Engineer's DNS Intelligence Report
TLP:AMBER
Limited disclosure — recipients may share within their organization only
Engineer's DNS Intelligence Report
tesla.com
DNS Security & Trust Posture
Risk Level:
Low Risk
3 protocols configured, 5 not configured, 1 unavailable on provider
Why we go beyond letter grades
Analysis Confidence (ICD 203)
MODERATE
65/100
Resolver agreement is inconsistent for some protocols, limiting confidence. Data currency and system maturity are adequate.
Accuracy 65%
Currency 66/100
Maturity verified
Limiting factor: Resolver agreement is low for this scan — some protocols returned inconsistent results across resolvers
Intelligence Currency
Data Currency:
Adequate
66/100
Currentness Excellent
TTL Compliance Excellent
Completeness Degraded
Source Credibility Excellent
TTL Relevance Stale
DNS data shows some aging or gaps — consider re-scanning for critical decisions
The following DNS record TTLs deviate from recommended values. Incorrect TTLs can cause caching issues, slow propagation, or unnecessary DNS traffic.
| Record Type | Observed TTL | Typical TTL | Severity | Context |
|---|---|---|---|---|
| TXT | 270s |
1 hour (3600s) |
high | TXT TTL is below typical — observed 270s, typical value is 1 hour (3600s). Short TTLs increase DNS query volume but enable faster propagation. If you are preparing for a migration or need rapid failover, this may be intentional (RFC 1035 §3.2.1). For steady-state production, consider 3600 seconds per NIST SP 800-53 SI-18 relevance guidance. Use the TTL Tuner for profile-specific recommendations. |
| MX | 5 minutes (300s) |
1 hour (3600s) |
high | MX TTL is below typical — observed 5 minutes (300s), typical value is 1 hour (3600s). Short TTLs increase DNS query volume but enable faster propagation. If you are preparing for a migration or need rapid failover, this may be intentional (RFC 1035 §3.2.1). For steady-state production, consider 3600 seconds per NIST SP 800-53 SI-18 relevance guidance. Use the TTL Tuner for profile-specific recommendations. |
| NS | 229s |
1 day (86400s) |
high | NS TTL is below typical — observed 229s, typical value is 1 day (86400s). Short TTLs increase DNS query volume but enable faster propagation. If you are preparing for a migration or need rapid failover, this may be intentional (RFC 1035 §3.2.1). For steady-state production, consider 86400 seconds per NIST SP 800-53 SI-18 relevance guidance. Use the TTL Tuner for profile-specific recommendations. |
| SOA | 6 hours (21600s) |
1 hour (3600s) |
high | SOA TTL is above typical — observed 6 hours (21600s), typical value is 1 hour (3600s). Long TTLs reduce DNS query volume but slow propagation when records change. Consider 3600 seconds for a balance of performance and flexibility per NIST SP 800-53 SI-18 relevance guidance. |
| A | 146s |
1 hour (3600s) |
high | A TTL is below typical — observed 146s, typical value is 1 hour (3600s). Short TTLs increase DNS query volume but enable faster propagation. If you are preparing for a migration or need rapid failover, this may be intentional (RFC 1035 §3.2.1). For steady-state production, consider 3600 seconds per NIST SP 800-53 SI-18 relevance guidance. Use the TTL Tuner for profile-specific recommendations. |
Big Picture Questions
- How often do you actually change this record? If it hasn’t changed in months, a short TTL is generating unnecessary DNS queries without any benefit.
- Are you preparing for a migration or IP change? Short TTLs make sense temporarily — but should be raised back to 1 hour (3600s) once the change is complete.
- Every DNS lookup adds 20–150ms of latency. With a 60s TTL, returning visitors trigger a fresh lookup every minute. With 3600s, they get cached responses for an hour — faster page loads, no extra infrastructure needed.
- Google runs A records at ~30s because they operate a global anycast network and need to steer traffic dynamically. For a typical website without that infrastructure, copying those TTLs increases query volume with zero upside.
Primary NS
edns69.ultradns.com
Serial
2016025191
Admin
domain.teslamotors.com
Provider
Unknown
| Timer | Value | RFC 1912 Range |
|---|---|---|
| Refresh | 1800s | 1,200–43,200s (20 min – 12 hrs) |
| Retry | 86400s | Fraction of Refresh |
| Expire | 86400s | 1,209,600–2,419,200s (14–28 days) |
| Minimum (Neg. Cache) | 86400s | 300–86,400s (5 min – 1 day) |
Expire: SOA Expire is 1 day (86400s). RFC 1912 §2.2 recommends 1,209,600–2,419,200 seconds (14–28 days). If the primary nameserver becomes unreachable, secondary nameservers will stop serving this zone after only 1 day (86400s).
Expire vs Refresh+Retry: If Expire is not greater than Refresh + Retry, secondary nameservers may stop serving the zone before they've had a chance to retry the primary.
Suggested Scanner Configuration
High Confidence
Based on 20 historical scans of this domain
| Parameter | Current | Suggested | Severity | Rationale |
|---|---|---|---|---|
| timeout_seconds | 5s |
8s |
low | Average scan duration is 35.7s, suggesting DNS responses are slow for this domain. Increasing timeout from 5s to 8s prevents premature resolution failures. RFC 8767 |
Email Spoofing
Protected
Brand Impersonation
Not Setup
DNS Tampering
Unsigned
Certificate Control
Open
Configured
SPF (hard fail), DMARC (reject), DKIM
Not Configured
MTA-STS, TLS-RPT, BIMI, DNSSEC, CAA
Unavailable on Provider
DANE
Priority Actions
5 total
Achievable posture: Secure
Medium
Enable DNSSEC
DNSSEC is not enabled for this domain. DNSSEC provides cryptographic authentication of DNS responses, preventing cache poisoning and DNS spoofing attacks.
Low
Add BIMI Record
Your domain has DMARC reject — you qualify for BIMI, which displays your brand logo in receiving email clients that support it (Gmail, Apple Mail, Yahoo).
BIMI displays your verified brand logo next to your emails in supporting mail clients.
| Field | Value |
|---|---|
| Type | TXT |
| Host | default._bimi.tesla.com (BIMI default record) |
| Value | v=BIMI1; l=https://tesla.com/brand/logo.svg |
Low
Add CAA Records
CAA records specify which Certificate Authorities may issue certificates for your domain, reducing the risk of unauthorized certificate issuance.
CAA constrains which CAs can issue certificates for this domain.
| Field | Value |
|---|---|
| Type | CAA |
| Host | tesla.com (root of domain — adjust CA to match your provider) |
| Value | 0 issue "letsencrypt.org" |
Low
Add TLS-RPT Reporting
TLS-RPT (TLS Reporting) sends you reports about TLS connection failures when other servers try to deliver mail to your domain.
TLS-RPT sends you reports about TLS connection failures to your mail servers.
| Field | Value |
|---|---|
| Type | TXT |
| Host | _smtp._tls.tesla.com (SMTP TLS reporting record) |
| Value | v=TLSRPTv1; rua=mailto:tls-reports@tesla.com |
Low
Deploy MTA-STS
MTA-STS enforces TLS encryption for inbound mail delivery, preventing downgrade attacks on your mail transport.
MTA-STS tells sending servers to require TLS when delivering mail to your domain.
| Field | Value |
|---|---|
| Type | TXT |
| Host | _mta-sts.tesla.com (MTA-STS policy record) |
| Value | v=STSv1; id=tesla.com |
Registrar (RDAP)
OBSERVED
LIVE
MarkMonitor Inc.
Where domain was purchased
Email Service Provider
INFERRED
Microsoft 365
Strongly Protected
Web Hosting
Unknown
Where website is hosted
DNS Hosting
OBSERVED
Akamai
Where DNS records are edited
Email Security Methodology Can this domain be impersonated by email? No SPF and DMARC reject policy enforced
SPF Record RFC 7208 §4 Verified
Does this domain declare who may send email on its behalf?
Yes
Success
-all
9/10 lookups
SPF valid with strict enforcement (-all), 9/10 lookups
v=spf1 ip4:54.240.84.225/32 ip4:54.240.84.226/31 ip4:54.240.84.228/30 ip4:54.240.84.232/29 ip4:54.240.84.240/29 ip4:54.240.84.248/30 ip4:54.240.84.252/32 ip4:44.239.249.139 ip4:52.24.70.112 ip4:34.223.204.78 ip4:213.244.145.203 ip4:213.244.145.219 ip4:213.244.145.204 ip4:213.244.145.220 ip4:8.47.24.203 ip4:8.47.24.219 ip4:8.47.24.204 ip4:8.47.24.220 ip4:8.45.124.203 ip4:8.45.124.219 ip4:8.45.124.204 ip4:8.45.124.220 ip4:8.21.14.203 ip4:8.21.14.219 ip4:8.21.14.204 ip4:8.21.14.220 ip4:8.21.14.194 ip4:8.21.14.211 ip4:212.49.145.0/24 ip4:91.103.52.0/22 ip4:168.245.123.10 ip4:216.81.144.165 ip4:149.72.247.52 ip4:149.72.134.64 ip4:149.72.152.236 ip4:149.72.163.58 ip4:149.72.172.170 ip4:167.89.90.62 ip4:158.228.129.79 ip4:216.81.144.165 ip4:117.50.14.178 ip4:117.50.35.199 ip4:54.240.42.110 ip4:54.240.42.111 ip4:199.71.239.178 ip4:67.216.183.10 ip4:8.43.178.222 ip4:64.95.144.196 ip4:199.71.239.52 include:u13494342.wl093.sendgrid.net include:spf.protection.outlook.com include:mail.zendesk.com include:_spfsn.teslamotors.com include:_spf.qualtrics.com include:_spf.ultipro.com include:_spf.psm.knowbe4.com include:spf1.sendcloud.org include:spf2.sendcloud.org -all
RFC 7489: -all may cause rejection before DMARC evaluation, preventing DKIM from being checked
RFC 7208 Conformant — This SPF record conforms to the syntax and semantics defined in RFC 7208 §4.
