Report - topserveltd.co.ke/uc.exe

Report Overview

Submitted URL
topserveltd.co.ke/uc.exe
IP
188.114.97.1
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-02 00:37:22
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.topserveltd.co.ke	unknown	2015-06-25	2017-02-17	2023-05-30	3.7 kB	326 kB	188.114.97.1
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-01	2.0 kB	4.2 kB	142.250.74.3
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-02	546 B	29 kB	142.250.74.35
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-06-01	430 B	87 kB	142.250.74.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-06-02 00:37:04	medium	Client IP	188.114.97.1	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	www.topserveltd.co.ke/_next/static/chunks/framework-0ba0ddd33199226d.js	141 kB	2023-03-08	2024-05-10
Pretty URL www.topserveltd.co.ke/_next/static/chunks/framework-0ba0ddd33199226d.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 13:35:06 Last Seen2024-05-10 16:19:06 Times Seen82 Hash b3f240cda39c0a3b7ea663b8b5306a50 9a050d7abc1b936ce7d18bc16a028495423b15c2 0eeabd9384fbc321e1fc2f9835e3434ca7f69a6ddd0add66e67383d3030efa8e Loading...

	www.topserveltd.co.ke/_next/static/chunks/pages/_app-d470b30d1f2ddcd9.js	955 kB	2023-05-30	2023-07-03
Pretty URL www.topserveltd.co.ke/_next/static/chunks/pages/_app-d470b30d1f2ddcd9.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 05:06:34 Last Seen2023-07-03 03:48:55 Times Seen13 Hash 52eefb5a916e342e14e3b66e68579365 a5908b2433b8484c30e148f3cdb24d4d4938fd5e fb4f5c8c2f28d7a6a9c368b0cc63957fb0502126b78fc295ea60bc3d416b0635 Loading...

	www.topserveltd.co.ke/_next/static/2DQLVvr4fHXIxk1rZAx8F/_buildManifest.js	3.3 kB	2023-05-30	2023-07-03
Pretty URL www.topserveltd.co.ke/_next/static/2DQLVvr4fHXIxk1rZAx8F/_buildManifest.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 05:06:34 Last Seen2023-07-03 03:48:55 Times Seen9 Hash b599314df5e4cff470cc358e9cd9d880 3b46f71a0684c5bde785615007f37ea787183d8d d9cbfc831435e8490e449e5cbccb310ba0ce5a3772079970ea40dca9150c4239 Loading...

	www.topserveltd.co.ke/_next/static/2DQLVvr4fHXIxk1rZAx8F/_ssgManifest.js	292 B	2023-05-30	2023-07-03
Pretty URL www.topserveltd.co.ke/_next/static/2DQLVvr4fHXIxk1rZAx8F/_ssgManifest.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 05:06:34 Last Seen2023-07-03 03:48:55 Times Seen8 Hash 4c878ac21c1e72b7f12f180bb74a668b 0f9c5e1369c89f4acafe89eac3b82ac2fde9466f 4ff5b8b270668ffcfbc0b7057a5cae55d8ad42a0352a3ab01a5abe06650a36bf Loading...

	www.googletagmanager.com/gtag/js?id=G-RKCF6CVS1B	253 kB	2023-06-02	2023-06-02
Pretty URL www.googletagmanager.com/gtag/js?id=G-RKCF6CVS1B IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:37:23 Last Seen2023-06-02 02:37:23 Times Seen2 Hash 18c05b19dfbbf7450c850f4c7e6d077a 963427aec893ba7e6ed6b76b47e1ed35827b2e72 f56397f55f09a2a3303b3ec6949e29cbf5a62766eaaa0f6e44d1539be819321f Loading...

	www.topserveltd.co.ke/_next/static/chunks/webpack-e16b82abaae1148a.js	4.1 kB	2023-06-02	2023-07-03
Pretty URL www.topserveltd.co.ke/_next/static/chunks/webpack-e16b82abaae1148a.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-02 02:37:23 Last Seen2023-07-03 03:48:55 Times Seen5 Hash fedae4b92e7aabba542a3d468b2c86db 94c1bfeda9e3f978a6e0cb5a0a51c6194c9788c8 fa3e0faf5b3e8cca0774e76371422a2f6fc6818489100ae6ce103aa41b27dd8d Loading...

