Report - lu94.top/svchost.exe

Report Overview

Visited public
2025-05-08 03:09:08
Tags
Submit Tags
URL
lu94.top/svchost.exe
Finishing URL
lu94.top/svchost.exe
IP / ASN
75.2.18.233
#16509 AMAZON-02
Title
lu94.top

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.dynadot.com	239555	2002-10-30	2012-05-31	2025-05-07	459 B	2.7 kB	104.16.152.132
euob.astarsbuilding.com	unknown	2022-08-01	2024-12-16	2025-05-01	446 B	112 kB	54.240.174.61
lu94.top	unknown	2024-04-28	2025-05-08	2025-05-08	2.7 kB	21 kB	75.2.18.233
obseu.astarsbuilding.com	unknown	2022-08-01	2024-12-24	2025-05-01	5.4 kB	5.6 kB	3.248.162.96
d38psrni17bvxu.cloudfront.net	unknown	2008-04-25	2022-09-22	2025-05-07	483 B	12 kB	3.167.7.13
afs.googleusercontent.com	12123	2008-11-17	2013-05-06	2025-05-07	1.0 kB	2.2 kB	142.250.74.33
syndicatedsearch.goog	unknown	2023-04-14	2023-09-25	2025-05-07	3.9 kB	163 kB	216.58.211.14
www.google.com	7	1997-09-15	2015-05-10	2025-05-07	437 B	144 kB	142.250.74.68

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-05-08 03:08:38	low	3.248.162.96	Client IP	ET INFO Observed ZeroSSL SSL/TLS Certificate

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	lu94.top/svchost.exe	ScriptElement	968 B	2023-03-08	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 02:24 Last Seen2025-07-21 05:57 Times Seen108721 Hash c77554570ae0fa8e4fb31747dc213058 e989fbde07e6a68975c7a31e1d4df76afd90b96f c3f831fe1717c6d76a8950ac5e7dc88ceee7440d079b11584be5c6c5b3269e77 Loading...

	lu94.top/svchost.exe	Eval	7 B	2023-03-07	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-07-21 05:59 Times Seen124110 Hash e5d8c139688b25ef77b263d88ea99150 7abc9c61c4966543f66d150c0155bfac575f86a7 53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148 Loading...

	lu94.top/svchost.exe	ScriptElement	9.1 kB	2025-05-08	2025-05-08
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-08 03:09 Last Seen2025-05-08 03:09 Times Seen1 Hash 4d58a8dc8b8ea2bec64d0fc83f721983 f215a6f03026e4b321c659a6c6245ddbd7f58267 d4bafac6012a3d13a2506e157901cbfc84f385fc4c83a1fec2b32831099da8cb Loading...

	lu94.top/svchost.exe	ScriptElement	673 B	2025-05-08	2025-05-08
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-08 03:09 Last Seen2025-05-08 03:09 Times Seen1 Hash 15a3bac131286bdd72e01f2f8ee8e533 5e842f2333c48675625fda4a0cbe4621117a9d1a 531dce403d2747c2755971b13bb13edb92c1c628177d036fbe49694d754ea414 Loading...

	lu94.top/svchost.exe	ScriptElement	40 B	2025-02-04	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-02-04 20:34 Last Seen2025-07-21 05:57 Times Seen72364 Hash 65c8369b3607f59089ddd9f23b11f98c 5a305680d67d825d8186fe1a52cb65e530301204 e2508bc8b6eda959a5e887150cd18744f2aacb6eb98042b690f26443fc5b6d15 Loading...

	www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true	ScriptElement	144 kB	2025-05-06	2025-05-09
Pretty URL www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true IP 142.250.74.68 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 23:41 Last Seen2025-05-09 11:59 Times Seen65 Hash 87adcb76039e8a9e6964268309b7f538 5893ab91f88581a734f38ab48134b97581fe3ed2 3f3d2e984ebb523467a177653f763388baf1d00fcefaea10ee5256ce372d4d0b Loading...

	lu94.top/svchost.exe	Eval	25 B	2023-03-07	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-07-21 05:59 Times Seen124030 Hash 6559111e4eae643ce013ce0821e91a02 fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400 Loading...

	lu94.top/svchost.exe	ScriptElement	483 B	2024-01-04	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-04 10:26 Last Seen2025-07-21 05:57 Times Seen106063 Hash 18f2edc58d8a7b9e6b82454e8658c157 e5dfdd0fa61b3a5ef68dab382a0ba93e9e7b67fb 2d9b07a0704d92dda4deae88bc582aeb659923c8d44d0e7362e13cb28d88d250 Loading...

	lu94.top/svchost.exe	ScriptElement	50 B	2024-01-04	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-01-04 10:26 Last Seen2025-07-21 05:57 Times Seen105952 Hash 1b334e0123cf0cb113092022fb726782 45abb42a6680499daa10d83d2859329de1843de2 42591f96b9a41a7e2e5ecd0240dd7fecdcf03ef8454b57c68f08697474a4b579 Loading...

	lu94.top/svchost.exe	Eval	4 B	2023-03-07	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-21 05:59 Times Seen133341 Hash b326b5062b2f0e69046810717534cb09 5ffe533b830f08a0326348a9160afafc8ada44db b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b Loading...