RFC Failure Mode: Unlike DMARC (where unknown tags are silently ignored per RFC 7489 §6.3), SPF with unrecognized mechanisms produces a PermError per RFC 7208 §4.6 — the record fails loudly rather than silently.
Related CVEs:
CVE-2024-7208 (multi-tenant domain spoofing),
CVE-2024-7209 (shared SPF exploitation),
CVE-2023-51764 (SMTP smuggling bypasses SPF)
SPF hard fail (-all): compliance-strong, but can short-circuit DMARC.
RFC 7489 notes that -all can cause some receivers to reject mail during the SMTP transaction — before DKIM is checked and before DMARC can evaluate the result. A message that would pass DMARC via DKIM alignment may be rejected prematurely. For most domains, ~all + DMARC p=reject is the strongest compatible posture — it allows every authentication method (SPF, DKIM, DMARC) to be fully evaluated before a decision is made.
DMARC is set to reject — enforcement is strong. However, some receivers may still reject messages on SPF hard fail before DKIM alignment is checked. Switching to ~all + p=reject would provide the same enforcement with full DMARC compatibility.
DMARC is set to reject — enforcement is strong. However, some receivers may still reject messages on SPF hard fail before DKIM alignment is checked. Switching to ~all + p=reject would provide the same enforcement with full DMARC compatibility.
DMARC Policy RFC 7489 §6.3 Verified
Are spoofed emails rejected or quarantined?
Yes — reject policy
Success
p=reject
DMARC policy reject (100%) - excellent protection
v=DMARC1; p=reject; pct=100; rua=mailto:n2ju30bc@ag.dmarcian.com; ruf=mailto:n2ju30bc@fr.dmarcian.com; fo=1
Alignment:
SPF relaxed
DKIM relaxed
No np= tag (DMARCbis) — non-existent subdomains inherit p= policy but adding np=reject provides explicit protection against subdomain spoofing
Forensic reporting (ruf) is configured, but most major providers do not send forensic reports.
RFC 7489 §7.3 warns that forensic reports can expose PII (full message headers or bodies). Google, Microsoft, and Yahoo do not honour ruf= requests. The DMARCbis draft (draft-ietf-dmarc-dmarcbis) has formally removed ruf= from the specification. Consider removing this tag to simplify your record.
RFC 7489 §7.3 — Forensic Reports
RFC 7489 Conformant — DMARC record conforms to RFC 7489 §6.3 with full enforcement.
DMARCbis (Pending): draft-ietf-dmarc-dmarcbis will elevate DMARC to Standards Track, obsolete RFC 7489, replace
pct= with t= (testing flag), add np= (non-existent subdomain policy), and mandate DNS tree walk for policy discovery instead of the Public Suffix List.Related CVEs:
CVE-2024-49040 (Exchange sender spoofing),
CVE-2024-7208 (multi-tenant DMARC bypass)
DKIM Records RFC 6376 §3.6 Verified
Are outbound emails cryptographically signed?
Yes — verified
Found
2048-bit
Found DKIM for 6 selector(s) with strong keys (2048-bit)
mail._domainkey
2048-bit
Adequate
k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCFnZ42r5s08PJHkas3ak9VywTrCV849uGT9fyye54mzJ0d9+TrZkgh/7gHwmQ6h44K3jpagDkys8RF1WIGJFqwrAsyBjvDwYzYQ6YZRjq4ICNN46Q6uhkBfp0DVjYHMyR1wFft/LdRW4o2kZKcLnO3BYvJN++bu4TDSbnm6GMBkwIDAQAB
mimecast._domainkey
Mimecast
2048-bit
Adequate
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmVxkZXvb6xAEl/1Yi3fbqQAh9Y7+EYW6wn4pcGGrFMbstJdXlLEEdHD+vzo0tNbq1pk3tNMT7b3dS6nBHq0paT095dEFG99rm5PrcufZgoScRneC1q4DJSnfJtp5rlSb80K1Td5OZ6ixvSed8F0nxL1L7B2j/DQjVyKmoB9RedQIDAQAB
mx._domainkey
2048-bit
Adequate
k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDW18+uHG2dK5CgGzFnKNkYWQej5h1uXsuvfj1VE5JhddfpgNKQaL9R2GZw1ndimr17hURVjvNYzhWSqVZpEW3js72Hg28VfDrfiJ/y2ZW1QOqfz7bcwNBlm5kj2PSeyr5srD6ipiDUXdC72nZJILiWoYjkbH6Gc1mJOlAFJESo9QIDAQAB
s1._domainkey
SendGrid
2048-bit
Adequate
k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt62P8MbQvYrpBeSCT3eluwATuB8EkEfytsoh4bG91IduePxaEad6nUesO0hbkIfDFPncjqd0/WUKLheu9wt418zsk94WMbhUPXThBcKYo+qFCYkKqbFBmKnKPwT8KHlnB4YAugtNMzv5RWefFopu3BVUnk13s7+RolqLAvDuohVTjPJBJ3XD48d9DFVFxfOx/kMx1ZHQkaEzAupA4vhyX9I/LjAKaeEco/HqWyZsWA2iPj1SDZyvS72tkH/1KVBRAe2aaRLKjxI588OkkE3tKqC2u9iA8Gl4O78QzhkKvYas5gOyPbHl09vyH1Az30W8h7bMKi5AiaImjjopNWc9QQIDAQAB
s2._domainkey
SendGrid
2048-bit
Adequate
k=rsa; t=s; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDSOEE3TFmVQhaJkiEXt9oGc2AIOSURK3k28KxKTMh2y7Id+nUKS8WOyi6s4BOgxICQ9GX+ZMQykC1Va3Gak9GqR0OAri5VKLS89hbEGv1iDlmJNuLALi2U/rztFsDOsbbTMk4D2WGyMQ6kzSuviA9xngV3i6ilCSwjtNCGvXH4dQIDAQAB
selector1._domainkey
Microsoft 365
2048-bit
Adequate
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDrdHMOmLStiYdoFToER3wxvLfG5acW0LIlX2gXCvWgl8T4XFHQiTKQVWBnNGpe0xvjtCq19erx6nBvgNC8aGSGz6cbBqlE+nmBlRSgjbWGI1NvtfBLBHK3y2Lt3S6S/y8b21RQunB9MyOAMOQiCsuT5HeIWtMexzXMd1WstdSjQIDAQAB;
RFC 6376 Conformant — DKIM keys and signatures conform to RFC 6376 §3.6 (Internet Standard).
Known Vulnerabilities:
DKIM
l= tag body length vulnerability (attacker appends unsigned content to signed mail),
weak key exploitation (keys below 1024-bit are cryptographically breakable per RFC 6376 §3.3.3),
DKIM replay attacks (re-sending legitimately signed messages at scale)
MTA-STS RFC 8461 §3 Verified
Can attackers downgrade SMTP to intercept mail?
Not prevented
Warning
No MTA-STS record found
MTA-STS policy enforcement is evaluated in Mail Transport Security below.
TLS-RPT RFC 8460 §3 Verified
Will failures in TLS delivery be reported?
No reporting
Warning
No TLS-RPT record found
DMARC External Reporting Authorization RFC 7489 §7.1
Are external report receivers authorized?
Yes — all authorized
Success
All 2 external reporting domains properly authorized
| External Domain | Authorization | Auth Record |
|---|---|---|
ag.dmarcian.com |
Authorized |
v=DMARC1;
|
fr.dmarcian.com |
Authorized |
v=DMARC1;
|
DANE / TLSA Verified Recon Methodology Can mail servers establish identity without a public CA? No
DANE not available — Microsoft 365 does not support inbound DANE/TLSA on its MX infrastructure
DANE not deployable on Microsoft 365
Microsoft 365 does not support DANE for inbound mail. Microsoft uses its own certificate pinning mechanism.
Recommended alternative: MTA-STS
Email Transport Security
Two mechanisms protect email in transit. DANE is the primary standard; MTA-STS is the alternative for domains that cannot deploy DNSSEC:
- DNSSEC + DANE (RFC 7672) — Cryptographic chain of trust from DNS root to mail server certificate. Eliminates reliance on certificate authorities. No trust-on-first-use weakness. Requires DNSSEC.
- MTA-STS (RFC 8461) — HTTPS-based policy requiring TLS for mail delivery. Works without DNSSEC but relies on CA trust and is vulnerable on first use (§10). Created for domains where “deploying DNSSEC is undesirable or impractical” (§2).
Industry trend: Microsoft Exchange Online enforces inbound DANE with DNSSEC (GA October 2024), and providers like Proton Mail and Fastmail also support DANE. Google Workspace does not support DANE and relies on MTA-STS. Both mechanisms coexist because DANE is backward-compatible — senders skip the check if the domain isn't DNSSEC-signed (RFC 7672 §1.3).
Brand Security Can this brand be convincingly faked? Possible DMARC reject policy blocks email spoofing (RFC 7489 §6.3), but no BIMI brand verification and no CAA certificate restriction (RFC 8659) — visual impersonation via lookalike domains and unrestricted certificate issuance remain open vectors
BIMI BIMI Spec Verified Warning
Is the brand identity verified and displayed in inboxes?
No
No BIMI record found
CAA RFC 8659 §4 Verified Warning
Does this domain restrict who can issue TLS certificates?
No
No CAA records found - any CA can issue certificates
Vulnerability Disclosure Policy (security.txt) Is there a verified way to report security issues? No RFC 9116
No security.txt found
A security.txt file at
/.well-known/security.txt provides security researchers with a standardized way to report vulnerabilities.
See securitytxt.org for a generator.
AI Surface Scanner Beta Is this domain discoverable by AI — and protected from abuse? No
No significant AI surface findings
llms.txt llmstxt.org
Is this domain publishing AI-readable brand context?
