBGxWr43gR9rLrIJIt1cVt5QKG4FqOoOwkwkjvVv8TPs4MBggRYIBNS5o1Sp8XGEMJy/IXwg/D9RGyL4uQHawKETKCcweFtgwGCBFggH27z+VWxNOB0p94kK5IFCoYeVOAv9AWx4zWSi6h/tjKDAYIEWCCUuPEtDESbiFjES7YVwKo/KBjUJl8lF8DpzTarpR4vDIMBggRYIC1OeBl9yMqhfrTSAvQ1ddmBUoHKhtY/FrOEb0XYcDvLgwGCBFgge6AOsgW1tAmS9q6uwm9ZAIlEwF1Q2ND/e901Q6YjJsmDAYMBggRYIHTPP+a7AjMHkajXAuoYlntn2guSVjj9IfD8RGyP4CZtgwGCBFggkXIemPAvOOG0po4Usg3QPM5ys4/8o32Yu89tZd6GSaqDAYIEWCB34CTNJfL2b58VK2/EM8scjGrlkrUa3yJ6jK6MG8b0OoMBggRYIK90KpLfvE398yEsk0oyMQx0bs+hfBI1lnVb6xM2hVZngwGCBFgglyb/3kMg6FsTYms+WaqBULIyKBW96rHvqtgsvaSr0giDAYIEWCC9Acjw1y6ANyZraAkDrA2lRMVscBGsp8xock3xXHCYC4MCQV+DAkNyYXeDAYMCVGFwcGxlLXRvdWNoLWljb24ucG5ngwJDPCQ+gwJYIOhqBP8DGkdlM3w9t1Lfj01x49iI4O2VMUj9K7yihsblgwJAgwGDAlggTcVM5j7Ckorf4hd2EaUkmJCj9rLF+fh3v1eV0A1OiYiCA0CDAlggy8cwjrLvy3gT4gVKr9nplKr6juMR8LMVvyLwpDoSuGOCA0CCBFggHGS2Cs3kJRm+hzvYWbHOK2nplC94Yd/OJsP4+QOuLQeCBFggbdHfwEeMva7UeC5WxtcSiyTMaL4H+C1cPwas8GIqGOSCBFggm07yEv/RJ3bgysXitjE+6bDxMSyho0avqUGuKjLALmY=:, expr_path=:2dn3hWlodHRwX2V4cHJhX2NyYXd0YXBwbGUtdG91Y2gtaWNvbi5wbmdjPCQ+:\r\nx-cache-ttl: 86400\r\naccess-control-expose-headers: accept-ranges, content-length, content-range, x-request-id, x-ic-canister-id\r\naccess-control-allow-origin: *\r\nvary: origin, access-control-request-method, access-control-request-headers, accept-encoding\r\nx-ic-canister-id: 6hsbt-vqaaa-aaaaf-aaafq-cai\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-request-id: 019bebd1-633b-7162-8fb2-1843a65ca8d3\r\nage: 74764\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\nlast-modified: Fri, 23 Jan 2026 17:05:26 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ltb0DXvWzp2zxiwiC4SzETCn3OM6a%2BFZDxnQcjlSpN62aX2PdCNc1kBoCwz5S2Zsu0fcZroQ22W%2Bxn7%2FyUQpTPVDPHY%3D\"}]}\r\nserver: cloudflare\r\ncf-ray: 9c30018fa9b456a8-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8969,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"08b4b466a7a5fabfd1c6a1078ce83113","sha1":"0a28fb2bc7c90a24b9fb7fc2355cf9c3fef220c5","sha256":"5eff7d32a97070122456839440322ff38154f4ed07ebeee47e83448908ea918e","sha512":"5c465c871750353325af2c7c1c16fff7e8a7b5bd9bc7c92da839284f2c1b0e30e25bd18b35751d0859e245c170d3dd6279cab64c0265a6f2672141a6fdd6226a","ssdeep":"192:BWjZgEvKkUKw6cbp8hu9G9/U6uXMOxHUOUYnx1IVddPaBd:BOUK1c18hu968ZMOx0ONMddOd","tlshash":"8902b039f872c8eb21f0e6c1510c7a8f434dac4f74fa35491029c076b36c584aa3547b","first_seen":"2025-10-19T12:47:31.005043Z","last_seen":"2026-05-16T10:56:33.686842Z","times_seen":16,"resource_available":false,"data":null}},"time_used":89,"timings":{"blocked":-1,"dns":49,"connect":1,"send":0,"wait":17,"receive":2,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}