urlscan.io logo urlscan.io
SecurityTrails logo

consultelent.com Open in urlscan Pro
2a00:5da0:1000::163  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://consultelent.com/
Effective URL: https://consultelent.com/
Submission: On December 31 via manual from AZ — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2a00:5da0:1000::163, located in Kazakhstan and belongs to PSKZ-ALA PS Internet Company LLP, KZ. The main domain is consultelent.com.
TLS certificate: Issued by R11 on December 31st 2024. Valid for: 3 months.
This is the only time consultelent.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Telegram (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
10 2a00:5da0:100... 48716 (PSKZ-ALA ...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 157.240.241.1 32934 (FACEBOOK)
12 3
Apex Domain
Subdomains		 Transfer
10 consultelent.com
consultelent.com
135 KB
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
61 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 415
30 KB
12 3
Domain Requested by
10 consultelent.com consultelent.com
1 connect.facebook.net consultelent.com
1 ajax.googleapis.com consultelent.com
12 3

This site contains links to these domains. Also see Links.

Domain
telegram.org
Subject Issuer Validity Valid
consultelent.com
R11		 2024-12-31 -
2025-03-31		 3 months crt.sh
upload.video.google.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-10-09 -
2025-01-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://consultelent.com/
Frame ID: FDC4EC83513CC8A46DE893634B4CE15D
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Telegram: Join Group Chat

Page URL History Show full URLs

  1. http://consultelent.com/ HTTP 307
    https://consultelent.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

226 kB
Transfer

741 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://consultelent.com/ HTTP 307
    https://consultelent.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
consultelent.com/
Redirect Chain
  • http://consultelent.com/
  • https://consultelent.com/
9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
daa02c0df47045c766bbb7d07054003539cb05e20c5af2079ae29506416ee62b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

content-encoding
br
content-type
text/html
date
Tue, 31 Dec 2024 12:32:26 GMT
etag
W/"25bb-62a86998fb613"
last-modified
Tue, 31 Dec 2024 01:10:50 GMT
server
nginx
strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
PleskLin

Redirect headers

Location
https://consultelent.com/
Non-Authoritative-Reason
HttpsUpgrades
font-roboto_1.css
consultelent.com/index_files/akbotaland_1707381688/css/ 		6 KB
860 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/css/font-roboto_1.css
Requested by
Host: consultelent.com
URL: https://consultelent.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
2b17f3a406f100e7b8431ebeaaf6a36981e5a14f11572c9069d5372c2cda9cc7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
cache-control
max-age=315360000
content-encoding
br
etag
W/"6773448a-18f9"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
text/css
last-modified
Tue, 31 Dec 2024 01:10:34 GMT
server
nginx
vary
Accept-Encoding
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.2/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.2/jquery.min.js
Requested by
Host: consultelent.com
URL: https://consultelent.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dfa729d82a3effadab1000181cb99108f232721e3b0af74cfae4c12704b35a32
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

content-encoding
gzip
age
345117
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Sat, 27 Dec 2025 12:40:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 27 Dec 2024 12:40:30 GMT
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
30094
x-xss-protection
0
server
sffe
bootstrap.min_3.css
consultelent.com/index_files/akbotaland_1707381688/css/ 		42 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/css/bootstrap.min_3.css
Requested by
Host: consultelent.com
URL: https://consultelent.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
f1d083ffaa644c708f11db29707aa57c19246e6d32643b03fee3f82c17b224b3
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
cache-control
max-age=315360000
content-encoding
br
etag
W/"67734489-a61b"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
text/css
last-modified
Tue, 31 Dec 2024 01:10:33 GMT
server
nginx
vary
Accept-Encoding
telegram_232.css
consultelent.com/index_files/akbotaland_1707381688/css/ 		115 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/css/telegram_232.css
Requested by
Host: consultelent.com
URL: https://consultelent.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
e659e32d6b4e8bfe827b3eab269746ae8beb327bb6e3f0bde2cd9befd8c9aa21
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
cache-control
max-age=315360000
content-encoding
br
etag
W/"67734489-1cb05"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
text/css
last-modified
Tue, 31 Dec 2024 01:10:33 GMT
server
nginx
vary
Accept-Encoding
img1213.png
consultelent.com/index_files/akbotaland_1707381688/images/ 		808 B
808 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/images/img1213.png
Requested by
Host: consultelent.com
URL: https://consultelent.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx /
Resource Hash
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
content-encoding
br
etag
W/"328-62a85a98d590b"
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
text/html
vary
Accept-Encoding
server
nginx
last-modified
Tue, 31 Dec 2024 00:03:43 GMT
tgwallpaper.min_3.js
consultelent.com/index_files/akbotaland_1707381688/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/js/tgwallpaper.min_3.js
Requested by
Host: consultelent.com
URL: https://consultelent.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
61fd021bbdca23dfa82ca1ea533a99cd19965458b6f0dcaecf0077894df6d8e2
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
cache-control
max-age=315360000
content-encoding
br
etag
W/"677344af-b78"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
application/javascript
last-modified
Tue, 31 Dec 2024 01:11:11 GMT
server
nginx
vary
Accept-Encoding
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: consultelent.com
URL: https://consultelent.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
24751cbae618f6fbeb532498fd1ceeda5350f30085086cd5426961a2695e3d9f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-EpZR8BiY' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-EpZR8BiY' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
GOOD; q=0.7, rtt=134, rtx=0, c=24, mss=1232, tbw=8248, tp=13, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
M8UYKr0TDPnwDTkTuq7g+kDkYQ1vpZrrE1U+hjl0DJScCxb3X5t9F1+HHEfLDB9KmDuD3IKYDBZBGAL6/P9Cvw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62282
x-xss-protection
0
origin-agent-cluster
?1
pattern.svg
consultelent.com/index_files/akbotaland_1707381688/fonts/ 		225 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/fonts/pattern.svg
Requested by
Host: consultelent.com
URL: https://consultelent.com/index_files/akbotaland_1707381688/css/telegram_232.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
daa086b24cbd2610eb3261446100ff513a4526c5b2bce41e758629f5cd8a6a20
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/index_files/akbotaland_1707381688/css/telegram_232.css