No
No llms.txt found
No llms-full.txt found
AI Crawler Governance (robots.txt) RFC 9309 IETF Draft
Are AI crawlers explicitly allowed or blocked?
No directives
No robots.txt found
Content-Usage Directive IETF Draft
Does the site express AI content-usage preferences?
Not Configured
No Content-Usage directive detected.
The IETF AI Preferences working group is developing a
Content-Usage: directive for robots.txt that lets site owners declare whether their content may be used for AI training and inference. This is an active draft, not yet a ratified standard.
Example: Add
Content-Usage: ai=no to robots.txt to deny AI training, or Content-Usage: ai=allow to explicitly permit it.
Without this directive, AI crawler behavior depends on individual crawler policies and User-agent rules.
AI Recommendation Poisoning
Is this site trying to manipulate AI recommendations?
No
No AI recommendation poisoning indicators found
Hidden Prompt Artifacts
Is hidden prompt-injection text present in the source?
No
No hidden prompt-like artifacts detected
Public Exposure Checks Are sensitive files or secrets exposed? No
No exposed secrets detected in public page source — same-origin, non-intrusive scan of publicly visible page source and scripts.
No exposed secrets, API keys, or credentials were detected in publicly accessible page source or scripts.
What type of scan is this?
This is OSINT (Open Source Intelligence) collection — we check the same publicly accessible URLs that any web browser could visit. No authentication is bypassed, no ports are probed, no vulnerabilities are exploited.
Is this a PCI compliance scan? No. PCI DSS requires scans performed by an Approved Scanning Vendor (ASV) certified by the PCI Security Standards Council. DNS Tool is not an ASV. If you need PCI compliance scanning, engage a certified ASV such as Qualys, Tenable, or Trustwave.
Is this a penetration test? No. Penetration testing involves active exploitation attempts against systems with authorization. Our checks are passive observation of publicly accessible resources — the same methodology used by Shodan, Mozilla Observatory, and other OSINT platforms.
DNS Server Security Hardened
No DNS server misconfigurations found on a9-67.akam.net — Nmap NSE probes for zone transfer (AXFR), open recursion (RFC 5358), nameserver identity disclosure, and DNS cache snooping.
| Check | Result | Detail |
|---|---|---|
| Zone Transfer (AXFR) | Denied | Zone transfer denied (correct configuration) |
| Open Recursion | Disabled | Recursion disabled (correct configuration) |
| Nameserver Identity | Hidden | No nameserver identity information disclosed |
| Cache Snooping | Protected | Cache snooping not possible (correct configuration) |
Tested nameservers: a9-67.akam.net, edns69.ultradns.com, a10-67.akam.net, a12-64.akam.net, a7-66.akam.net, a28-65.akam.net, a1-12.akam.net
Delegation Consistency 1 Issue
Delegation consistency: 1 issue(s) found — Parent/child NS delegation alignment: DS↔DNSKEY, glue records, TTL drift, SOA serial sync.
Findings:
- Could not retrieve NS TTL from parent zone
DS ↔ DNSKEY Alignment Aligned
Glue Record Completeness Complete
| Nameserver | In-Bailiwick | IPv4 Glue | IPv6 Glue | Status |
|---|---|---|---|---|
a1-12.akam.net |
No | N/A | N/A | OK |
a10-67.akam.net |
No | N/A | N/A | OK |
a12-64.akam.net |
No | N/A | N/A | OK |
a28-65.akam.net |
No | N/A | N/A | OK |
a7-66.akam.net |
No | N/A | N/A | OK |
a9-67.akam.net |
No | N/A | N/A | OK |
edns69.ultradns.com |
No | N/A | N/A | OK |
NS TTL Comparison Drift
Child TTL: 300s
Drift: 0s
SOA Serial Consistency Consistent
a1-12.akam.net: 2.016025191e+09a10-67.akam.net: 2.016025191e+09a12-64.akam.net: 2.016025191e+09a28-65.akam.net: 2.016025191e+09a7-66.akam.net: 2.016025191e+09a9-67.akam.net: 2.016025191e+09edns69.ultradns.com: 2.016025191e+09Nameserver Fleet Matrix Healthy
Analyzed 7 nameserver(s) for tesla.com — Per-nameserver reachability, ASN diversity, SOA serial sync, and lame delegation checks.
| Nameserver | IPv4 | IPv6 | ASN / Operator | UDP | TCP | AA | SOA Serial |
|---|---|---|---|---|---|---|---|
a28-65.akam.net |
95.100.173.65 | 2600:1480:d800::41 | AS21342 | 2016025191 | |||
a7-66.akam.net |
23.61.199.66 | 2600:1406:32::42 | AS21342 | 2016025191 | |||
edns69.ultradns.com |
204.74.66.69 | 2001:502:f3ff::245 | AS12008 | 2016025191 | |||
a1-12.akam.net |
193.108.91.12 | 2600:1401:2::c | AS21342 | 2016025191 | |||
a9-67.akam.net |
184.85.248.67 | 2a02:26f0:117::43 | AS21342 | 2016025191 | |||
a12-64.akam.net |
184.26.160.64 | 2600:1480:f000::40 | AS21342 | 2016025191 | |||
a10-67.akam.net |
96.7.50.67 | 2600:1480:d000::43 | AS21342 | 2016025191 |
Unique ASNs
2
Unique Operators
0
Unique /24 Prefixes
7
Diversity Score
Good
2 ASNs, 7 /24 prefixes across 7 nameservers
Mail Transport Security Beta Is mail transport encrypted and verified? No No MTA-STS or DANE — mail transport encryption is opportunistic only
All 1 server(s) verified: encrypted transport confirmed via direct SMTP probe and DNS policy
Policy Assessment Primary
- Microsoft 365 enforces TLS 1.2+ with DANE (GA Oct 2024) and valid certificates
Telemetry
TLS-RPT not configured — domain has no visibility into TLS delivery failures from real senders
Live Probe Supplementary
| MX Host | STARTTLS | TLS Version | Cipher | Certificate |
|---|---|---|---|---|
tesla-com.mail.protection.outlook.com |
TLSv1.3 | TLS_AES_256_GCM_SHA384 |
Valid
Expires: 2026-08-26 (171 days) Issuer: DigiCert Inc |
Multi-Vantage Probe Results
Unanimous: TLS verified
2 probes, 1 responded
France - EU
observed
All servers support TLS
7.550290634s
US-East (Boston)
skipped
Infrastructure Intelligence Who hosts this domain and what services power it? Direct
ASN / Network Success
Resolved 1 unique ASN(s) across 10 IP address(es)
| ASN | Name | Country |
|---|---|---|
AS33905 |
NL |
IPv4 Mappings:
2.18.50.207 → AS33905 (2.18.50.0/24)2.18.55.207 → AS33905 (2.18.55.0/24)2.18.48.207 → AS33905 (2.18.48.0/24)2.18.54.207 → AS33905 (2.18.54.0/24)23.7.244.207 → AS33905 (23.7.244.0/24)2.18.52.207 → AS33905 (2.18.52.0/24)2.18.51.207 → AS33905 (2.18.51.0/24)2.18.53.207 → AS33905 (2.18.53.0/24)2.18.49.207 → AS33905 (2.18.49.0/24)23.40.100.207 → AS33905 (23.40.100.0/24)Edge / CDN Success
Domain appears to use direct origin hosting
SaaS TXT Footprint Success 5 services
5 SaaS services detected via DNS TXT verification records
Detects SaaS services that leave DNS TXT verification records (e.g., domain ownership proofs). Does not detect all SaaS platforms — only those indicated by DNS.
| Service | Verification Record |
|---|---|
| Microsoft 365 | MS=ms22358213 |
| Apple | apple-domain-verification=C9J7eOtEbm7Dqr88 |
| Google Workspace | google-site-verification=Xg2DEUg2oCz1q9RMx8gh2htHK16_GG9cZXY_eyeSf6w |
| Atlassian | atlassian-domain-verification=U31RjXDO5NBJROoOVpVEsKJ7daGpXuXPDF8HeqlmvXUKOtTao6... |
| Adobe | adobe-idp-site-verification=321c026a-3a8c-4206-a1fa-391a59585c54 |
Domain Security Methodology Can DNS responses be tampered with in transit? Possible DNSSEC is not deployed, DNS responses are not cryptographically verified
DNSSEC RFC 4033 §2 Verified Unsigned
DNSSEC not configured - DNS responses are unsigned
Enterprise DNS Context: DNSSEC is the only standardized, DNS-verifiable mechanism that cryptographically authenticates responses between authoritative servers and resolvers (RFC 4033 §2, RFC 4035). Without it, DNS responses are technically vulnerable to in-transit tampering. Enterprise operators may employ compensating controls (anycast, DDoS mitigation, private peering, TSIG) — however, these do not provide DNS-layer data authentication to third-party resolvers and are not verifiable via DNS alone.
Visibility: DNS-only — network-layer compensating controls cannot be observed or verified through DNS queries. This assessment reflects what is provable from the DNS evidence available.
NS Delegation Verified
7 nameserver(s) configured
Nameservers:
a1-12.akam.net
a10-67.akam.net
a12-64.akam.net
a28-65.akam.net
a7-66.akam.net
a9-67.akam.net
edns69.ultradns.com
Enterprise DNS (Multi-Provider Redundancy)
Nameservers span 2 providers (Akamai, UltraDNS (Neustar/Vercara)). Multi-provider DNS provides resilience against single-provider outages — an enterprise best practice for critical domains.
DNS provider(s):
Akamai
UltraDNS (Neustar/Vercara)
Multi-Resolver Verification
Recon:
Discrepancy detected -
Some resolvers returned different results
(1 difference found)
Resolver Differences:
TXT: OpenDNS returned different results: [MS=ms22358213 SFMC-qkAv7SvlQaslp7NEALX8t68s_AZWOQB6ThKQS5l5 T0E0S29854 _f32sd18rpksw3zh1hgbhaulpv016hoh _i88zzpi9e3jr0xglot953efk0ui36y5 _quuerjb9mywulmdygnzgnt9awyzm15c _w19nckjurfa4aldim48vtbrxsq1phnv apple-domain-verification=C9J7eOtEbm7Dqr88 jamf-site-verification=u4x3LuqSfpoLn5nJ0zMd5g logmein-domain-confirmation=9zxwVn2buGWrLtU24J88]
This may indicate DNS propagation in progress or geo-based DNS routing.
Traffic & Routing Where does this domain's traffic actually terminate?
AIPv4 Address
2.18.50.207
2.18.55.207
2.18.48.207
2.18.54.207
23.7.244.207
2.18.52.207
2.18.51.207
2.18.53.207
2.18.49.207
23.40.100.207
Where the domain points for web traffic
AAAAIPv6 Address
No AAAA records
IPv6 not configured
MXMail Servers
10 tesla-com.mail.protection.outlook.com.
Priority + mail server for email delivery
Microsoft 365
SRVServices
_sipfederationtls._tcp: 100 1 5061 sipfed.online.lync.com.
_sip._tls: 100 1 443 sipdir.online.lync.com.
SIP, XMPP, or other service endpoints
Web:
Reachable
(10 IPv4, 0 IPv6)
Mail:
1 server
Services:
2 endpoints
Subdomain Discovery RFC 6962 Recon LIVE What subdomains and infrastructure are exposed in certificate logs? 339 subdomains discovered
How did we find these?
CT logs unavailable
339 current
0 expired
38 CNAMEs
Source: Certificate Transparency + DNS Intelligence
Subdomains discovered via CT logs (RFC 6962), DNS probing of common service names, and CNAME chain traversal.
| Subdomain | Source | Status | Provider / CNAME | Certificates | First Seen | Issuer(s) |
|---|---|---|---|---|---|---|
accounts.tesla.com
|
DNS | Current |
accounts.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
akamai-apigateway-einvoicing-stg.tesla.com
|
CT Log | Current | — | 8 | 2026-01-19T00:00:00 | DigiCert Inc |
akamai-apigateway-vehicleextinfogw-prdsvc-st.tesla.com
|
CT Log | Current | — | 8 | 2026-01-19T00:00:00 | DigiCert Inc |
akamai-apigateway-vehicleextinfogw-stgsvc-st.tesla.com
|
CT Log | Current | — | 8 | 2026-01-19T00:00:00 | DigiCert Inc |
ams13-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
apac-cppm.tesla.com
|
CT Log | Current |
apac-cppm.tesla.com.srip.net
|
1 | 2026-02-12T00:00:00 | DigiCert Inc |
apac.logs.tesla.com
|
CT Log | Current | — | 2 | 2025-10-31T00:00:00 | DigiCert Inc |
apf-api.eng.vn.cloud.tesla.com
|
CT Log | Current | — | 2 | 2025-05-20T00:00:00 | Amazon |
apf-api.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 2 | 2025-05-15T00:00:00 | Amazon |
api-firebolt.tesla.com
|
CT Log | Current | — | 1 | 2025-05-12T00:00:00 | DigiCert, Inc. |
api.kronos.tesla.com
|
CT Log | Current | — | 1 | 2025-12-10T00:00:00 | DigiCert Inc |
apps.tesla.com
|
DNS | Current |
apps.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
assets.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
assets.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
assets.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
assets.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
assets.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
atom.tesla.com
|
DNS | Current |
external-eu-pop.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
auth-stage.tesla.com
|
CT Log | Current |
auth-stage.tesla.com.edgekey.net
|
1 | 2025-09-03T00:00:00 | DigiCert Inc |
auth.eng.euw1.vn.cloud.tesla.com
|
CT Log | Current | — | 9 | 2025-08-19T00:00:00 | DigiCert Inc |
auth.eng.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 9 | 2025-08-28T00:00:00 | DigiCert Inc |
auth.prd.euw1.vn.cloud.tesla.com
|
CT Log | Current | — | 5 | 2025-10-16T00:00:00 | DigiCert Inc |
auth.prd.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 4 | 2025-11-25T00:00:00 | DigiCert Inc |
auth.tesla.com
|
CT Log | Current | — | 1 | 2025-10-24T00:00:00 | Tesla, Inc. |
autobidder-preprd.powerhub.energy.tesla.com
|
CT Log | Current | — | 1 | 2025-09-30T00:00:00 | DigiCert Inc |
autobidder.powerhub.energy.tesla.com
|
CT Log | Current | — | 1 | 2025-06-23T00:00:00 | DigiCert Inc |
autodiscover.tesla.com
|
DNS | Current |
autodiscover.outlook.com
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
avatars.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
avatars.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
avatars.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
avatars.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
avatars.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
bettertime-stage.tesla.com
|
CT Log | Current | — | 13 | 2026-02-05T00:00:00 | Tesla, Inc., DigiCert Inc |
bettertime.tesla.com
|
CT Log | Current | — | 13 | 2026-02-05T00:00:00 | Tesla, Inc., DigiCert Inc |
bi.tesla.com
|
DNS | Current |
ipa.teslazta.net.srip.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
billing.tesla.com
|
DNS | Current |
billing.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
ca.tesla.com
|
CT Log | Current | — | 8 | 2026-02-18T00:00:00 | DigiCert Inc |
chat-staging.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-08-07T00:00:00 | DigiCert Inc |
citiapiencprodv5.tesla.com
|
CT Log | Current | — | 1 | 2025-03-18T00:00:00 | DigiCert Inc |
citiapisslprodv5.tesla.com
|
CT Log | Current | — | 1 | 2025-03-18T00:00:00 | DigiCert Inc |
cloud.tesla.com
|
CT Log | Current | — | 2 | 2026-02-01T00:00:00 | Tesla, Inc. |
cn.tesla.com
|
CT Log | Current | — | 8 | 2026-02-18T00:00:00 | DigiCert Inc |
codeload.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
codeload.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
codeload.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
codeload.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
codeload.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
consul.bottlerocket.tesla.com
|
CT Log | Current | — | 2 | 2025-08-13T00:00:00 | DigiCert Inc |
containers.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
courses.tesla.com
|
DNS | Current |
courses.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
cx-apac-stg.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
cx-apac.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
cx-api-apac-stg.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
cx-api-apac.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
cxadmin-apac-stg.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
cxadmin-apac.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
cxadmin-api-apac-stg.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
cxadmin-api-apac.tesla.com
|
CT Log | Current | — | 1 | 2025-04-28T00:00:00 | Amazon |
dal11-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
de.tesla.com
|
CT Log | Current | — | 12 | 2026-02-18T00:00:00 | DigiCert Inc |
dev-hermes-qd.tesla.com
|
CT Log | Current | — | 8 | 2026-01-19T00:00:00 | DigiCert Inc |
developer.tesla.com
|
DNS | Current |
developer.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
dex.ops.bn.na.vn.cloud.tesla.com
|
CT Log | Current |
npudex.ops.bn-usw2.vn.cloud.tesla.com
|
5 | 2025-11-09T00:00:00 | DigiCert Inc |
dex.ops.na.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-10-08T00:00:00 | DigiCert Inc |
dhc.tesla.com
|
CT Log | Current | — | 1 | 2025-07-14T00:00:00 | DigiCert Inc |
digitalassets-accounts.tesla.com
|
CT Log | Current | — | 5 | 2026-03-04T22:33:52 | Let's Encrypt, GlobalSign nv-sa |
digitalassets-contents.tesla.com
|
CT Log | Current | — | 5 | 2026-01-03T13:34:06 | Let's Encrypt, GlobalSign nv-sa |
digitalassets-energy.tesla.com
|
CT Log | Current |
digitalassets-energy.tesla.com.multicdn.cloudinary.com
|
5 | 2026-03-04T22:33:52 | Let's Encrypt, GlobalSign nv-sa |
digitalassets-secure.tesla.com
|
CT Log | Current | — | 8 | 2026-03-06T23:46:14 | GlobalSign nv-sa, Let's Encrypt |
digitalassets-shop.tesla.com
|
CT Log | Current | — | 4 | 2026-01-07T13:59:21 | Let's Encrypt, GlobalSign nv-sa |
digitalassets.tesla.com
|
CT Log | Current | — | 4 | 2026-02-19T13:20:27 | Let's Encrypt, GlobalSign nv-sa |
diner-api-stage.tesla.com
|
CT Log | Current | — | 1 | 2025-06-17T00:00:00 | DigiCert Inc |
diner-api.tesla.com
|
CT Log | Current | — | 1 | 2025-06-15T00:00:00 | DigiCert Inc |
diner-webapp-stage.tesla.com
|
CT Log | Current | — | 1 | 2025-06-17T00:00:00 | DigiCert Inc |
diner-webapp.tesla.com
|
CT Log | Current |
diner-webapp.tesla.com.edgekey.net
|
1 | 2025-06-17T00:00:00 | DigiCert Inc |
discovery-service.bottlerocket.tesla.com
|
CT Log | Current | — | 2 | 2025-08-02T00:00:00 | DigiCert Inc |
discovery.bottlerocket.tesla.com
|
CT Log | Current | — | 2 | 2025-08-13T00:00:00 | DigiCert Inc |
docker.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
docker.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
docker.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
docker.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
docker.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
docs.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-08-25T00:00:00 | DigiCert Inc |
doraemon-svc-apac-stg.tesla.com
|
CT Log | Current | — | 1 | 2025-02-11T00:00:00 | Amazon |
doraemon-svc-apac.tesla.com
|
CT Log | Current | — | 1 | 2025-02-11T00:00:00 | Amazon |
embed-staging.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-07-23T00:00:00 | DigiCert Inc |
employeefeedback.tesla.com
|
CT Log | Current | — | 2 | 2025-06-16T00:00:00 | DigiCert Inc |
energy-technician.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-08-06T00:00:00 | DigiCert Inc |
energy.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-08-06T00:00:00 | DigiCert Inc |
energy.tesla.com
|
CT Log | Current | — | 7 | 2025-12-07T00:00:00 | DigiCert Inc |
engage.tesla.com
|
CT Log | Current | — | 14 | 2025-06-23T00:00:00 | Amazon |
eu.logs.tesla.com
|
CT Log | Current | — | 2 | 2025-10-31T00:00:00 | DigiCert Inc |
events.tesla.com
|
DNS | Current | — | 10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
exp-zcp-cloud-eu-itmfg-staging.tesla.com
|
CT Log | Current | — | 6 | 2026-01-19T00:00:00 | DigiCert Inc |
exp-zcp-cloud-eu-itmfg.tesla.com
|
CT Log | Current |
exp-zcp-cloud-eu-itmfg.tesla.com.edgekey.net
|
6 | 2026-01-19T00:00:00 | DigiCert Inc |
exp-zcp-cloud-na-itmfg-staging.tesla.com
|
CT Log | Current | — | 6 | 2026-01-19T00:00:00 | DigiCert Inc |
exp-zcp-cloud-na-itmfg.tesla.com
|
CT Log | Current | — | 8 | 2026-01-19T00:00:00 | DigiCert Inc |
extgithub.tesla.com
|
CT Log | Current | — | 2 | 2025-10-01T00:00:00 | DigiCert Inc |
feedback.tesla.com
|
CT Log | Current | — | 2 | 2025-06-16T00:00:00 | DigiCert Inc |
fleet-api.eng.na.vn.cloud.tesla.com
|
CT Log | Current | — | 18 | 2025-08-28T00:00:00 | DigiCert Inc |
fleet-api.prd.eu.vn.cloud.tesla.com
|
CT Log | Current |
