teslausd.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 190.115.18.157, located in Belize City, Belize and belongs to DDOS-GUARD CORP., BZ. The main domain is teslausd.com.
TLS certificate: Issued by R3 on May 12th 2022. Valid for: 3 months.

This is the only time teslausd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 2 votes Show Verdicts

Domain & IP information

	IP Address	AS Autonomous System
1	190.115.18.157 190.115.18.157	262254 (DDOS-GUAR...) (DDOS-GUARD CORP.)
4	185.178.208.147 185.178.208.147	57724 (DDOS-GUARD) (DDOS-GUARD)
6	3

1 190.115.18.157 (Belize City, Belize)

ASN262254 (DDOS-GUARD CORP., BZ)
PTR: web.sharktrade.net

teslausd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.178.208.147 (Russian Federation)

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

cdn.botprotect.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
client.botprotect.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	botprotect.org cdn.botprotect.org client.botprotect.org	14 KB
1	teslausd.com teslausd.com	337 B
6	2

	Domain	Requested by
3	cdn.botprotect.org	teslausd.com cdn.botprotect.org
1	client.botprotect.org	cdn.botprotect.org
1	teslausd.com	cdn.botprotect.org
6	3

This site contains no links.

Subject Issuer	Validity	Valid
teslausd.com R3	`2022-05-12` - `2022-08-10`	3 months	crt.sh
cdn.botprotect.org R3	`2022-04-26` - `2022-07-25`	3 months	crt.sh
client.botprotect.org R3	`2022-05-11` - `2022-08-09`	3 months	crt.sh

This page contains 1 frames:

Frame: https://teslausd.com/
Frame ID: CD1E1D49757FD8BCF819B5B34AF36C4A
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Please Wait...

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

15 kB
Transfer

34 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
teslausd.com/ 108 B
337 B 2413ms
1258ms Document
text/html 190.115.18.157
DDOS-GUARD CORP.

General

Check archive.org

Show headers Download Go to

Full URL

https://teslausd.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

190.115.18.157 Belize City, Belize, ASN262254 (DDOS-GUARD CORP., BZ),

Reverse DNS

web.sharktrade.net

Software

ddos-guard /

Resource Hash

56f6186ca602c2ac6ccfe1a4854cfe0bf72d5f04c2375615e463541c39bcea1c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

content-encoding: gzip
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Thu, 12 May 2022 21:52:58 GMT
server: ddos-guard
strict-transport-security: max-age=31536000
vary: Accept-Encoding

GET
H2 200 check.min.js Show response
cdn.botprotect.org/ 1 KB
866 B 1649ms
1022ms Script
application/javascript 185.178.208.147
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.botprotect.org/check.min.js

Requested by

Host: teslausd.com
URL: https://teslausd.com/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.178.208.147 , Russian Federation, ASN57724 (DDOS-GUARD, RU),

Reverse DNS

ddos-guard.net

Software

ddos-guard /

Resource Hash

cffb33c949ace8675937f36840aaa99139caf660a5d9829f390f0773853fb1c6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://teslausd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
age: 0
vary: Accept-Encoding
etag: W/"627bf638-49e"
access-control-allow-origin: *
last-modified: Wed, 11 May 2022 17:45:28 GMT
server: ddos-guard
x-frame-options: DENY
date: Thu, 12 May 2022 21:52:59 GMT
strict-transport-security: max-age=63072000; includeSubdomains
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 app.css
cdn.botprotect.org/ 2 KB
761 B 297ms
295ms Stylesheet
text/css 185.178.208.147
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.botprotect.org/app.css

Requested by

Host: cdn.botprotect.org
URL: https://cdn.botprotect.org/check.min.js

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.178.208.147 , Russian Federation, ASN57724 (DDOS-GUARD, RU),