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
x-powered-by
PleskLin
cache-control
max-age=315360000
content-encoding
gzip
etag
W/"677344b2-385d7"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
image/svg+xml
last-modified
Tue, 31 Dec 2024 01:11:14 GMT
server
nginx
vary
Accept-Encoding
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
consultelent.com/index_files/akbotaland_1707381688/fonts/ 		1002 B
1 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: consultelent.com
URL: https://consultelent.com/index_files/akbotaland_1707381688/css/font-roboto_1.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
5a260f098cbc8150f6a606550c4a28464a5200f9aacc2fd90d67aa7870f24f4c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://consultelent.com
Referer
https://consultelent.com/index_files/akbotaland_1707381688/css/font-roboto_1.css

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
cache-control
max-age=315360000
etag
"677344bd-3ea"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
content-length
1002
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
font/woff2
last-modified
Tue, 31 Dec 2024 01:11:25 GMT
server
nginx
x-powered-by
PleskLin
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
consultelent.com/index_files/akbotaland_1707381688/fonts/ 		1002 B
1 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: consultelent.com
URL: https://consultelent.com/index_files/akbotaland_1707381688/css/font-roboto_1.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
5a260f098cbc8150f6a606550c4a28464a5200f9aacc2fd90d67aa7870f24f4c
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://consultelent.com
Referer
https://consultelent.com/index_files/akbotaland_1707381688/css/font-roboto_1.css

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
cache-control
max-age=315360000
etag
"677344b1-3ea"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
content-length
1002
date
Tue, 31 Dec 2024 12:32:27 GMT
content-type
font/woff2
last-modified
Tue, 31 Dec 2024 01:11:13 GMT
server
nginx
x-powered-by
PleskLin
favicon.ico
consultelent.com/index_files/akbotaland_1707381688/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://consultelent.com/index_files/akbotaland_1707381688/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a00:5da0:1000::163 , Kazakhstan, ASN48716 (PSKZ-ALA PS Internet Company LLP, KZ),
Reverse DNS
Software
nginx / PleskLin
Resource Hash
4ff54bc38c267dc3a8c95f6ed4590336baaec70433ef15d027ddca608c391e78
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://consultelent.com/

Response headers

strict-transport-security
max-age=15768000; includeSubDomains
cache-control
max-age=315360000
etag
"67734488-3aee"
x-content-type-options
nosniff
expires
Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges
bytes
content-length
15086
date
Tue, 31 Dec 2024 12:32:28 GMT
content-type
image/x-icon
last-modified
Tue, 31 Dec 2024 01:10:32 GMT
server
nginx
x-powered-by
PleskLin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Telegram (Instant Messenger)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| gets object| c function| fbq function| _fbq object| TWallpaper object| tme_bg function| toggleTheme object| darkMedia

0 Cookies

6 Console Messages

Source Level URL
Text
network error URL: https://consultelent.com/index_files/akbotaland_1707381688/images/img1213.png
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://consultelent.com/
Message:
Failed to decode downloaded font: https://consultelent.com/index_files/akbotaland_1707381688/fonts/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
other warning URL: https://consultelent.com/
Message:
OTS parsing error: invalid sfntVersion: 1013478509
other warning URL: https://consultelent.com/
Message:
Failed to decode downloaded font: https://consultelent.com/index_files/akbotaland_1707381688/fonts/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
other warning URL: https://consultelent.com/
Message:
OTS parsing error: invalid sfntVersion: 1013478509
network error URL: https://consultelent.com/(Line 145)
Message:
WebSocket connection to 'wss://consultelent.com//ws' failed: Error during WebSocket handshake: Unexpected response code: 404

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff