teslausd.com
Open in
urlscan Pro
190.115.18.157
Malicious Activity!
Public Scan
Submission: On May 12 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on May 12th 2022. Valid for: 3 months.
This is the only time teslausd.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 2 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 190.115.18.157 190.115.18.157 | 262254 (DDOS-GUAR...) (DDOS-GUARD CORP.) | |
4 | 185.178.208.147 185.178.208.147 | 57724 (DDOS-GUARD) (DDOS-GUARD) | |
6 | 3 |
ASN262254 (DDOS-GUARD CORP., BZ)
PTR: web.sharktrade.net
teslausd.com |
ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net
cdn.botprotect.org | |
client.botprotect.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
botprotect.org
cdn.botprotect.org client.botprotect.org |
14 KB |
1 |
teslausd.com
teslausd.com |
337 B |
6 | 2 |
Domain | Requested by | |
---|---|---|
3 | cdn.botprotect.org |
teslausd.com
cdn.botprotect.org |
1 | client.botprotect.org |
cdn.botprotect.org
|
1 | teslausd.com |
cdn.botprotect.org
|
6 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
teslausd.com R3 |
2022-05-12 - 2022-08-10 |
3 months | crt.sh |
cdn.botprotect.org R3 |
2022-04-26 - 2022-07-25 |
3 months | crt.sh |
client.botprotect.org R3 |
2022-05-11 - 2022-08-09 |
3 months | crt.sh |
This page contains 1 frames:
Frame:
https://teslausd.com/
Frame ID: CD1E1D49757FD8BCF819B5B34AF36C4A
Requests: 6 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
teslausd.com/ |
108 B 337 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
check.min.js
cdn.botprotect.org/ |
1 KB 866 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.css
cdn.botprotect.org/ |
2 KB 761 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f.min.js
cdn.botprotect.org/ |
31 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
callback
client.botprotect.org/ |
146 B 441 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
teslausd.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- teslausd.com
- URL
- https://teslausd.com/
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
May 12th 2022, 10:03:03 pm
UTC —
From Japan
Threats:
Scam
Comment: A crypto investment phishing scam site.
It is captcha protected site, showing "TESLA, Official event,
BIGGEST giveaway CRYPTO of $100,000,000
During this unique event we will give you the opportunity to get 1,000 BTC or 10,000 ETH. Have a look at the rules and don’t miss your chance! You can only participate once!" thereafter.
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.teslausd.com/ | Name: __ddg1_ Value: rpFQg9pdrtZzUtqn1ayW |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.botprotect.org
client.botprotect.org
teslausd.com
teslausd.com
185.178.208.147
190.115.18.157
3e0d9736690d6491a4a711024425ec8ca265bb86560cc756fc6e0be496f2241d
56f6186ca602c2ac6ccfe1a4854cfe0bf72d5f04c2375615e463541c39bcea1c
cffb33c949ace8675937f36840aaa99139caf660a5d9829f390f0773853fb1c6
d13d649086967537519ed109532c2057ef91be2999fe9b675b08207de2be5132