	www.topserveltd.co.ke/_next/static/chunks/main-17c92827754f917d.js	106 kB	2023-05-30	2023-07-03
Pretty URL www.topserveltd.co.ke/_next/static/chunks/main-17c92827754f917d.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 05:06:34 Last Seen2023-07-03 03:48:55 Times Seen14 Hash 5c1b04849c3b9a2c760972d89c649e3a 96ab86ff8618f0ddd2785377dda62852e122342a fd84e95222bbeb5c25e94cbfb7f42d5753cc72552cece4d839223639e09562b1 Loading...

	www.topserveltd.co.ke/_next/static/chunks/pages/404-7e0ae75962cd174e.js	1.6 kB	2023-05-30	2023-12-15
Pretty URL www.topserveltd.co.ke/_next/static/chunks/pages/404-7e0ae75962cd174e.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 05:06:34 Last Seen2023-12-15 11:56:13 Times Seen10 Hash 3c1e64ba996f61a756661d47df5ca55e cab5d23254200c52d07db7f3fef7d6403fe706a7 e79fe1610e1f79d697f6fef4c5d3e2a3d2018ff7869493a9ff3a75dc23ea47ac Loading...

	unknown	303 B	2023-05-30	2023-12-15
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-30 05:06:34 Last Seen2023-12-15 11:56:13 Times Seen8 Hash e3061c64c833cdc6cc2749c29a64c78f b124de8c1807fabfa146c4580f19c750205fcd6a 5d25a821a40c6315609771457da64915e0aa99440c52511cb8df2088c2c17a90 Loading...

HTTP Transactions (16)

URL IP Response Size

www.topserveltd.co.ke/uc.exe

188.114.97.1

301 Moved Permanently

162 B

URL User Request GET HTTP/1.1
www.topserveltd.co.ke/uc.exe
IP
188.114.97.1:80
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

Detections

NIDS	Severity	Alert
suricata	medium	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

HTTP Headers

GET /uc.exe HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 02 Jun 2023 00:37:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://www.topserveltd.co.ke/uc.exe
Cache-Control: max-age=14400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9TZMMRmqzu5VoA%2BVYQFSjeOtGEDZVhajv31ZAE4cNzbQ2AYC0%2F5NxNSZ%2FROQpmsOUMm6jzHqFst5U49nxrNzEYMFJDTEyGtwx9PqGCHSVr%2BTs7Fba92rxYo7lb%2BPvHzVWRv2Mgp6fnI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7d0ba02f2b92b4f9-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
de06f6fcbc144014f20c63dd5fe236b4
7f10e556cc7c7786c031a226d3efc006f8511c28
ae157c3fec7620409ce8cf7d841a47c30b487c02bbc82df9127345b7b1149f3e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Jun 2023 00:37:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
de06f6fcbc144014f20c63dd5fe236b4
7f10e556cc7c7786c031a226d3efc006f8511c28
ae157c3fec7620409ce8cf7d841a47c30b487c02bbc82df9127345b7b1149f3e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Jun 2023 00:37:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
de06f6fcbc144014f20c63dd5fe236b4
7f10e556cc7c7786c031a226d3efc006f8511c28
ae157c3fec7620409ce8cf7d841a47c30b487c02bbc82df9127345b7b1149f3e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Jun 2023 00:37:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.topserveltd.co.ke/_next/static/chunks/webpack-e16b82abaae1148a.js

188.114.97.1

200 OK

30 kB

URL GET HTTP/3
www.topserveltd.co.ke/_next/static/chunks/webpack-e16b82abaae1148a.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerLet's Encrypt
Subjecttopserveltd.co.ke
Fingerprint52:54:E2:3F:42:83:40:04:77:06:62:1B:61:F7:40:26:35:BB:BF:96
ValiditySun, 23 Apr 2023 23:00:33 GMT - Sat, 22 Jul 2023 23:00:32 GMT

File type
ASCII text, with very long lines (4099), with no line terminators
Size
30 kB (30483 bytes)
Hash
fedae4b92e7aabba542a3d468b2c86db
94c1bfeda9e3f978a6e0cb5a0a51c6194c9788c8
fa3e0faf5b3e8cca0774e76371422a2f6fc6818489100ae6ce103aa41b27dd8d

HTTP Headers

GET /_next/static/chunks/webpack-e16b82abaae1148a.js HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/uc.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:37:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 01 Jun 2023 06:55:20 GMT
etag: W/"1003-18875bd4dbb"
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJ43QNC3pVpb%2Bt1osUjZQvdx3Kwn2dwIS5NVvmItPGgQM%2Be7efUFN4w2tv7sz0G3A7Bjz%2F5AA2XHgNuJ3k%2Fw8lmlWAkcvag9YfIhZ0FBlxGkzCUn7qwFqQYfE8jZN8DGdWKWFmQV5yk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0ba0304a28b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/josefinsans/v26/Qw3aZQNVED7rKGKxtqIqX5EUDXx4Vn8sig.woff2

142.250.74.35

200 OK

29 kB

URL GET HTTP/2
fonts.gstatic.com/s/josefinsans/v26/Qw3aZQNVED7rKGKxtqIqX5EUDXx4Vn8sig.woff2
IP
142.250.74.35:443
ASN
#15169 GOOGLE

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintA3:09:CB:6C:64:76:4B:58:32:D1:21:3E:F4:65:1F:DE:58:22:8F:D6
ValidityMon, 08 May 2023 08:24:48 GMT - Mon, 31 Jul 2023 08:24:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28564, version 1.0\012- data
Size
29 kB (28564 bytes)
Hash
0787be3fdadcda4128611c8528622677
59ff81c1a3f2b64fa700c114899752665965e3fe
e860effea9f313eb06d26c9a0a55673b6952653b0cebde0b2a5ba772ed618354

HTTP Headers

GET /s/josefinsans/v26/Qw3aZQNVED7rKGKxtqIqX5EUDXx4Vn8sig.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.topserveltd.co.ke
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 28564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 30 May 2023 17:44:19 GMT
expires: Wed, 29 May 2024 17:44:19 GMT
cache-control: public, max-age=31536000
age: 197565
last-modified: Tue, 02 May 2023 14:59:26 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.topserveltd.co.ke/_next/static/chunks/framework-0ba0ddd33199226d.js

188.114.97.1

74 kB

URL
www.topserveltd.co.ke/_next/static/chunks/framework-0ba0ddd33199226d.js
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
74 kB (74333 bytes)
Hash
b3f240cda39c0a3b7ea663b8b5306a50
9a050d7abc1b936ce7d18bc16a028495423b15c2
0eeabd9384fbc321e1fc2f9835e3434ca7f69a6ddd0add66e67383d3030efa8e

HTTP Headers

GET /_next/static/chunks/framework-0ba0ddd33199226d.js HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/uc.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:37:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 01 Jun 2023 06:55:20 GMT
etag: W/"22698-18875bd4dbb"
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8VxeU%2FprFj63qSfUUXZ4p19fG1x6Yc3nOCSh9tTJuKeL1gIGxFffPFdOqFQuXCJAwFgae2gnsm%2BjhLOpuTOeM6h%2FNLn9ce1yKVPESEpIC5pSX1sjNOP6j%2BfELHL07qL1tkQmOJJx5rM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0ba0304a29b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
de06f6fcbc144014f20c63dd5fe236b4
7f10e556cc7c7786c031a226d3efc006f8511c28
ae157c3fec7620409ce8cf7d841a47c30b487c02bbc82df9127345b7b1149f3e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Jun 2023 00:37:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c320af7047f9368e0536de66d6d2658
2cdb5bfd4bb4ddf85559ff29d06ed964e04119ab
64bb80bd8947d7d658ce8f20fc2bebab85d391bf2baa953c67201ebd194cd1b9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Jun 2023 00:37:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-RKCF6CVS1B

142.250.74.40

200 OK

86 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-RKCF6CVS1B
IP
142.250.74.40:443
ASN
#15169 GOOGLE

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintEB:A2:AF:B3:20:F1:B1:77:23:0B:85:D2:B1:16:33:A7:97:49:EE:51
ValidityMon, 08 May 2023 08:20:09 GMT - Mon, 31 Jul 2023 08:20:08 GMT