	euob.astarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js	ScriptElement	112 kB	2025-05-06	2025-05-21
Pretty URL euob.astarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js IP 54.240.174.61 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 12:41 Last Seen2025-05-21 11:43 Times Seen2449 Hash 5d32edfdd5eb814ac05e5087ac512325 0c3fdce821e9fe7c8c86c144696b6dedd351b6ac 4ade4714bca4cc899e1480079c3c6d5e302d1f2760cc249f799cc941075754f1 Loading...

	syndicatedsearch.goog/adsense/domains/caf.js	ScriptElement	144 kB	2025-05-06	2025-05-09
Pretty URL syndicatedsearch.goog/adsense/domains/caf.js IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-05-06 16:54 Last Seen2025-05-09 11:46 Times Seen62 Hash 62fe9f1bc53316b6c9ccbb2e2e48c87f fe41a4abb01cf473a8585911393cf65ab7c5be0b 7e18d6bcc8227016d33be2c5bcbef88e6054a26b287afd86bb511dafd94becad Loading...

	lu94.top/svchost.exe	Eval	62 B	2023-03-07	2025-07-21
Pretty URL lu94.top/svchost.exe IP 75.2.18.233 ASN #16509 AMAZON-02 Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-07-21 05:59 Times Seen124062 Hash 889ca9e2c79a3ce7aaadbcdfd0ce4ef5 b05c2c051bae71f80cb8c289e5a42d4f96d323fa 6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8 Loading...

	syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe	ScriptElement	841 B	2025-05-08	2025-05-08
Pretty URL syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe IP 216.58.211.14 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-08 03:09 Last Seen2025-05-08 03:09 Times Seen1 Hash b48adae8fa8d52bc4cb544fe6ef472e4 77ed900c1f5603b6e2bdb2c1e103ee908b37332d 6e0b898adc39b7e7f3e63cfb91061b9f35dea45d89e6f3d0f15d484bafdbad9c Loading...

HTTP Transactions (22)

	URL	IP	Response	Size
	GET lu94.top/favicon.ico	75.2.18.233	200 OK	0 B
URL GET lu94.top/favicon.ico IP 75.2.18.233:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerLet's Encrypt Subjectlu94.top FingerprintA8:07:5B:AA:B6:DB:2C:29:ED:3A:0C:9B:3D:A1:51:55:F1:A3:17:81 ValidityMon, 28 Apr 2025 19:58:56 GMT - Sun, 27 Jul 2025 19:58:55 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /favicon.ico HTTP/1.1 Host: lu94.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/svchost.exe Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK accept-ranges: bytes alt-svc: h3=":50545"; ma=2592000 content-type: image/x-icon date: Thu, 08 May 2025 03:08:37 GMT etag: "670f7248-0" last-modified: Wed, 16 Oct 2024 07:59:04 GMT server: Caddy, nginx content-length: 0 X-Firefox-Spdy: h2`

	GET obseu.astarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126ee8c132e9408b959225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674f8a848f547f3848f72e2502d53d8a67c60d360d2a9050020d63525bc0b96d4b77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c46790f5da7db2e367c54acf91c79d9fea02d93e45a764c2fa2a2a4c29c74bfcfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709ab2466ac8e503baec7b832dc5ea005f69a4d8a1ad9d36d906d279c983bca27c583abacd1fde91a2bf533a4e8e823434ac3c17f82e650b9475a13920c488fd4cd88d1fb8137d83ad78ef5d038ae323b358e3873d4b7975f01d7e678e94ea595409974a471000416c235b30bd7cbab6dbb823f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae5199eb5ff3e12eb27ca02d9453d416dfb43dc71a24e6b293663f3c681f2e174116a8e99071d10ab05953402ffca852d99a1810e3bfdebba071c5ece0e09bfeaff057523afb43ebaa4b3ac61a3109dd715c6f6df17fa9701ec1ecc0649409a471fddf75cccc58fa09075f2358070180d2a79e652f47900a448bd2debfb6cc540699b1ba63f2887a0d86a5763e0eb0eedb2e22fd5697438d5ea666cf00d1da12e6bb35e69d8ed59b4063e8fe6401f428e4f2d3fc6dfc3e6d525cf335514ca3e11fd9fe1ea1f487da1689de95390e2b55ea6cef54d60ae1d02dcf6d1d43146d2420bf4884832f47ed3a82b5ff36d8cc519e342efe03762d83fa91570fac63ff8d11d91b234017fe292682b3c53788046f888f12bdcd82bcd317984f5f2114f16b370ddfc34e4eb03cfbec987bdac1e60f416ef329320201cf1450e285fc5a55c92463d9c9c21d95c8a8961a5bfa42e758390d9510746ddf86551dc883ae&cri=GZTVyWjlAY&ts=299&cb=1746673718106	3.248.162.96	200 OK	43 B
URL GET obseu.astarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126ee8c132e9408b959225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674f8a848f547f3848f72e2502d53d8a67c60d360d2a9050020d63525bc0b96d4b77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c46790f5da7db2e367c54acf91c79d9fea02d93e45a764c2fa2a2a4c29c74bfcfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709ab2466ac8e503baec7b832dc5ea005f69a4d8a1ad9d36d906d279c983bca27c583abacd1fde91a2bf533a4e8e823434ac3c17f82e650b9475a13920c488fd4cd88d1fb8137d83ad78ef5d038ae323b358e3873d4b7975f01d7e678e94ea595409974a471000416c235b30bd7cbab6dbb823f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae5199eb5ff3e12eb27ca02d9453d416dfb43dc71a24e6b293663f3c681f2e174116a8e99071d10ab05953402ffca852d99a1810e3bfdebba071c5ece0e09bfeaff057523afb43ebaa4b3ac61a3109dd715c6f6df17fa9701ec1ecc0649409a471fddf75cccc58fa09075f2358070180d2a79e652f47900a448bd2debfb6cc540699b1ba63f2887a0d86a5763e0eb0eedb2e22fd5697438d5ea666cf00d1da12e6bb35e69d8ed59b4063e8fe6401f428e4f2d3fc6dfc3e6d525cf335514ca3e11fd9fe1ea1f487da1689de95390e2b55ea6cef54d60ae1d02dcf6d1d43146d2420bf4884832f47ed3a82b5ff36d8cc519e342efe03762d83fa91570fac63ff8d11d91b234017fe292682b3c53788046f888f12bdcd82bcd317984f5f2114f16b370ddfc34e4eb03cfbec987bdac1e60f416ef329320201cf1450e285fc5a55c92463d9c9c21d95c8a8961a5bfa42e758390d9510746ddf86551dc883ae&cri=GZTVyWjlAY&ts=299&cb=1746673718106 IP 3.248.162.96:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerZeroSSL Subject.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type GIF image data, version 89a, 1 x 1 Size 43 B (43 bytes) Hash db04c7b378cb2db912c3ba8a5a774ee3 dee34bd86c3484d31002182aa2b7caa4699126b8 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a HTTP Headers GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126ee8c132e9408b959225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674f8a848f547f3848f72e2502d53d8a67c60d360d2a9050020d63525bc0b96d4b77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c7c46790f5da7db2e367c54acf91c79d9fea02d93e45a764c2fa2a2a4c29c74bfcfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709ab2466ac8e503baec7b832dc5ea005f69a4d8a1ad9d36d906d279c983bca27c583abacd1fde91a2bf533a4e8e823434ac3c17f82e650b9475a13920c488fd4cd88d1fb8137d83ad78ef5d038ae323b358e3873d4b7975f01d7e678e94ea595409974a471000416c235b30bd7cbab6dbb823f8752a783dfcf6c8b5a5266f052540b3e453e89ec66b764dac78028b3b563bdc86c95c2a7be798f91e95461729ec2580483f7461a4cb4fcec74ae5199eb5ff3e12eb27ca02d9453d416dfb43dc71a24e6b293663f3c681f2e174116a8e99071d10ab05953402ffca852d99a1810e3bfdebba071c5ece0e09bfeaff057523afb43ebaa4b3ac61a3109dd715c6f6df17fa9701ec1ecc0649409a471fddf75cccc58fa09075f2358070180d2a79e652f47900a448bd2debfb6cc540699b1ba63f2887a0d86a5763e0eb0eedb2e22fd5697438d5ea666cf00d1da12e6bb35e69d8ed59b4063e8fe6401f428e4f2d3fc6dfc3e6d525cf335514ca3e11fd9fe1ea1f487da1689de95390e2b55ea6cef54d60ae1d02dcf6d1d43146d2420bf4884832f47ed3a82b5ff36d8cc519e342efe03762d83fa91570fac63ff8d11d91b234017fe292682b3c53788046f888f12bdcd82bcd317984f5f2114f16b370ddfc34e4eb03cfbec987bdac1e60f416ef329320201cf1450e285fc5a55c92463d9c9c21d95c8a8961a5bfa42e758390d9510746ddf86551dc883ae&cri=GZTVyWjlAY&ts=299&cb=1746673718106 HTTP/1.1 Host: obseu.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Cookie: cg_uuid=6876cc7c9fb6b6e519689322bff46764 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK cache-control: no-cache, no-store, must-revalidate content-type: image/gif date: Thu, 08 May 2025 03:08:38 GMT expires: Fri, 01 Jan 1990 00:00:00 GMT pragma: no-cache content-length: 43 X-Firefox-Spdy: h2`

	POST obseu.astarsbuilding.com/mon	3.248.162.96	200 OK	0 B
URL POST obseu.astarsbuilding.com/mon IP 3.248.162.96:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerZeroSSL Subject.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /mon HTTP/1.1 Host: obseu.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 2613 Origin: https://lu94.top DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Cookie: cg_uuid=6876cc7c9fb6b6e519689322bff46764 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://lu94.top content-type: application/json date: Thu, 08 May 2025 03:08:39 GMT content-length: 0 X-Firefox-Spdy: h2`

	GET lu94.top/svchost.exe	75.2.18.233	200 OK	18 kB
URL User Request GET lu94.top/svchost.exe IP 75.2.18.233:443 ASN #16509 AMAZON-02 Certificate IssuerLet's Encrypt Subjectlu94.top FingerprintA8:07:5B:AA:B6:DB:2C:29:ED:3A:0C:9B:3D:A1:51:55:F1:A3:17:81 ValidityMon, 28 Apr 2025 19:58:56 GMT - Sun, 27 Jul 2025 19:58:55 GMT File type HTML document, ASCII text, with very long lines (9158) Size 18 kB (18508 bytes) Hash 88bcaa14087d4dc13e4e860e358b158f 7d04bd40508af62aeeba2f831c603e98bfdc0d2f 5b8ac538a54d23da615bdaf9ad962ae638809d90c226b87aeec2ebaf41f77e5d HTTP Headers `GET /svchost.exe HTTP/1.1 Host: lu94.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile accept-ch-lifetime: 30 alt-svc: h3=":50545"; ma=2592000 content-encoding: gzip content-type: text/html; charset=UTF-8 date: Thu, 08 May 2025 03:08:36 GMT server: Caddy, nginx vary: Accept-Encoding x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_kuikJqC9tuuE0lA+4lfPTcq1DQw1PfusZ5/MWWjbHqDuz35JP8YQ/Ud1FFMAKMXNDVcrs9TI26bhDSXYjzG1Ww== x-buckets: bucket003,bucket077 x-domain: lu94.top x-language: norwegian x-pcrew-blocked-reason: hosting network x-pcrew-ip-organization: Blix Solutions x-subdomain: x-template: tpl_CleanPeppermintBlack_twoclick X-Firefox-Spdy: h2

	GET lu94.top/munin/a/ls?t=681c2034&token=ae4e5c1b463f95b5843114ab02aad703515fcf99	75.2.18.233	201 Created	0 B
URL GET lu94.top/munin/a/ls?t=681c2034&token=ae4e5c1b463f95b5843114ab02aad703515fcf99 IP 75.2.18.233:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerLet's Encrypt Subjectlu94.top FingerprintA8:07:5B:AA:B6:DB:2C:29:ED:3A:0C:9B:3D:A1:51:55:F1:A3:17:81 ValidityMon, 28 Apr 2025 19:58:56 GMT - Sun, 27 Jul 2025 19:58:55 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /munin/a/ls?t=681c2034&token=ae4e5c1b463f95b5843114ab02aad703515fcf99 HTTP/1.1 Host: lu94.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/svchost.exe Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/2 201 Created accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile accept-ch-lifetime: 30 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: access-control-max-age: 86400 alt-svc: h3=":50545"; ma=2592000 charset: utf-8 content-type: text/javascript;charset=UTF-8 date: Thu, 08 May 2025 03:08:37 GMT server: Caddy, nginx status: 201 Created x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_kSsK5DgXGXNe02BrZDqeCy59W5Gcuce45lJIO9J4Pp+qqAffQtm8zNF/H0ova6YZw34DlpedJki1AbUC0it45w== x-log-success: 681c2035acdafbd7ad0a8991 content-length: 0 X-Firefox-Spdy: h2

	GET d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png	3.167.7.13	200 OK	11 kB
URL GET d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png IP 3.167.7.13:443 ASN #0 Requested by https://lu94.top/svchost.exe Certificate IssuerAmazon Subject.cloudfront.net Fingerprint28:D3:87:79:3C:E8:8B:3C:D9:10:45:E5:F7:64:7A:6D:44:4E:5A:62 ValidityTue, 30 Jul 2024 00:00:00 GMT - Thu, 03 Jul 2025 23:59:59 GMT File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced Size 11 kB (11375 bytes) Hash 0cb2e5165dc9324eb462199f04e1ffa9 9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8 67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865 HTTP Headers `GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1 Host: d38psrni17bvxu.cloudfront.net User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: image/png content-length: 11375 server: nginx date: Wed, 07 May 2025 11:05:12 GMT accept-ranges: bytes last-modified: Thu, 21 Mar 2024 11:48:11 GMT etag: "czzekhpxmtxd8rz" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 4b6691d4a753b7360fa8632b90c77126.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P2 x-amz-cf-id: SBRL9GFfe5v-A0kwy38HNhSqbZ6XggwTzyNwKP2XBC9UCmxOSDRTYw== age: 57805 X-Firefox-Spdy: h2`

	POST obseu.astarsbuilding.com/ct	3.248.162.96	200 OK	3.3 kB
URL POST obseu.astarsbuilding.com/ct IP 3.248.162.96:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerZeroSSL Subject.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type JSON text data Size 3.3 kB (3318 bytes) Hash 57caecbc73467c3ce0f7a6ec3e647d42 5d0f8befd79b13f3f7c9c64a8bdeb8f39f36ab29 14cb929fec8256c0de59a5f0fa60c000d15ef91ffc622537e3f69cfd57363ad1 HTTP Headers `POST /ct HTTP/1.1 Host: obseu.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 4417 Origin: https://lu94.top DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://lu94.top cache-control: no-cache, no-store, must-revalidate content-encoding: gzip content-type: application/json date: Thu, 08 May 2025 03:08:38 GMT expires: Fri, 01 Jan 1990 00:00:00 GMT pragma: no-cache set-cookie: cg_uuid=6876cc7c9fb6b6e519689322bff46764; Max-Age=29030400; Path=/; Expires=Thu, 09 Apr 2026 03:08:38 GMT; HttpOnly; Secure; SameSite=None timing-allow-origin: https://lu94.top content-length: 1112 X-Firefox-Spdy: h2

	GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff	142.250.74.33	200 OK	200 B
URL GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff IP 142.250.74.33:443 ASN #15169 GOOGLE Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe Certificate IssuerGoogle Trust Services Subject.googleusercontent.com Fingerprint85:7D:D7:AA:27:49:F3:83:36:F8:74:84:32:01:E8:F1:A5:3B:95:77 ValidityMon, 31 Mar 2025 08:55:30 GMT - Mon, 23 Jun 2025 08:55:29 GMT File type SVG Scalable Vector Graphics image Size 200 B (200 bytes) Hash 11b3089d616633ca6b73b57aa877eeb4 07632f63e06b30d9b63c97177d3a8122629bda9b 809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1 HTTP Headers `GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://syndicatedsearch.goog/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 174 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 08 May 2025 00:50:40 GMT expires: Thu, 08 May 2025 23:50:40 GMT cache-control: public, max-age=82800 last-modified: Thu, 02 Nov 2023 22:48:00 GMT content-type: image/svg+xml vary: Accept-Encoding age: 8278 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=2igbryjhplu6&cd_fexp=72717107&aqid=NSAcaPqVLYKLiM0Pq-qX0Qk&psid=5837883959&pbt=bv&adbx=375&adby=217&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=752296523&csala=6%7C0%7C338%7C87%7C68&lle=0&ifv=1&hpt=1	216.58.211.14	204 No Content	0 B
URL GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=2igbryjhplu6&cd_fexp=72717107&aqid=NSAcaPqVLYKLiM0Pq-qX0Qk&psid=5837883959&pbt=bv&adbx=375&adby=217&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=752296523&csala=6%7C0%7C338%7C87%7C68&lle=0&ifv=1&hpt=1 IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by https://lu94.top/svchost.exe Certificate IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=2igbryjhplu6&cd_fexp=72717107&aqid=NSAcaPqVLYKLiM0Pq-qX0Qk&psid=5837883959&pbt=bv&adbx=375&adby=217&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=752296523&csala=6%7C0%7C338%7C87%7C68&lle=0&ifv=1&hpt=1 HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 204 No Content content-type: text/html; charset=UTF-8 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Ps8aWRibO3UIbZsfUy0QrA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} date: Thu, 08 May 2025 03:08:39 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	GET www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true	142.250.74.68	200 OK	144 kB
URL GET www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true IP 142.250.74.68:443 ASN #15169 GOOGLE Requested by https://lu94.top/svchost.exe Certificate IssuerGoogle Trust Services Subjectwww.google.com FingerprintFD:1E:8C:23:6E:3E:CE:28:8F:BB:1E:C1:87:A0:77:5D:45:20:F7:03 ValidityMon, 31 Mar 2025 08:56:21 GMT - Mon, 23 Jun 2025 08:56:20 GMT File type JavaScript source, ASCII text, with very long lines (1839) Size 144 kB (143593 bytes) Hash 87adcb76039e8a9e6964268309b7f538 5893ab91f88581a734f38ab48134b97581fe3ed2 3f3d2e984ebb523467a177653f763388baf1d00fcefaea10ee5256ce372d4d0b HTTP Headers `GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes vary: Accept-Encoding content-type: text/javascript; charset=UTF-8 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Thu, 08 May 2025 03:08:37 GMT expires: Thu, 08 May 2025 03:08:37 GMT cache-control: private, max-age=3600 etag: "12499263223853310345" x-content-type-options: nosniff link: <https://syndicatedsearch.goog>; rel="preconnect" content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe	216.58.211.14	200 OK	16 kB
URL GET syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by https://lu94.top/svchost.exe Certificate IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT File type HTML document, Unicode text, UTF-8 text, with very long lines (15441) Size 16 kB (16229 bytes) Hash 79c9f3f61d10724ea90d8b223fd84d03 b7352f83408f220cb00146ea950aaddf720ff763 c4887b5e14d9fe2f85456746e97865bd47c983e933990e0972492ef91f6b9f71 HTTP Headers GET /afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK content-type: text/html; charset=UTF-8 content-disposition: inline date: Thu, 08 May 2025 03:08:37 GMT expires: Thu, 08 May 2025 03:08:37 GMT cache-control: private, max-age=3600 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce--kb2z_Ag9fq-kSOhMWUeuw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} content-encoding: br server: gws content-length: 3553 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=26rxzmxvfjij&cd_fexp=72717107&aqid=NSAcaPqVLYKLiM0Pq-qX0Qk&psid=5837883959&pbt=bs&adbx=375&adby=217&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=752296523&csala=6%7C0%7C338%7C87%7C68&lle=0&ifv=1&hpt=1	216.58.211.14	204 No Content	0 B
URL GET syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=26rxzmxvfjij&cd_fexp=72717107&aqid=NSAcaPqVLYKLiM0Pq-qX0Qk&psid=5837883959&pbt=bs&adbx=375&adby=217&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=752296523&csala=6%7C0%7C338%7C87%7C68&lle=0&ifv=1&hpt=1 IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by https://lu94.top/svchost.exe Certificate IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /afs/gen_204?client=dp-teaminternet04_3ph&output=uds_ads_only&zx=26rxzmxvfjij&cd_fexp=72717107&aqid=NSAcaPqVLYKLiM0Pq-qX0Qk&psid=5837883959&pbt=bs&adbx=375&adby=217&adbh=498&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet04_3ph&errv=752296523&csala=6%7C0%7C338%7C87%7C68&lle=0&ifv=1&hpt=1 HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 204 No Content content-type: text/html; charset=UTF-8 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-o6m1Cm2WiZO6t_8u3Fv5Fw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} date: Thu, 08 May 2025 03:08:39 GMT server: gws content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	POST obseu.astarsbuilding.com/mon	3.248.162.96	200 OK	0 B
URL POST obseu.astarsbuilding.com/mon IP 3.248.162.96:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerZeroSSL Subject.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /mon HTTP/1.1 Host: obseu.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1691 Origin: https://lu94.top DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Cookie: cg_uuid=6876cc7c9fb6b6e519689322bff46764 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://lu94.top content-type: application/json date: Thu, 08 May 2025 03:08:43 GMT content-length: 0 X-Firefox-Spdy: h2`

	GET www.dynadot.com/tr/mainsite2023/navbar-logo-dark-2023.png	104.16.152.132	200 OK	2.1 kB
URL GET www.dynadot.com/tr/mainsite2023/navbar-logo-dark-2023.png IP 104.16.152.132:443 ASN #13335 CLOUDFLARENET Requested by https://lu94.top/svchost.exe Certificate IssuerGoogle Trust Services Subjectdynadot.com FingerprintD1:C3:DE:00:77:63:1F:07:9A:59:48:37:42:09:8E:D7:B5:50:EE:28 ValiditySun, 23 Mar 2025 19:01:47 GMT - Sat, 21 Jun 2025 20:01:43 GMT File type RIFF (little-endian) data, Web/P image Size 2.1 kB (2132 bytes) Hash cc766ccddd8dd6d09592cf7bc61e98fa 6611f72d68360af6cd3948419672fb29ce995025 9e701ce71ca43fb9ee9f9abe1ee9f4399b1ab1007bad445d6a2429101300d67d HTTP Headers `GET /tr/mainsite2023/navbar-logo-dark-2023.png HTTP/1.1 Host: www.dynadot.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 08 May 2025 03:08:37 GMT content-type: image/webp content-length: 2132 cache-control: public, max-age=1209600 cf-bgj: imgq:85,h2pri cf-polished: origFmt=png, origSize=4843 content-disposition: inline; filename="navbar-logo-dark-2023.webp" etag: 1746609484949 expires: Thu, 22 May 2025 03:08:37 GMT strict-transport-security: max-age=2592000 vary: Accept x-frame-options: SAMEORIGIN cf-cache-status: HIT age: 64138 accept-ranges: bytes access-control-allow-origin: *.mouseflow.com server: cloudflare cf-ray: 93c5c0ebce2c56c9-OSL X-Firefox-Spdy: h2

	GET lu94.top/munin/a/tr/browserjs?domain=lu94.top&toggle=browserjs&uid=MTc0NjY3MzcxNi43OTQ5OjkyNmQwYzU3NTM2YjlkNjhjMmYzNzFmZWIzOWEwYTU4NGY3YmJkYjA5MjdlZTYyNDU4MWU4YzAwODUzNTFiYzE6NjgxYzIwMzRjMjEwZQ%3D%3D	75.2.18.233	200 OK	0 B
URL GET lu94.top/munin/a/tr/browserjs?domain=lu94.top&toggle=browserjs&uid=MTc0NjY3MzcxNi43OTQ5OjkyNmQwYzU3NTM2YjlkNjhjMmYzNzFmZWIzOWEwYTU4NGY3YmJkYjA5MjdlZTYyNDU4MWU4YzAwODUzNTFiYzE6NjgxYzIwMzRjMjEwZQ%3D%3D IP 75.2.18.233:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerLet's Encrypt Subjectlu94.top FingerprintA8:07:5B:AA:B6:DB:2C:29:ED:3A:0C:9B:3D:A1:51:55:F1:A3:17:81 ValidityMon, 28 Apr 2025 19:58:56 GMT - Sun, 27 Jul 2025 19:58:55 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /munin/a/tr/browserjs?domain=lu94.top&toggle=browserjs&uid=MTc0NjY3MzcxNi43OTQ5OjkyNmQwYzU3NTM2YjlkNjhjMmYzNzFmZWIzOWEwYTU4NGY3YmJkYjA5MjdlZTYyNDU4MWU4YzAwODUzNTFiYzE6NjgxYzIwMzRjMjEwZQ%3D%3D HTTP/1.1 Host: lu94.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/svchost.exe Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile accept-ch-lifetime: 30 access-control-allow-origin: * alt-svc: h3=":50545"; ma=2592000 content-type: text/html; charset=UTF-8 date: Thu, 08 May 2025 03:08:37 GMT server: Caddy, nginx x-custom-track: browserjs content-length: 0 X-Firefox-Spdy: h2`

	GET euob.astarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js	54.240.174.61	200 OK	112 kB
URL GET euob.astarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js IP 54.240.174.61:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerAmazon Subject.astarsbuilding.com FingerprintDD:1E:42:74:B7:0D:4D:51:5C:C2:3A:AF:0C:79:1A:F5:AA:7C:06:D5 ValidityTue, 18 Jun 2024 00:00:00 GMT - Fri, 18 Jul 2025 23:59:59 GMT File type data Size 112 kB (111620 bytes) Hash 5d32edfdd5eb814ac05e5087ac512325 0c3fdce821e9fe7c8c86c144696b6dedd351b6ac 4ade4714bca4cc899e1480079c3c6d5e302d1f2760cc249f799cc941075754f1 HTTP Headers `GET /sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js HTTP/1.1 Host: euob.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/javascript; charset=utf-8 content-length: 40958 content-encoding: gzip server: Caddy date: Thu, 08 May 2025 01:25:02 GMT cache-control: max-age=43200 expires: Thu, 08 May 2025 12:14:24 GMT etag: "1b404-DD/c6CHp/nyMhsFEaWtt7dNRtqw" vary: Accept-Encoding x-cache: Hit from cloudfront via: 1.1 15d199af49035dc206cb81292fd87de2.cloudfront.net (CloudFront) x-amz-cf-pop: OSL50-P1 x-amz-cf-id: 7pnkMcIQzIU7ln8Nl3MITLGvr-EGmE3YxmOJoQDPTX9SS71QEIMojg== age: 10453 X-Firefox-Spdy: h2

	GET syndicatedsearch.goog/adsense/domains/caf.js	216.58.211.14	200 OK	144 kB
URL GET syndicatedsearch.goog/adsense/domains/caf.js IP 216.58.211.14:443 ASN #15169 GOOGLE Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe Certificate IssuerGoogle Trust Services Subjectsyndicatedsearch.goog Fingerprint25:85:6E:DB:F5:A7:5C:14:22:6A:F8:44:8F:EE:EB:07:7A:40:68:30 ValidityMon, 31 Mar 2025 08:57:43 GMT - Mon, 23 Jun 2025 08:57:42 GMT File type JavaScript source, ASCII text, with very long lines (1839) Size 144 kB (143600 bytes) Hash 62fe9f1bc53316b6c9ccbb2e2e48c87f fe41a4abb01cf473a8585911393cf65ab7c5be0b 7e18d6bcc8227016d33be2c5bcbef88e6054a26b287afd86bb511dafd94becad HTTP Headers `GET /adsense/domains/caf.js HTTP/1.1 Host: syndicatedsearch.goog User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://syndicatedsearch.goog/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK accept-ranges: bytes vary: Accept-Encoding content-type: text/javascript; charset=UTF-8 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="ads-afs-ui" report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]} date: Thu, 08 May 2025 03:08:37 GMT expires: Thu, 08 May 2025 03:08:37 GMT cache-control: private, max-age=3600 etag: "15200399834329723995" x-content-type-options: nosniff link: <https://syndicatedsearch.goog>; rel="preconnect" content-encoding: gzip server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	GET lu94.top/munin/a/tr/answercheck/yes?domain=lu94.top&caf=1&toggle=answercheck&answer=yes&uid=MTc0NjY3MzcxNi43OTQ5OjkyNmQwYzU3NTM2YjlkNjhjMmYzNzFmZWIzOWEwYTU4NGY3YmJkYjA5MjdlZTYyNDU4MWU4YzAwODUzNTFiYzE6NjgxYzIwMzRjMjEwZQ%3D%3D	75.2.18.233	200 OK	0 B
URL GET lu94.top/munin/a/tr/answercheck/yes?domain=lu94.top&caf=1&toggle=answercheck&answer=yes&uid=MTc0NjY3MzcxNi43OTQ5OjkyNmQwYzU3NTM2YjlkNjhjMmYzNzFmZWIzOWEwYTU4NGY3YmJkYjA5MjdlZTYyNDU4MWU4YzAwODUzNTFiYzE6NjgxYzIwMzRjMjEwZQ%3D%3D IP 75.2.18.233:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerLet's Encrypt Subjectlu94.top FingerprintA8:07:5B:AA:B6:DB:2C:29:ED:3A:0C:9B:3D:A1:51:55:F1:A3:17:81 ValidityMon, 28 Apr 2025 19:58:56 GMT - Sun, 27 Jul 2025 19:58:55 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /munin/a/tr/answercheck/yes?domain=lu94.top&caf=1&toggle=answercheck&answer=yes&uid=MTc0NjY3MzcxNi43OTQ5OjkyNmQwYzU3NTM2YjlkNjhjMmYzNzFmZWIzOWEwYTU4NGY3YmJkYjA5MjdlZTYyNDU4MWU4YzAwODUzNTFiYzE6NjgxYzIwMzRjMjEwZQ%3D%3D HTTP/1.1 Host: lu94.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://lu94.top/svchost.exe Cookie: _cq_duid=1.1746673717.YCdFDi1DeSB8N3jK; _cq_suid=1.1746673717.Tw9FnGT2WyO2H3zA Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK accept-ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile accept-ch-lifetime: 30 access-control-allow-origin: * alt-svc: h3=":50545"; ma=2592000 content-type: text/html; charset=UTF-8 date: Thu, 08 May 2025 03:08:38 GMT server: Caddy, nginx x-custom-track: answercheck content-length: 0 X-Firefox-Spdy: h2`

	GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff	142.250.74.33	200 OK	391 B
URL GET afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff IP 142.250.74.33:443 ASN #15169 GOOGLE Requested by https://syndicatedsearch.goog/afs/ads?adtest=off&psid=5837883959&pcsa=false&channel=000001%2Cbucket003%2Cbucket077&client=dp-teaminternet04_3ph&r=m&hl=no&ivt=0&rpbu=https%3A%2F%2Flu94.top%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.L0Km-TiqlWCRJhUkNAhgYo6EPoIuQomCTaTAepvj6jPxikMxiO85MQ.12bHoXLnBhhWPYj33xk1-w.N4f1llQ_Bq6GdsgIm0_F_O36FjDUSPCEUIgbxOws1lndD4MrtCdyfGScsU_LsRa3ZIVtMgv2v3pXP3dFq0YGAOchvGEQ_WcyNpV-AAJ0gbU1hiEuHXin-I4Ph4yUciR-SzmngG5UOsFSPIEUvIPryhoSQjD88x_nWS4JgFir4zAlBicllshGQO9P7fd1kuSkCHif2WyFWB7E0G7vVVj4zOPF9rSQiHw6S92vg2MVzFERCpQKb-E6fJwOQD_E2yofn9EAHJgYqc9FCnY3bKZOmFrSSYBaHTTQog-6UX4dPircXLpKnOdedebxaZA5QdbS8NVm5mp5RTqscm12AnBoUd8zkmqo5_31iO9l8EQ2XZFYmcrJXGkkfvnYUTu_8EZWOJjwH9AnPhSvUDh2QT72y6EP2aczZSrE5nBGYkLscL_V5Gut9Ldo-Zok6l9-KlOCd_e0flbd1USQvdEcbfAIcrfhh_huCFJqLComsmwnqtKbyE2A7HmdTCHNLaDNIUfONQeLaqvVycigr5zEOeOFgtMnmbLGIteP13g71nkvN5Cep0UoBRjtAa5za9QY1R5FNM3bjAw7i7ThcpG0s8iQhpS0AhWcdWGev5Uur5l3KDqI2o9vjU1AT5IFXjOSaxs8LLIxQQGQsPZr42LJSy-kAA.B5mTrHID3MKH4-B7PNFuOQ&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2997149969328928&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301437%2C17301439%2C17301442%2C17301548%2C17301266%2C72717107&format=r3%7Cs&nocache=6371746673717570&num=0&output=afd_ads&domain_name=lu94.top&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1746673717572&u_w=1280&u_h=1024&biw=1280&bih=1024&psw=1280&psh=861&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=752296523&rurl=https%3A%2F%2Flu94.top%2Fsvchost.exe Certificate IssuerGoogle Trust Services Subject.googleusercontent.com Fingerprint85:7D:D7:AA:27:49:F3:83:36:F8:74:84:32:01:E8:F1:A5:3B:95:77 ValidityMon, 31 Mar 2025 08:55:30 GMT - Mon, 23 Jun 2025 08:55:29 GMT File type SVG Scalable Vector Graphics image Size 391 B (391 bytes) Hash 8959ddcd9712196961d93f58064ed655 62ab1e38e7e9fbf58a04381b76c2d96a9c829f24 17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7 HTTP Headers `GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1 Host: afs.googleusercontent.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://syndicatedsearch.goog/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers" report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]} content-length: 270 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Wed, 07 May 2025 23:31:07 GMT expires: Thu, 08 May 2025 22:31:07 GMT cache-control: public, max-age=82800 age: 13051 last-modified: Thu, 20 Jul 2023 22:48:00 GMT content-type: image/svg+xml vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	POST obseu.astarsbuilding.com/mon	3.248.162.96	200 OK	0 B
URL POST obseu.astarsbuilding.com/mon IP 3.248.162.96:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerZeroSSL Subject.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /mon HTTP/1.1 Host: obseu.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1691 Origin: https://lu94.top DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Cookie: cg_uuid=6876cc7c9fb6b6e519689322bff46764 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://lu94.top content-type: application/json date: Thu, 08 May 2025 03:08:41 GMT content-length: 0 X-Firefox-Spdy: h2`

	POST obseu.astarsbuilding.com/mon	3.248.162.96	200 OK	0 B
URL POST obseu.astarsbuilding.com/mon IP 3.248.162.96:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerZeroSSL Subject.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /mon HTTP/1.1 Host: obseu.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1694 Origin: https://lu94.top DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Cookie: cg_uuid=6876cc7c9fb6b6e519689322bff46764 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://lu94.top content-type: application/json date: Thu, 08 May 2025 03:08:48 GMT content-length: 0 X-Firefox-Spdy: h2`

	POST obseu.astarsbuilding.com/mon	3.248.162.96	200 OK	0 B
URL POST obseu.astarsbuilding.com/mon IP 3.248.162.96:443 ASN #16509 AMAZON-02 Requested by https://lu94.top/svchost.exe Certificate IssuerZeroSSL Subject.astarsbuilding.com FingerprintCD:97:8B:26:8F:44:36:BF:15:6E:E5:CB:05:4C:8D:F5:F1:0C:F2:54 ValidityThu, 27 Mar 2025 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /mon HTTP/1.1 Host: obseu.astarsbuilding.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 1694 Origin: https://lu94.top DNT: 1 Connection: keep-alive Referer: https://lu94.top/ Cookie: cg_uuid=6876cc7c9fb6b6e519689322bff46764 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 200 OK access-control-allow-credentials: true access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE access-control-allow-origin: https://lu94.top content-type: application/json date: Thu, 08 May 2025 03:08:53 GMT content-length: 0 X-Firefox-Spdy: h2`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML