chickensevil
Active Member
This subject gets brought up now and then of "what domains has Tesla registered" and "can I use this to find hidden secrets about the company" or just general curiosity or what-have-you and this has been a long time coming and I am finally getting unlazy and will post the analysis of Tesla Motors and their domain registration habits... all this information is public or was public at one point (you just have to know where to look) what you do with this information I take no blame/credit... insert general disclaimer here, blah, blah... moving on...
So to register all their domains Tesla previously used "[email protected]" as their email address for the record. I say previously, because they have since then switched to [email protected] and/or [email protected]. This change started happening on 4/26 (or at least that was when the snapshot was first taken) and it is most likely due to their recent breach caused by social engineering to AT&T.
WhoIS 101 Sidebar ->
-> For those who are less savy, when you register a domain you give PII like you name, company, address, phone number, and most importantly your email address. This was intended for people to contact you if they had a problem with your website or other such administrative, perfectly harmless, purposes... and oh by the way all this is posted publically to what are call "whois" servers and anyone at any time can query these servers to pull down this information. This goes for domains and IP addresses. Because of this, people started using them for nefarious purposes... the most common are spam messages to the email address (and spam letters to the physical address) trying to solicite your services to their hosting provider... hurray for junk mail! But as we found out with this social engineering and domain hijacking it can be used for more... so much more. In this case it had a guys name, the company's address, and what I assume is a legitimate work-phone number. So if you can help it I strongly recommend you change all your information (if you own any domains) to some proxy service annoymous information. This won't help for those who pay for access to historical record keeping, but better to just change it now as it will still help, and any *new* domains, make sure you register them as anonymous... just saying... it helps.
So on Ok, back to some interesting digging, regarding the DNS registration change, it looks like this [email protected] is what they have been trying to move everything toward (or the proxy email) as they move away from using [email protected]. This change started after the attack because on April 25th (the day of the attack) this was the email registered: [email protected]. After that they switched it up. Tesla, if you are reading this, I strongly recommend you go ahead and switch everything to proxy. And I would also replace "Paul Smicker" as the *real* POC for these domains as this will you from being subject to social engineering in the future since you cannot undo what is already stored in history. If you want to keep those email addresses and phone numbers as valid I would set them up as a honeypot specifically to capture would-be attackers so they end up targeting something that isn't really of value.
Anyway, whois 101 out of the way when you combine these three addresses together you get a total of 763 registered domains. Google Doc of domains: Tesla Motors Domains - Google Sheets
So that said, there is a really interesting list of domain names here, including a bunch with Tesla spelled "telsa" it must be more common than I realized, punycoded domains which I find rather humorous when google translated:
xn--fjqw31c776a.xn--55qx5d | 拓速乐.公司 | Extension speed music company
xn--fjqw31c776a.xn--fiqs8s | 拓速乐.中国 | Extension Lok speed . China
xn--fjqw31c776a.xn--fiqz9s | 拓速乐.中國 | Extension Lok speed . China
xn--gtuv3nku8a.xn--fiqs8s | 拓速樂.中国 | Extension Lok speed . China
xn--gtuv3nku8a.xn--fiqz9s | 拓速樂.中國 | Extension Lok speed . China
I assume something is lost in translation... ha!
Moving on... The important thing to bring up is that TeslaEnergy.com was all laid forth in 2007. I am sure that date has been mentioned elsewhere, but it is amazing to think that Tesla has been planning this stationary storage thing since 2007!!!
Other honorable mentions is:
Teslaroadster.com - 2004 (The roadster was unveiled around this time as well)
acecharging.com & acechargingsystem.com - 2007 (this is interesting, and never heard of this before... an idea that never was? The precursor to the powerwall? curious!)
service-ranger.com - 2010 (coinciding with the ranger visits or before? either way, nice look at history here)
tesla-africa.com & telsa-antartica.com - 2010 (Does this mean there is hope for south africa? maybe... right along with a store in antartica aparently, ha!)
tesla-models.com - 2010 (first mention and registration date of the Model S in a domain name)
tesla-sucks.com - 2010 (hey that's not nice! )
poweredbyt.com - 2010 (I like! I like!)
teslavstopgear.com - 2011 (Gee I wonder what spawned that one?)
teslasport.com - 2012
teslamotorsfinance.com & teslamotorslease.com - 2014 (you know, would be interesting to go back and see when things were announced vs when the domains were registered... just a thought)
smiljan.net - 2015 (??? Don't know what this is, but it leads to a generic "under construction" page...)
Feel free to sift through the domains yourself for any other gems. By and far though, someone went domain registration crazy in 2010 which is when 579 domains were registered. assuming 15$ per domain that is 8,685$ a year just to keep people from these names.
From a historical perspective there were a bunch of other email addresses used in the past as the record on some of these, jumping back and forth between valid and proxied emails and such, the coolest historical gem that those of you long time followers of the company will surely enjoy is that way back in the day, once long long ago, the domain was registered to MARC TARPENNING himself. According to the records (which start in 2005, sorry, can't go back any earlier) he held it under his name until the very end of 2007. Sometime at the start of 2008 it was all switched over away from him when he departed from the company.
Enjoy!
So to register all their domains Tesla previously used "[email protected]" as their email address for the record. I say previously, because they have since then switched to [email protected] and/or [email protected]. This change started happening on 4/26 (or at least that was when the snapshot was first taken) and it is most likely due to their recent breach caused by social engineering to AT&T.
WhoIS 101 Sidebar ->
-> For those who are less savy, when you register a domain you give PII like you name, company, address, phone number, and most importantly your email address. This was intended for people to contact you if they had a problem with your website or other such administrative, perfectly harmless, purposes... and oh by the way all this is posted publically to what are call "whois" servers and anyone at any time can query these servers to pull down this information. This goes for domains and IP addresses. Because of this, people started using them for nefarious purposes... the most common are spam messages to the email address (and spam letters to the physical address) trying to solicite your services to their hosting provider... hurray for junk mail! But as we found out with this social engineering and domain hijacking it can be used for more... so much more. In this case it had a guys name, the company's address, and what I assume is a legitimate work-phone number. So if you can help it I strongly recommend you change all your information (if you own any domains) to some proxy service annoymous information. This won't help for those who pay for access to historical record keeping, but better to just change it now as it will still help, and any *new* domains, make sure you register them as anonymous... just saying... it helps.
So on Ok, back to some interesting digging, regarding the DNS registration change, it looks like this [email protected] is what they have been trying to move everything toward (or the proxy email) as they move away from using [email protected]. This change started after the attack because on April 25th (the day of the attack) this was the email registered: [email protected]. After that they switched it up. Tesla, if you are reading this, I strongly recommend you go ahead and switch everything to proxy. And I would also replace "Paul Smicker" as the *real* POC for these domains as this will you from being subject to social engineering in the future since you cannot undo what is already stored in history. If you want to keep those email addresses and phone numbers as valid I would set them up as a honeypot specifically to capture would-be attackers so they end up targeting something that isn't really of value.
Anyway, whois 101 out of the way when you combine these three addresses together you get a total of 763 registered domains. Google Doc of domains: Tesla Motors Domains - Google Sheets
So that said, there is a really interesting list of domain names here, including a bunch with Tesla spelled "telsa" it must be more common than I realized, punycoded domains which I find rather humorous when google translated:
xn--fjqw31c776a.xn--55qx5d | 拓速乐.公司 | Extension speed music company
xn--fjqw31c776a.xn--fiqs8s | 拓速乐.中国 | Extension Lok speed . China
xn--fjqw31c776a.xn--fiqz9s | 拓速乐.中國 | Extension Lok speed . China
xn--gtuv3nku8a.xn--fiqs8s | 拓速樂.中国 | Extension Lok speed . China
xn--gtuv3nku8a.xn--fiqz9s | 拓速樂.中國 | Extension Lok speed . China
I assume something is lost in translation... ha!
Moving on... The important thing to bring up is that TeslaEnergy.com was all laid forth in 2007. I am sure that date has been mentioned elsewhere, but it is amazing to think that Tesla has been planning this stationary storage thing since 2007!!!
Other honorable mentions is:
Teslaroadster.com - 2004 (The roadster was unveiled around this time as well)
acecharging.com & acechargingsystem.com - 2007 (this is interesting, and never heard of this before... an idea that never was? The precursor to the powerwall? curious!)
service-ranger.com - 2010 (coinciding with the ranger visits or before? either way, nice look at history here)
tesla-africa.com & telsa-antartica.com - 2010 (Does this mean there is hope for south africa? maybe... right along with a store in antartica aparently, ha!)
tesla-models.com - 2010 (first mention and registration date of the Model S in a domain name)
tesla-sucks.com - 2010 (hey that's not nice! )
poweredbyt.com - 2010 (I like! I like!)
teslavstopgear.com - 2011 (Gee I wonder what spawned that one?)
teslasport.com - 2012
teslamotorsfinance.com & teslamotorslease.com - 2014 (you know, would be interesting to go back and see when things were announced vs when the domains were registered... just a thought)
smiljan.net - 2015 (??? Don't know what this is, but it leads to a generic "under construction" page...)
Feel free to sift through the domains yourself for any other gems. By and far though, someone went domain registration crazy in 2010 which is when 579 domains were registered. assuming 15$ per domain that is 8,685$ a year just to keep people from these names.
From a historical perspective there were a bunch of other email addresses used in the past as the record on some of these, jumping back and forth between valid and proxied emails and such, the coolest historical gem that those of you long time followers of the company will surely enjoy is that way back in the day, once long long ago, the domain was registered to MARC TARPENNING himself. According to the records (which start in 2005, sorry, can't go back any earlier) he held it under his name until the very end of 2007. Sometime at the start of 2008 it was all switched over away from him when he departed from the company.
Enjoy!