Reverse DNS

ddos-guard.net

Software

ddos-guard /

Resource Hash

3e0d9736690d6491a4a711024425ec8ca265bb86560cc756fc6e0be496f2241d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://teslausd.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
age: 0
vary: Accept-Encoding
etag: W/"627bf636-738"
access-control-allow-origin: *
last-modified: Wed, 11 May 2022 17:45:26 GMT
server: ddos-guard
x-frame-options: DENY
date: Thu, 12 May 2022 21:53:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains
content-type: text/css
ddg-cache-status: MISS
cache-control: max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 f.min.js Show response
cdn.botprotect.org/ 31 KB
12 KB 1377ms
1273ms Script
application/javascript 185.178.208.147
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.botprotect.org/f.min.js

Requested by

Host: cdn.botprotect.org
URL: https://cdn.botprotect.org/check.min.js

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.178.208.147 , Russian Federation, ASN57724 (DDOS-GUARD, RU),

Reverse DNS

ddos-guard.net

Software

ddos-guard /

Resource Hash

d13d649086967537519ed109532c2057ef91be2999fe9b675b08207de2be5132

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://teslausd.com/
Origin: https://teslausd.com
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: br
x-content-type-options: nosniff
age: 2
vary: Accept-Encoding
etag: W/"627bf636-7a3e"
access-control-allow-origin: *
last-modified: Wed, 11 May 2022 17:45:26 GMT
server: ddos-guard
x-frame-options: DENY
date: Thu, 12 May 2022 21:53:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains
content-type: application/javascript
ddg-cache-status: MISS
cache-control: max-age=315360000
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 200 callback
client.botprotect.org/ 146 B
441 B 2341ms
1522ms Fetch
application/json 185.178.208.147
DDOS-GUARD

General

Check archive.org

Show headers Download Go to

Full URL

https://client.botprotect.org/callback

Requested by

Host: cdn.botprotect.org
URL: https://cdn.botprotect.org/check.min.js

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

185.178.208.147 , Russian Federation, ASN57724 (DDOS-GUARD, RU),

Reverse DNS

ddos-guard.net

Software

ddos-guard /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=63072000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://teslausd.com/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

content-security-policy: upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
server: ddos-guard
date: Thu, 12 May 2022 21:53:03 GMT
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains
vary: Accept-Encoding

GET /
teslausd.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: teslausd.com
URL: https://teslausd.com/

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on May 12th 2022, 10:03:03 pm UTC — From Japan

Threats: Scam
Comment: A crypto investment phishing scam site. It is captcha protected site, showing "TESLA, Official event, BIGGEST giveaway CRYPTO of $100,000,000 During this unique event we will give you the opportunity to get 1,000 BTC or 10,000 ETH. Have a look at the rules and don’t miss your chance! You can only participate once!" thereafter.

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.teslausd.com/	1970-01-20 11:45:28	Name: __ddg1_ Value: rpFQg9pdrtZzUtqn1ayW

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.botprotect.org
client.botprotect.org
teslausd.com
teslausd.com
185.178.208.147
190.115.18.157
3e0d9736690d6491a4a711024425ec8ca265bb86560cc756fc6e0be496f2241d
56f6186ca602c2ac6ccfe1a4854cfe0bf72d5f04c2375615e463541c39bcea1c
cffb33c949ace8675937f36840aaa99139caf660a5d9829f390f0773853fb1c6
d13d649086967537519ed109532c2057ef91be2999fe9b675b08207de2be5132

teslausd.com Open in urlscan Pro 190.115.18.157 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious — 2 votes Show Verdicts

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

83 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

15 kBTransfer

34 kBSize

1 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Malicious page.url Submitted on May 12th 2022, 10:03:03 pm UTC — From Japan

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

4 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

teslausd.com Open in urlscan Pro
190.115.18.157 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

15 kB
Transfer

34 kB
Size

1
Cookies

6 HTTP transactions
0 data transactions

Malicious page.url
Submitted on May 12th 2022, 10:03:03 pm UTC — From Japan

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!