epuca-prd.euw1.vn.cloud.tesla.com
|
5 | 2025-10-30T00:00:00 | DigiCert Inc |
fleet-api.prd.na.vn.cloud.tesla.com
|
CT Log | Current | — | 17 | 2025-12-20T00:00:00 | DigiCert Inc |
fleet-api.prd.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 4 | 2025-12-19T00:00:00 | DigiCert Inc |
fleet-api.prd.usw2.vn.cloud.tesla.com
|
CT Log | Current | — | 3 | 2025-12-20T00:00:00 | DigiCert Inc |
fleet-auth.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 4 | 2025-10-30T00:00:00 | DigiCert Inc |
fleet-auth.tesla.com
|
CT Log | Current | — | 1 | 2026-02-16T00:00:00 | DigiCert Inc |
fleetview.america.fn.tesla.com
|
CT Log | Current | — | 14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.europe.fn.tesla.com
|
CT Log | Current | — | 14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.fn.tesla.com
|
CT Log | Current | — | 14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.prd.america.fn.tesla.com
|
CT Log | Current | — | 14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.prd.eu.fn.tesla.com
|
CT Log | Current | — | 14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.prd.europe.fn.tesla.com
|
CT Log | Current |
npuca-prd.euw1.vn.cloud.tesla.com
|
14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.prd.euw1.fn.tesla.com
|
CT Log | Current | — | 14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.prd.na.fn.tesla.com
|
CT Log | Current | — | 14 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.prd.usw.fn.tesla.com
|
CT Log | Current | — | 4 | 2025-11-13T00:00:00 | DigiCert Inc |
fleetview.prd.usw2.fn.tesla.com
|
CT Log | Current | — | 10 | 2025-10-31T00:00:00 | DigiCert Inc |
forums.tesla.com
|
DNS | Current |
site-6030136.onvanilla.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
fra05-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
genai.tesla.com
|
CT Log | Current | — | 1 | 2025-08-14T00:00:00 | DigiCert Inc |
gf.tesla.com
|
CT Log | Current | — | 8 | 2026-02-18T00:00:00 | DigiCert Inc |
gist.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
gist.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
gist.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
gist.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
gist.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
gpv.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
gridlogic.energy.tesla.com
|
CT Log | Current | — | 1 | 2025-06-23T00:00:00 | DigiCert Inc |
gridlogic.powerhub.energy.tesla.com
|
CT Log | Current | — | 1 | 2025-06-23T00:00:00 | DigiCert Inc |
hnd13-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
hub.tesla.com
|
DNS | Current |
ipa.teslazta.net.srip.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
iad05-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
image.emails.tesla.com
|
CT Log | Current | — | 1 | 2025-05-18T00:00:00 | DigiCert Inc |
incontrol.tesla.com
|
CT Log | Current | — | 1 | 2025-10-03T00:00:00 | DigiCert Inc |
inference-eu-staging.bottlerocket.tesla.com
|
CT Log | Current | — | 2 | 2025-08-06T00:00:00 | DigiCert Inc |
inference-eu.bottlerocket.tesla.com
|
CT Log | Current | — | 3 | 2025-08-07T00:00:00 | DigiCert Inc |
inference-staging.bottlerocket.tesla.com
|
CT Log | Current | — | 2 | 2025-08-06T00:00:00 | DigiCert Inc |
inference-staging.tesla.com
|
CT Log | Current | — | 1 | 2025-12-09T00:00:00 | DigiCert Inc |
inference.bottlerocket.tesla.com
|
CT Log | Current | — | 2 | 2025-07-21T00:00:00 | DigiCert Inc |
inference.tesla.com
|
CT Log | Current | — | 3 | 2026-02-18T00:00:00 | DigiCert, Inc., DigiCert Inc |
integration.kronos.tesla.com
|
CT Log | Current | — | 1 | 2025-12-10T00:00:00 | DigiCert Inc |
ir.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-08-06T00:00:00 | DigiCert Inc |
ir.tesla.com
|
DNS | Current |
ir.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
kronos.tesla.com
|
CT Log | Current | — | 1 | 2025-12-10T00:00:00 | DigiCert Inc |
kronosdb.tesla.com
|
CT Log | Current | — | 1 | 2025-12-10T00:00:00 | DigiCert Inc |
lax32-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
link.tesla.com
|
DNS | Current |
link.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
links.tesla.com
|
DNS | Current |
links.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
live-data.america.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.europe.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.prd.america.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.prd.eu.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.prd.europe.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.prd.euw1.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.prd.na.fn.tesla.com
|
CT Log | Current | — | 13 | 2025-03-18T00:00:00 | DigiCert Inc |
live-data.prd.usw.fn.tesla.com
|
CT Log | Current | — | 4 | 2025-11-13T00:00:00 | DigiCert Inc |
live-data.prd.usw2.fn.tesla.com
|
CT Log | Current | — | 9 | 2025-03-18T00:00:00 | DigiCert Inc |
logcollector-ext.tesla.com
|
CT Log | Current | — | 8 | 2026-01-19T00:00:00 | DigiCert Inc |
logs.tesla.com
|
CT Log | Current | — | 2 | 2025-10-31T00:00:00 | DigiCert Inc |
logtransit-ext.tesla.com
|
CT Log | Current | — | 8 | 2026-01-19T00:00:00 | DigiCert Inc |
marketing.tesla.com
|
DNS | Current | — | 10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
maven.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
maven.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
maven.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
maven.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
maven.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
media-server-api.eng.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-05-05T00:00:00 | DigiCert Inc |
media-server-api.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 3 | 2025-12-12T00:00:00 | DigiCert Inc |
media-server-dev-api.eng.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-05-02T00:00:00 | DigiCert Inc |
media-server-qr-dev.eng.america.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-05-02T00:00:00 | DigiCert Inc |
media-server-qr.eng.america.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-05-05T00:00:00 | DigiCert Inc |
media-server-qr.prd.america.vn.cloud.tesla.com
|
CT Log | Current | — | 3 | 2025-12-12T00:00:00 | DigiCert Inc |
media.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
media.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
media.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
media.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
media.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
meet.tesla.com
|
DNS | Current |
group301.tesla.com.akadns.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
mfg.tesla.com
|
CT Log | Current | — | 2 | 2025-09-29T00:00:00 | DigiCert Inc |
mobile-links.eng.vn.cloud.tesla.com
|
CT Log | Current | — | 15 | 2025-08-28T00:00:00 | DigiCert Inc |
mobile-links.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 10 | 2025-10-31T00:00:00 | DigiCert Inc |
mobile-ops-links.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 10 | 2025-10-31T00:00:00 | DigiCert Inc |
mobile.kronos.tesla.com
|
CT Log | Current |
frontend-app-1817070613.us-west-2.elb.amazonaws.com
|
1 | 2025-12-10T00:00:00 | DigiCert Inc |
mobile.tesla.com
|
DNS | Current |
mobile.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
na.logs.tesla.com
|
CT Log | Current | — | 2 | 2025-10-31T00:00:00 | DigiCert Inc |
notebooks.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
notebooks.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
notebooks.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
notebooks.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
notebooks.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
npm.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
npm.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
npm.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
npm.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
npm.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
nuget.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
nuget.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
nuget.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
nuget.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
nuget.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
nv.tesla.com
|
CT Log | Current | — | 12 | 2026-02-18T00:00:00 | DigiCert Inc |
ny.tesla.com
|
CT Log | Current | — | 8 | 2026-02-18T00:00:00 | DigiCert Inc |
obs.tesla.com
|
CT Log | Current | — | 18 | 2026-02-11T00:00:00 | DigiCert Inc |
ownerapi-alpha.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 10 | 2025-05-02T00:00:00 | DigiCert Inc |
ownerapi-api.eng.euw1.vn.cloud.tesla.com
|
CT Log | Current | — | 5 | 2025-05-01T00:00:00 | DigiCert Inc |
ownerapi-api.eng.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 4 | 2025-05-01T00:00:00 | DigiCert Inc |
ownerapi-api.eng.usw2.vn.cloud.tesla.com
|
CT Log | Current | — | 5 | 2025-05-01T00:00:00 | DigiCert Inc |
ownerapi-api.prd.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 4 | 2025-12-11T00:00:00 | DigiCert Inc |
pages.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
pages.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
pages.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
pages.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
pages.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
paloalto.tesla.com
|
CT Log | Current | — | 8 | 2026-02-18T00:00:00 | DigiCert Inc |
partners.tesla.com
|
DNS | Current |
partners.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
pay.tesla.com
|
DNS | Current |
static-assets-pay.tesla.com-v1.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
payment-dlocal-prod.tesla.com
|
CT Log | Current | — | 1 | 2025-10-21T00:00:00 | Tesla, Inc. |
payment-dlocal-stg.tesla.com
|
CT Log | Current | — | 1 | 2025-10-21T00:00:00 | Tesla, Inc. |
pixiecloud.tesla.com
|
CT Log | Current | — | 2 | 2026-02-18T00:00:00 | Tesla, Inc. |
powerhub.energy.tesla.com
|
CT Log | Current | — | 3 | 2025-12-07T00:00:00 | DigiCert Inc |
profile.tesla.com
|
DNS | Current |
profile.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
raw.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
raw.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
raw.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
raw.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
raw.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
render.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
render.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
render.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
render.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
reply.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
reply.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
reply.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
reply.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
reply.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
ro.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
ro.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
robotaxi-app-feedback-eng.tesla.com
|
CT Log | Current | — | 4 | 2026-02-16T19:59:49 | Let's Encrypt |
robotaxi-app-feedback-prd.tesla.com
|
CT Log | Current | — | 4 | 2026-02-16T19:58:59 | Let's Encrypt |
rubygems.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
rubygems.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
rubygems.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
rubygems.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
rubygems.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
s3-sidekick-ssl.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
s3.a.energy.smf12.tcs.tesla.com
|
CT Log | Current | — | 2 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.a.energy.smf13.tcs.tesla.com
|
CT Log | Current | — | 2 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.a.energy.vast.tcs.tesla.com
|
CT Log | Current | — | 2 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.a.iad06.tcs.tesla.com
|
CT Log | Current | — | 1 | 2025-05-12T00:00:00 | DigiCert Inc |
s3.a.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
s3.a.smf12.tcs.tesla.com
|
CT Log | Current | — | 6 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.a.smf13.tcs.tesla.com
|
CT Log | Current | — | 7 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.a.vast.tcs.tesla.com
|
CT Log | Current | — | 5 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.b.ams15.tcs.tesla.com
|
CT Log | Current | — | 3 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.b.ams17.tcs.tesla.com
|
CT Log | Current | — | 3 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.b.energy.ams15.tcs.tesla.com
|
CT Log | Current | — | 2 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.b.energy.ams17.tcs.tesla.com
|
CT Log | Current | — | 2 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.b.energy.vast.tcs.tesla.com
|
CT Log | Current | — | 2 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.b.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
s3.b.vast.tcs.tesla.com
|
CT Log | Current | — | 4 | 2025-12-04T00:00:00 | DigiCert Inc, Tesla, Inc. |
s3.c.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
s3.d.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
sc-cppm.tesla.com
|
CT Log | Current | — | 3 | 2026-01-30T00:00:00 | Tesla, Inc., DigiCert Inc |
sc-eu-cppm.tesla.com
|
CT Log | Current | — | 2 | 2026-02-24T00:00:00 | Tesla, Inc., DigiCert Inc |
schedule.tesla.com
|
DNS | Current |
schedule.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
sentry-api-test.ops.na.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2026-03-07T00:00:00 | DigiCert Inc |
sentry-api.ops.na.vn.cloud.tesla.com
|
CT Log | Current | — | 9 | 2026-02-07T00:00:00 | DigiCert Inc |
sentry.app.tesla.com
|
CT Log | Current | — | 1 | 2025-05-24T00:00:00 | Amazon |
service.tesla.com
|
DNS | Current |
service.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
serviceapp.tesla.com
|
CT Log | Current | — | 3 | 2025-05-19T00:00:00 | DigiCert Inc |
share.tesla.com
|
DNS | Current |
group301.tesla.com.akadns.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
shop.tesla.com
|
DNS | Current |
shop.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
signaling-alpha.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 8 | 2025-08-28T00:00:00 | DigiCert Inc |
signaling-robotics.eng.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 2 | 2025-06-06T00:00:00 | DigiCert Inc |
signaling-robotics.eng.vn.cloud.tesla.com
|
CT Log | Current |
usw-eng5x-hermes-npuaph-prd.teslafleet.akadns.net
|
5 | 2025-06-06T00:00:00 | DigiCert Inc |
sin05-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
sjc36-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
sso-dev.tesla.com
|
CT Log | Current | — | 2 | 2026-02-05T00:00:00 | Tesla, Inc. |
sso.tesla.com
|
CT Log | Current | — | 2 | 2026-02-05T00:00:00 | Tesla, Inc. |
staging.bottlerocket.tesla.com
|
CT Log | Current | — | 2 | 2025-08-06T00:00:00 | DigiCert Inc |
static.tesla.com
|
DNS | Current |
static.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
stream.tesla.com
|
DNS | Current |
stream.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
sts-broker.bottlerocket.tesla.com
|
CT Log | Current | — | 3 | 2025-08-13T00:00:00 | DigiCert Inc |
syd14-gpgw1.tesla.com
|
CT Log | Current | — | 1 | 2026-01-02T00:00:00 | DigiCert Inc |
taffy.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-08-06T00:00:00 | DigiCert Inc |
tesla-hermes-snapshot-motors.eng.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 2 | 2026-03-04T00:00:00 | DigiCert Inc |
tesla-inc-docsys-eorg.tesla.com
|
CT Log | Current | — | 1 | 2025-04-02T00:00:00 | DigiCert Inc |
teslacmgap01.tesla.com
|
CT Log | Current | — | 1 | 2026-02-17T00:00:00 | DigiCert Inc |
teslacmgcn01.tesla.com
|
CT Log | Current | — | 1 | 2026-02-17T00:00:00 | DigiCert Inc |
teslacmgeu01.tesla.com
|
CT Log | Current | — | 1 | 2026-02-17T00:00:00 | DigiCert Inc |
teslacmgna01.tesla.com
|
CT Log | Current | — | 1 | 2025-08-18T00:00:00 | DigiCert Inc |
teslacmgus01.tesla.com
|
CT Log | Current | — | 1 | 2026-02-17T00:00:00 | DigiCert Inc |
teslamezcal.tesla.com
|
CT Log | Current | — | 1 | 2025-06-02T00:00:00 | DigiCert Inc |
tf-poc.tesla.com
|
CT Log | Current | — | 1 | 2025-08-15T00:00:00 | DigiCert Inc |
tokens-staging.bottlerocket.tesla.com
|
CT Log | Current | — | 1 | 2025-08-07T00:00:00 | DigiCert Inc |
tracking.tesla.com
|
DNS | Current |
external-na-pop1.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
tripx-alpha.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 34 | 2026-01-29T00:00:00 | DigiCert Inc |
tripx.eng.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 22 | 2026-01-29T00:00:00 | DigiCert Inc |
tripx.eng.usw2.vn.cloud.tesla.com
|
CT Log | Current | — | 22 | 2026-01-29T00:00:00 | DigiCert Inc |
tripx.prd.euw1.vn.cloud.tesla.com
|
CT Log | Current | — | 3 | 2025-04-16T00:00:00 | DigiCert Inc |
tripx.prd.usw.vn.cloud.tesla.com
|
CT Log | Current | — | 4 | 2025-11-15T00:00:00 | DigiCert Inc |
tripx.prd.usw2.vn.cloud.tesla.com
|
CT Log | Current | — | 5 | 2025-03-19T00:00:00 | DigiCert Inc |
tripx.prd.vn.cloud.tesla.com
|
CT Log | Current | — | 9 | 2025-11-15T00:00:00 | DigiCert Inc |
tx.tesla.com
|
CT Log | Current | — | 12 | 2026-02-18T00:00:00 | DigiCert Inc |
ui.a.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
ui.b.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
ui.c.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
ui.d.smf11.tcs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
uploads.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
uploads.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
uploads.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
uploads.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
uploads.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
vdi.tesla.com
|
CT Log | Current | — | 1 | 2025-04-06T00:00:00 | DigiCert Inc |
vehicle-files.eng.euw1.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-04-24T00:00:00 | DigiCert Inc |
vehicle-files.eng.usw2.vn.cloud.tesla.com
|
CT Log | Current |
vehicle-files.eng.usw2.vn.cloud.tesla.com.edgekey.net
|
1 | 2025-04-24T00:00:00 | DigiCert Inc |
vehicle-files.prd.euw1.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-04-24T00:00:00 | DigiCert Inc |
vehicle-files.prd.usw2.vn.cloud.tesla.com
|
CT Log | Current | — | 1 | 2025-04-24T00:00:00 | DigiCert Inc |
veritas-staging.bottlerocket.tesla.com
|
CT Log | Current | — | 3 | 2025-08-12T00:00:00 | DigiCert Inc |
viewscreen.extgithub.tesla.com
|
CT Log | Current | — | 1 | 2025-10-01T00:00:00 | DigiCert Inc |
viewscreen.github-ap.tesla.com
|
CT Log | Current | — | 1 | 2026-01-29T00:00:00 | DigiCert Inc |
viewscreen.github-fw.tesla.com
|
CT Log | Current | — | 1 | 2026-01-16T00:00:00 | DigiCert Inc |
viewscreen.github-it.tesla.com
|
CT Log | Current | — | 1 | 2026-01-15T00:00:00 | DigiCert Inc |
viewscreen.github.tesla.com
|
CT Log | Current | — | 1 | 2026-02-19T00:00:00 | DigiCert Inc |
vms.iad06.tcs.tesla.com
|
CT Log | Current | — | 1 | 2025-05-12T00:00:00 | DigiCert Inc |
vms.smf13.tcs.tesla.com
|
CT Log | Current | — | 1 | 2025-05-12T00:00:00 | DigiCert Inc |
vpn2.tesla.com
|
DNS | Current | — | 10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
vrp-stg.tesla.com
|
CT Log | Current | — | 1 | 2025-12-02T00:00:00 | Tesla, Inc. |
warehouse.tesla.com
|
DNS | Current |
warehouse.tesla.com.edgekey.net
|
10 | 2025-05-23 | Tesla, Inc., DigiCert Inc |
wdm.kronos.tesla.com
|
CT Log | Current | — | 1 | 2025-12-10T00:00:00 | DigiCert Inc |
wim.kronos.tesla.com
|
CT Log | Current | — | 1 | 2025-12-10T00:00:00 | DigiCert Inc |
www.tesla.com
|
CT Log | Current | — | 3 | 2025-05-19T00:00:00 | DigiCert Inc |
x3-eng.obs.tesla.com
|
CT Log | Current | — | 1 | 2025-04-17T00:00:00 | DigiCert Inc |
x3-prod.obs.tesla.com
|
CT Log | Current |
x3-prod-geo.tesla.com.akadns.net
|
1 | 2025-04-17T00:00:00 | DigiCert Inc |
x3.obs.tesla.com
|
CT Log | Current | — | 1 | 2026-02-11T00:00:00 | DigiCert Inc |
Δ Changes Detected:
TXT
Resolver ≠ Authoritative (TTL / CDN rotation / recent change)
Risk: Low - typically resolves within TTL
DNS Intelligence
What does DNS look like right now — and what changed over time?
DNS Evidence Diff Side-by-side comparison
Resolver Records
(Public DNS cache)
Authoritative Records
(Source of truth)
A
Synchronized
10 / 10 records
2.18.50.207
2.18.54.207
2.18.55.207
2.18.50.207
2.18.48.207
2.18.51.207
2.18.54.207
2.18.53.207
23.7.244.207
23.7.244.207
2.18.52.207
2.18.48.207
2.18.51.207
2.18.52.207
2.18.53.207
2.18.55.207
2.18.49.207
23.40.100.207
23.40.100.207
2.18.49.207
AAAA
0 / 0 records
No records
No records
No records
No records
v=DMARC1; p=reject; pct=100; rua=mailto:n2ju30bc@ag.dmarcian.com; ruf=mailto:n2ju30bc@fr.dmarcian.com; fo=1
v=DMARC1; p=reject; pct=100; rua=mailto:n2ju30bc@ag.dmarcian.com; ruf=mailto:n2ju30bc@fr.dmarcian.com; fo=1
10 tesla-com.mail.protection.outlook.com.
10 tesla-com.mail.protection.outlook.com.
a10-67.akam.net.
a10-67.akam.net.
a1-12.akam.net.
a7-66.akam.net.
edns69.ultradns.com.
a1-12.akam.net.
a28-65.akam.net.
a9-67.akam.net.
a9-67.akam.net.
a28-65.akam.net.
a12-64.akam.net.
edns69.ultradns.com.
a7-66.akam.net.
a12-64.akam.net.
edns69.ultradns.com. domain.teslamotors.com. 2016025191 1800 86400 86400 86400
edns69.ultradns.com. domain.teslamotors.com. 2016025191 1800 86400 86400 86400
T0E0S29854
google-site-verification=Y7lbse5bSatjXaqSBOWXjsit4mOp9cQzfLDpnQUSZlg
traction-guest=b4f7ad59-bf17-4b3c-8b36-9c2d28f1de32
_i88zzpi9e3jr0xglot953efk0ui36y5
jamf-site-verification=u4x3LuqSfpoLn5nJ0zMd5g
teamviewer-sso-verification=2fc989f75b19494fab5eb0e2c22dd625
_f32sd18rpksw3zh1hgbhaulpv016hoh
SFMC-qkAv7SvlQaslp7NEALX8t68s_AZWOQB6ThKQS5l5
ms-domain-verification=e335cec9-0ff5-4a54-b8bc-8966a8d146db
_f32sd18rpksw3zh1hgbhaulpv016hoh
MS=ms22358213
onetrust-domain-verification=480735b10e124e23916192d7e4321902
onetrust-domain-verification=79a1328740f44bc48dd97ab52c0c3377
jamf-site-verification=u4x3LuqSfpoLn5nJ0zMd5g
apple-domain-verification=C9J7eOtEbm7Dqr88
—
bugcrowd-verification=40bd5dd89a6e4073ca9bc76feac3a47b
—
logmein-domain-confirmation=9zxwVn2buGWrLtU24J88
—
_quuerjb9mywulmdygnzgnt9awyzm15c
—
dell-technologies-domain-verification=tesla.com_c363f56d-9650-430a-82d3-04ac2257c64a_1756487968
—
cursor-domain-verification-6kgt2s=sxbxrRmk2tNjItWtmh1swmBM0
—
onetrust-domain-verification=480735b10e124e23916192d7e4321902
—
domain-verification=0f075f7f33bd0e577c0a56c5bb071f9eedadba45f32da11304913c6afd4b99c7
—
google-site-verification=Xg2DEUg2oCz1q9RMx8gh2htHK16_GG9cZXY_eyeSf6w
—
google-site-verification=Y7lbse5bSatjXaqSBOWXjsit4mOp9cQzfLDpnQUSZlg
—
55zNJIDU0xk94IfGJtL+Hh+wje5JzOS6GY+ntggZF908AUsx0LBKgr+Nln3CgZEUifxSuN09M05jYpdbd6+cpw==
—
v=spf1 ip4:54.240.84.225/32 ip4:54.240.84.226/31 ip4:54.240.84.228/30 ip4:54.240.84.232/29 ip4:54.240.84.240/29 ip4:54.240.84.248/30 ip4:54.240.84.252/32 ip4:44.239.249.139 ip4:52.24.70.112 ip4:34.223.204.78 ip4:213.244.145.203 ip4:213.244.145.219 ip4:213.244.145.204 ip4:213.244.145.220 ip4:8.47.24.203 ip4:8.47.24.219 ip4:8.47.24.204 ip4:8.47.24.220 ip4:8.45.124.203 ip4:8.45.124.219 ip4:8.45.124.204 ip4:8.45.124.220 ip4:8.21.14.203 ip4:8.21.14.219 ip4:8.21.14.204 ip4:8.21.14.220 ip4:8.21.14.194 ip4:8.21.14.211 ip4:212.49.145.0/24 ip4:91.103.52.0/22 ip4:168.245.123.10 ip4:216.81.144.165 ip4:149.72.247.52 ip4:149.72.134.64 ip4:149.72.152.236 ip4:149.72.163.58 ip4:149.72.172.170 ip4:167.89.90.62 ip4:158.228.129.79 ip4:216.81.144.165 ip4:117.50.14.178 ip4:117.50.35.199 ip4:54.240.42.110 ip4:54.240.42.111 ip4:199.71.239.178 ip4:67.216.183.10 ip4:8.43.178.222 ip4:64.95.144.196 ip4:199.71.239.52 include:u13494342.wl093.sendgrid.net include:spf.protection.outlook.com include:mail.zendesk.com include:_spfsn.teslamotors.com include:_spf.qualtrics.com include:_spf.ultipro.com include:_spf.psm.knowbe4.com include:spf1.sendcloud.org include:spf2.sendcloud.org -all
—
adobe-sign-verification=efb2da198047b7a154bd604d2721038b
—
logmein-verification-code=JFAnsPovogeJ4IeW5MXCU3r0C
—
_i88zzpi9e3jr0xglot953efk0ui36y5
—
SFMC-qkAv7SvlQaslp7NEALX8t68s_AZWOQB6ThKQS5l5
—
zapier-domain-verification-challenge=64e810e8-0fe1-4de0-b104-229592811c5b
—
ms-domain-verification=820e4be7-563e-4f52-b73a-5c9ecdd2fda4
—
docker-verification=74d1ec4e-a7a6-48a7-9568-9bd0faac833f
—
teamviewer-sso-verification=2fc989f75b19494fab5eb0e2c22dd625
—
atlassian-domain-verification=U31RjXDO5NBJROoOVpVEsKJ7daGpXuXPDF8HeqlmvXUKOtTao652TOMtejHrohKB
—
_w19nckjurfa4aldim48vtbrxsq1phnv
—
apple-domain-verification=CHZ8RLPKu4dlRxlaNa_nR9oA2MjZ1n2fiE9s0QlbRO8
—
adobe-idp-site-verification=321c026a-3a8c-4206-a1fa-391a59585c54
—
DNS History Timeline BETA
Your key is sent directly to SecurityTrails and is never stored on our servers. Get an API key
DNS History Timeline BETA
When was a record added, removed, or changed — and could that change be the problem?
Confirm Your Email Configuration
This tool analyzes DNS records, but to verify actual email delivery, send a test email to Red Sift Investigate. Their tool shows exactly how your emails arrive, including SPF/DKIM/DMARC pass/fail results in the headers.
DATA FRESHNESS & METHODOLOGY
All security-critical records (SPF, DMARC, DKIM, DANE/TLSA, DNSSEC, MTA-STS, TLS-RPT, BIMI, CAA) are queried live from authoritative nameservers and cross-referenced against 5 independent public DNS resolvers (Cloudflare, Google, Quad9, OpenDNS, DNS4EU) at the time of each analysis. No security verdict uses cached data.
Registrar data (RDAP) is cached for up to 24 hours because domain ownership and registration details change infrequently. Certificate Transparency logs (subdomain discovery via RFC 6962) are cached for 1 hour because CT entries are append-only historical records. Sections using cached data are marked with a CACHED badge; live queries show LIVE.
Intelligence Sources
This analysis used 4 DNS resolvers (consensus), reverse DNS (PTR), Team Cymru (ASN attribution), IANA RDAP (registrar), crt.sh (CT logs), and SMTP probing (transport). All using open-standard protocols.
Verify Report Integrity SHA-3-512 Has this report been altered since generation? Verify below
This cryptographic hash seals the analysis data, domain, timestamp, and tool version into a tamper-evident fingerprint. Any modification to the report data will produce a different hash. This is distinct from the posture hash (used for drift detection) — the integrity hash uniquely identifies this specific report instance.
182e06be2e73b1ba603c85572f426fe38f53ae8515810783d453cc0b5c1e82a4eac1176cac14edc6e7ed911305ff3b12a60e7174b11733b8c8bb5ded2788744b
Evaluations reference 12 RFCs. Methods are reproducible using the verification commands provided. Results reflect DNS state at 8 Mar 2026, 00:33 UTC.
Internet Archive — Permanent Record Wayback Machine Can this analysis be independently verified? Archived
This analysis has been automatically submitted to the Internet Archive's Wayback Machine, creating a tamper-proof, third-party-hosted snapshot of the DNS security posture at analysis time. This archived copy is independent of DNS Tool — it cannot be altered, deleted, or disputed. Combined with the SHA-3-512 integrity hash, this creates a legally defensible chain of evidence for domain security state.
Snapshot preserved at
https://web.archive.org/web/20260308003407/https://dnstool.it-help.tech/analysis/6406/view/E
Download the intelligence dump and verify its integrity, like you would a Kali ISO or any critical artifact. The SHA-3-512 checksum covers every byte of the download — deterministic serialization ensures identical hashes across downloads.
After downloading, verify with any of these commands:
Tip: cd ~/Downloads first (or wherever you saved the files).
OpenSSL + Sidecar (macOS, Linux, WSL)
cat dns-intelligence-tesla.com.json.sha3 && echo '---' && openssl dgst -sha3-512 dns-intelligence-tesla.com.json
Python 3 (cross-platform)
python3 -c "import hashlib; print(hashlib.sha3_512(open('dns-intelligence-tesla.com.json','rb').read()).hexdigest())"
sha3sum (coreutils 9+)
sha3sum -a 512 dns-intelligence-tesla.com.json
Compare the output against the
.sha3 file or the checksum API at /api/analysis/6406/checksum. Hash algorithm: SHA-3-512 (Keccak, NIST FIPS 202).
Every finding in this report is backed by DNS queries you can run yourself. These vetted one-liners reproduce the exact checks used to build this report for tesla.com. Our analysis adds multi-resolver consensus, RFC-based evaluation, and cross-referencing — but the underlying data is always independently verifiable. We are intelligence analysts, not gatekeepers.
DNS Records
Query A records (IPv4) RFC 1035
dig +noall +answer tesla.com A
Query AAAA records (IPv6) RFC 1035
dig +noall +answer tesla.com AAAA
Query MX records (mail servers) RFC 1035
dig +noall +answer tesla.com MX
Query NS records (nameservers) RFC 1035
dig +noall +answer tesla.com NS
Query TXT records RFC 1035
dig +noall +answer tesla.com TXTEmail Authentication
Check SPF record RFC 7208
dig +short tesla.com TXT | grep -i spf
Check DMARC policy RFC 7489
dig +short _dmarc.tesla.com TXT
Check DKIM key for selector 'mail' RFC 6376
dig +short mail._domainkey.tesla.com TXT
Check DKIM key for selector 'mimecast' RFC 6376
dig +short mimecast._domainkey.tesla.com TXT
Check DKIM key for selector 'mx' RFC 6376
dig +short mx._domainkey.tesla.com TXT
Check DKIM key for selector 's1' RFC 6376
dig +short s1._domainkey.tesla.com TXT
Check DKIM key for selector 's2' RFC 6376
dig +short s2._domainkey.tesla.com TXT
Check DKIM key for selector 'selector1' RFC 6376
dig +short selector1._domainkey.tesla.com TXTDomain Security
Check DNSSEC DNSKEY records RFC 4035
dig +dnssec +noall +answer tesla.com DNSKEY
Check DNSSEC DS records RFC 4035
dig +noall +answer tesla.com DS
Validate DNSSEC chain (requires DNSSEC-validating resolver) RFC 4035
dig +dnssec +cd tesla.com A @1.1.1.1Transport Security
Check TLSA record for tesla-com.mail.protection.outlook.com RFC 7672
dig +noall +answer _25._tcp.tesla-com.mail.protection.outlook.com TLSA
Verify TLS certificate on primary MX (tesla-com.mail.protection.outlook.com) RFC 6698
openssl s_client -starttls smtp -connect tesla-com.mail.protection.outlook.com:25 -servername tesla-com.mail.protection.outlook.com 2>/dev/null | openssl x509 -noout -subject -dates
Check MTA-STS DNS record RFC 8461
dig +short _mta-sts.tesla.com TXT
Fetch MTA-STS policy file RFC 8461
curl -sL https://mta-sts.tesla.com/.well-known/mta-sts.txt
Check TLS-RPT record RFC 8460
dig +short _smtp._tls.tesla.com TXTBrand & Trust
Check BIMI record BIMI Draft
dig +short default._bimi.tesla.com TXT
Check CAA records (certificate authority authorization) RFC 8659
dig +noall +answer tesla.com CAADNS Records
Check HTTPS/SVCB records RFC 9460
dig +noall +answer tesla.com HTTPSDomain Security
Check CDS/CDNSKEY automation records RFC 7344
dig +noall +answer tesla.com CDSInfrastructure Intelligence
RDAP domain registration lookup RFC 9083
curl -sL 'https://rdap.org/domain/tesla.com' | python3 -m json.tool | head -50Transport Security
Test STARTTLS on primary MX (tesla-com.mail.protection.outlook.com) RFC 3207
openssl s_client -starttls smtp -connect tesla-com.mail.protection.outlook.com:25 -servername tesla-com.mail.protection.outlook.com </dev/null 2>/dev/null | head -5Infrastructure Intelligence
Search Certificate Transparency logs RFC 6962
curl -s 'https://crt.sh/?q=%25.tesla.com&output=json' | python3 -c "import json,sys; [print(e['name_value']) for e in json.load(sys.stdin)]" | sort -u | head -20
Check security.txt RFC 9116
curl -sL https://tesla.com/.well-known/security.txt | head -20AI Surface
Check for llms.txt
curl -sI https://tesla.com/llms.txt | head -5
Check robots.txt for AI crawler rules
curl -s https://tesla.com/robots.txt | grep -i -E 'GPTBot|ChatGPT|Claude|Anthropic|Google-Extended|CCBot|PerplexityBot'Infrastructure Intelligence
ASN lookup for 2.18.50.207 (Team Cymru)
dig +short 207.50.18.2.origin.asn.cymru.com TXT
ASN lookup for 2.18.55.207 (Team Cymru)
dig +short 207.55.18.2.origin.asn.cymru.com TXT
Commands use
dig, openssl, and curl — standard tools available on macOS, Linux, and WSL. Results may vary slightly due to DNS propagation timing and resolver caching.
Intelligence Confidence Audit Engine
verified · 9/9 Evaluated
How confident are these results? Each protocol is independently verified against RFC standards. No self-awarded badges.
SPF
Verified
4874 runs
DKIM
Verified
4692 runs
DMARC
Verified
4857 runs
DANE/TLSA
Verified
4676 runs
DNSSEC
Verified
4855 runs
BIMI
Verified
4691 runs
MTA-STS
Verified
4694 runs
TLS-RPT
Verified
4696 runs
CAA
Verified
4688 runs
Maturity:
Development
→
Verified
→
Consistent
→
Gold
→
Gold Master
Appendix: Verification Commands
DNS Records
dig +noall +answer tesla.com Adig +noall +answer tesla.com AAAAdig +noall +answer tesla.com MXdig +noall +answer tesla.com NSdig +noall +answer tesla.com TXTEmail Authentication
dig +short tesla.com TXT | grep -i spfdig +short _dmarc.tesla.com TXTdig +short mail._domainkey.tesla.com TXTdig +short mimecast._domainkey.tesla.com TXTdig +short mx._domainkey.tesla.com TXTdig +short s1._domainkey.tesla.com TXTdig +short s2._domainkey.tesla.com TXTdig +short selector1._domainkey.tesla.com TXTDomain Security
dig +dnssec +noall +answer tesla.com DNSKEYdig +noall +answer tesla.com DSdig +dnssec +cd tesla.com A @1.1.1.1Transport Security
dig +noall +answer _25._tcp.tesla-com.mail.protection.outlook.com TLSAopenssl s_client -starttls smtp -connect tesla-com.mail.protection.outlook.com:25 -servername tesla-com.mail.protection.outlook.com 2>/dev/null | openssl x509 -noout -subject -datesdig +short _mta-sts.tesla.com TXTcurl -sL https://mta-sts.tesla.com/.well-known/mta-sts.txtdig +short _smtp._tls.tesla.com TXTBrand & Trust
dig +short default._bimi.tesla.com TXTdig +noall +answer tesla.com CAADNS Records
dig +noall +answer tesla.com HTTPSDomain Security
dig +noall +answer tesla.com CDSInfrastructure Intelligence
curl -sL 'https://rdap.org/domain/tesla.com' | python3 -m json.tool | head -50Transport Security
openssl s_client -starttls smtp -connect tesla-com.mail.protection.outlook.com:25 -servername tesla-com.mail.protection.outlook.com </dev/null 2>/dev/null | head -5Infrastructure Intelligence
curl -s 'https://crt.sh/?q=%25.tesla.com&output=json' | python3 -c "import json,sys; [print(e['name_value']) for e in json.load(sys.stdin)]" | sort -u | head -20curl -sL https://tesla.com/.well-known/security.txt | head -20AI Surface
curl -sI https://tesla.com/llms.txt | head -5curl -s https://tesla.com/robots.txt | grep -i -E 'GPTBot|ChatGPT|Claude|Anthropic|Google-Extended|CCBot|PerplexityBot'Infrastructure Intelligence
dig +short 207.50.18.2.origin.asn.cymru.com TXTdig +short 207.55.18.2.origin.asn.cymru.com TXT