File type
ASCII text, with very long lines (4537)
Size
86 kB (86270 bytes)
Hash
18c05b19dfbbf7450c850f4c7e6d077a
963427aec893ba7e6ed6b76b47e1ed35827b2e72
f56397f55f09a2a3303b3ec6949e29cbf5a62766eaaa0f6e44d1539be819321f

HTTP Headers

GET /gtag/js?id=G-RKCF6CVS1B HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 02 Jun 2023 00:37:05 GMT
expires: Fri, 02 Jun 2023 00:37:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 86270
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
9c320af7047f9368e0536de66d6d2658
2cdb5bfd4bb4ddf85559ff29d06ed964e04119ab
64bb80bd8947d7d658ce8f20fc2bebab85d391bf2baa953c67201ebd194cd1b9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Jun 2023 00:37:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.topserveltd.co.ke/favicon-16x16.png

188.114.97.1

200 OK

1.2 kB

URL GET HTTP/3
www.topserveltd.co.ke/favicon-16x16.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerLet's Encrypt
Subjecttopserveltd.co.ke
Fingerprint52:54:E2:3F:42:83:40:04:77:06:62:1B:61:F7:40:26:35:BB:BF:96
ValiditySun, 23 Apr 2023 23:00:33 GMT - Sat, 22 Jul 2023 23:00:32 GMT

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1215 bytes)
Hash
096a13269d411e8947ab0caf4671afef
b488ee930d83612d6810bd57388ab53b1468ef8d
87e520d5e2de2cbe3455b1f2a56bb1170c32154248d80e288b9c70f2cc98dfdd

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/uc.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:37:05 GMT
content-type: image/png
content-length: 1215
cache-control: public, max-age=14400
last-modified: Wed, 08 Feb 2023 21:58:07 GMT
etag: W/"4bf-1863309368e"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqBU8HUajxWrFbIgevbyQBRZN2d5QMpfVmu9ARMiHOnd0EACRxh6VHxa5S12pkf7L%2Fh9mauqS4V1vCgAMvHCf0rZd4nxrmVlHVEkerXSPmuZMvaKdI3BLogfpl%2F2%2FfLco9m13rLSqw0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0ba0343c58b51b-OSL
alt-svc: h3=":443"; ma=86400

www.topserveltd.co.ke/apple-touch-icon.png

188.114.97.1

200 OK

16 kB

URL GET HTTP/3
www.topserveltd.co.ke/apple-touch-icon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerLet's Encrypt
Subjecttopserveltd.co.ke
Fingerprint52:54:E2:3F:42:83:40:04:77:06:62:1B:61:F7:40:26:35:BB:BF:96
ValiditySun, 23 Apr 2023 23:00:33 GMT - Sat, 22 Jul 2023 23:00:32 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
16 kB (16264 bytes)
Hash
0744a168ecdc31157403f369044f24d8
494f63dd7b5aec948e4b51c41825689421de5e1a
197825047a224b0cf5cf61cd2a65e8adc01a704b952833fdb6e62f7ed4953562

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/uc.exe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:37:05 GMT
content-type: image/png
content-length: 16264
cache-control: public, max-age=14400
last-modified: Wed, 08 Feb 2023 21:58:07 GMT
etag: W/"3f88-1863309367a"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h8%2FCsaM%2FnkBJw2sGnznbeFZAKO%2BhoZ63FaqNGz5gn5TxxQJ7pQu9%2Fj24CUxdVRYVL3qhZnzOXw%2FxtjSRdf1KvuPpuqOPs0mtL%2BI6tcDA%2Bkad7%2BAZ9upezwJlzFi0iX1zDH6g25hZWMA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d0ba0343c56b51b-OSL
alt-svc: h3=":443"; ma=86400

www.topserveltd.co.ke/_next/static/chunks/pages/404-7e0ae75962cd174e.js

188.114.97.1

200 OK

1.6 kB

URL GET HTTP/3
www.topserveltd.co.ke/_next/static/chunks/pages/404-7e0ae75962cd174e.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerLet's Encrypt
Subjecttopserveltd.co.ke
Fingerprint52:54:E2:3F:42:83:40:04:77:06:62:1B:61:F7:40:26:35:BB:BF:96
ValiditySun, 23 Apr 2023 23:00:33 GMT - Sat, 22 Jul 2023 23:00:32 GMT

File type
ASCII text, with very long lines (1657), with no line terminators
Size
1.6 kB (1601 bytes)
Hash
34e5e6e6d910086d58d8f844ff9df630
26eb55822d4f1c7b7099c6b4c0b2f272ad2d7255
60dd70dcc50fe13f09f328af6dc547f643e382e6f8f7a75815d47f128c9badd8

HTTP Headers

GET /_next/static/chunks/pages/404-7e0ae75962cd174e.js HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/uc.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:37:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 01 Jun 2023 06:55:20 GMT
etag: W/"641-18875bd4dbb"
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPHjj0t8zWUTBuqJYnWuIivO6J1s%2Bijgrx7GT%2BxT6xukN2sin9XZVuE7Pt%2BsJwyi22JB6bgey7XWoFANngdJ8mVb3aSF0dF6UTrTHiJdTHm6EeAqZlY%2FhG1rjaPik4v3ueO%2BmCjSx3M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0ba0305a2eb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.topserveltd.co.ke/_next/static/chunks/main-17c92827754f917d.js

188.114.97.1

200 OK

106 kB

URL GET HTTP/3
www.topserveltd.co.ke/_next/static/chunks/main-17c92827754f917d.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerLet's Encrypt
Subjecttopserveltd.co.ke
Fingerprint52:54:E2:3F:42:83:40:04:77:06:62:1B:61:F7:40:26:35:BB:BF:96
ValiditySun, 23 Apr 2023 23:00:33 GMT - Sat, 22 Jul 2023 23:00:32 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
106 kB (106395 bytes)
Hash
5c1b04849c3b9a2c760972d89c649e3a
96ab86ff8618f0ddd2785377dda62852e122342a
fd84e95222bbeb5c25e94cbfb7f42d5753cc72552cece4d839223639e09562b1

HTTP Headers

GET /_next/static/chunks/main-17c92827754f917d.js HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/uc.exe
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:37:04 GMT
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 01 Jun 2023 06:55:20 GMT
etag: W/"19f9b-18875bd4db7"
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZ6ShEBYgFL0Nae4%2BgFWApF%2BW6m2fsldcDgC32%2BeJJX0I6KtlqDvy31AyH5FlSGguYWxZ1fUhGOIwLckfxykB8b3QEc%2FQjLO55YyOYurVCJ9FXyupebeFv4Su1%2FTGyl1HsD3tyUAfqw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0ba0304a2ab51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.topserveltd.co.ke/_next/static/css/9f97d0095e787445.css

188.114.97.1

200 OK

90 kB

URL GET HTTP/3
www.topserveltd.co.ke/_next/static/css/9f97d0095e787445.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.topserveltd.co.ke/uc.exe
Certificate
IssuerLet's Encrypt
Subjecttopserveltd.co.ke
Fingerprint52:54:E2:3F:42:83:40:04:77:06:62:1B:61:F7:40:26:35:BB:BF:96
ValiditySun, 23 Apr 2023 23:00:33 GMT - Sat, 22 Jul 2023 23:00:32 GMT

File type
ASCII text, with very long lines (65472)
Size
90 kB (90147 bytes)
Hash
2092398f534ca84471bc29f677e5a3c2
6df7df9769705565a524713365655128b68a7a3f
4729a3c9b33a99c1da97b560ca743f0bc3a797fe550f71866efef2fde4e6a49a

HTTP Headers

GET /_next/static/css/9f97d0095e787445.css HTTP/1.1
Host: www.topserveltd.co.ke
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.topserveltd.co.ke/uc.exe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 02 Jun 2023 00:37:04 GMT
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
last-modified: Thu, 01 Jun 2023 06:55:20 GMT
etag: W/"16023-18875bd4db7"
vary: Accept-Encoding
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHq2BlvzQ%2BZxSpnfzE%2F6A4c9j%2FmbUNOtTE2AXyV3FYyF6fwZsHI8XeNtMFkmbQUds3yPaGld9bgaql51wROyWYZWWYqvldVi%2BdJAcwuxFXtsjxVPGSj2YdOdfadYplEHgT2E3eZmftw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d0ba0304a27b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML