MalwareTips
Security Review

Is tursowhats.netlify.app legit or a scam?

Our verdict:Suspicious· 45/100

A brand-new, anonymous chat application that requests sensitive Turso database credentials and API tokens from users.

Top reasons
Domain is less than 24 hours old with no established reputation.Requests sensitive API tokens and database credentials from users.Anonymous operator with no linked business or social media presence.
tursowhats.netlify.appScanned 2h ago
Post Facebook
0
Trust score
SUSPICIOUS
Heuristics 52·MT 40
Category tags
unknown75% MT confidence
Technical red flags (1)
Domain is 0 days old

These checks passed — but they don't clear the site. A clean antivirus result, valid SSL, and a calm server only mean it isn't hosting malware; they say nothing about whether the business is real. This verdict is based on the site's conduct and content, not a malware detection.

View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
0 days old
Registration date unknown
MT Intelligence
Suspicious
Moderate likelihood · 75% confidence
SUSPICIOUS

Warning signs detected

Domain was registered only 0 days ago — brand-new sites are higher-risk by default. Several risk indicators suggest caution. This site might be legitimate — but treat it as unverified until you can independently confirm.

Website Preview

Screenshot of tursowhats.netlify.app
LIVE RENDER
tursowhats.netlify.app
1Form requesting Turso database URL and authentication token

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site. See full visual analysis →

Visual Screenshot Analysis

We capture a fresh screenshot of the live page and ask a vision model to look for scam visual patterns — fake trust badges, countdown timers, overlay pop-ups, and visual clones of legitimate brands.

30
/ 100
Moderate visual risk

Visual red flags detected in the screenshot

The page appears to be a setup portal for a private chat application requiring third-party database credentials; while not inherently a scam, it asks for sensitive API tokens which could be harvested if the site is not trusted.

Visual risk30/100

What our vision model saw

4 signals

Form requesting Turso database URL and authentication token

Claims messages are AES-256 encrypted before being sent to Turso

Minimalist UI for a 'Personal Chat' application setup

No visible branding or company information beyond the Turso service reference

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Moderate scam likelihoodengineMT · Guardiantrust40/100
MT AgentLive web researchVisual inspection
0%
Confidence
The domain was created less than 24 hours ago on a free hosting platform, which is a common pattern for both experimental projects and credential-harvesting sites. The page asks for a Turso Database URL and Auth Token, which are highly sensitive credentials that could allow an attacker to access or delete your data if the site is malicious. There is no information about who created the tool or how the data is handled beyond a text claim of encryption. Our antivirus network currently shows no detections, but the extreme youth of the site means it has not yet been vetted by the security community. We have flagged this as suspicious because entering API keys into an unverified, anonymous website is a high-risk activity.
Full dossier
Analysis complete

Page Content

The site presents a minimalist 'Personal Chat' interface. It functions as a setup portal where users are prompted to provide their Turso DB URL and Auth Token to initialize a private chat or note-taking session. It claims to use AES-256 encryption and local browser storage, but these claims cannot be verified without a code audit.

Infrastructure

The application is hosted as a subdomain on Netlify, a popular platform for static sites and serverless functions. It uses a valid SSL certificate from DigiCert. The hosting IP has a low abuse score with only a few historical reports, which is typical for shared cloud infrastructure.

Domain History

The domain tursowhats.netlify.app has no historical record and was first seen by our crawler today. There is no business registration, contact information, or developer profile associated with the deployment.

Web Reputation

Because the site is brand new, it has no ranking in global traffic indexes and no presence on independent review aggregators. There are currently no scam reports, but there are also no positive testimonials or developer documentation to establish trust.
Risk Factors
5
  • Domain is less than 24 hours old with no established reputation.
  • Requests sensitive API tokens and database credentials from users.
  • Anonymous operator with no linked business or social media presence.
  • Hosted on a free subdomain (netlify.app) often used for temporary or malicious deployments.
  • No privacy policy or terms of service explaining how sensitive tokens are handled.
Positive Signals
3
  • Currently clean across 92 antivirus engines in our network.
  • Uses a valid SSL certificate for encrypted communication.
  • No immediate signs of brand impersonation or phishing clones.
AI Recommendation
Do not enter your Turso API tokens or database credentials into this site unless you personally know the developer. If you have already used the site, we recommend rotating your Turso Auth Tokens immediately.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for tursowhats.netlify.app, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Domain age
0 days
Brand-new domains are higher-risk by default.
Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Key findings
7 headline facts from open-web research
  • Domain tursowhats.netlify.app was registered or deployed 0 days ago, making it a brand new site with no established history
  • Page title is "Personal Chat"; content describes a one-time PIN setup for AES-256 encrypted chat/notes saved to a Turso database (libSQL/SQLite edge database service)
  • UI includes PIN confirmation, "Save & Open Chat" button, empty state with "No entries yet", "Type anything below — it'll be saved! (Ctrl+Enter)", status "Personal Chat 🟢 0 entries · Connected to Turso", and browser-local storage of DB URL/
  • No external links, visible scripts, forms for personal data collection, or references to WhatsApp, support, airdrops, or crypto in the page content
  • Extensive web searches for the exact domain, "tursowhats", and combinations with scam/phishing/Whatsapp returned zero mentions, complaints, or reviews
  • Netlify subdomains are commonly used for quick personal/project deployments (including Turso-related demos and chat parsers), but new/unknown ones carry inherent risk until vetted
  • Turso is a legitimate open-source/edge database product from Turso.tech; the name "tursowhats" appears to be a portmanteau referencing Turso + WhatsApp-style chat
Research summary
Narrative write-up from our AI analyst, grounded on the facts above
Our research into tursowhats.netlify.app confirms it is a brand-new deployment with no history of complaints or positive reviews. No business registration exists for this entity. The site appears to be a niche tool for users of the Turso database service, but its anonymity and recent creation make it impossible to verify the developer's intent.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious60Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Contact Verification

We fetched the page and looked for real-world contact details. Legitimate businesses almost always publish an email on their own domain, a phone number, and a postal address. Scam shops usually don't.

What We Found
No clear contact details on the page
Emails on site's domainNone
Phone numbersNone
Postal addressNot listed
Linked social profiles0
Signal Summary
Several contact red flags
  • No contact email found anywhere on the page.
  • No phone number listed on the page.
  • No postal address visible on the page.

Domain & Encryption

Domain History
Age0 days old
RegistrarHidden
RegisteredUnknown
ExpiresUnknown
Owner privacyVisible
Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerDigiCert Inc · DigiCert Global G2 TLS RSA SHA256 2020 CA1
ExpiresMar 19, 2027 (273d)
Self-signedNo
Hosting & Technology
HostingAmazon Technologies Inc.
Server locationUS
Web serverNetlify

Redirect Chain

Hops
1
Cross-domain
No
Lookalike
No
Punycode
No
  • 1301http://tursowhats.netlify.app/
  • 2200https://tursowhats.netlify.app/

Server Reputation

Abuse Intelligence
Confidence score11%
Reports on file3
ISPAmazon Technologies Inc.
Usage typeContent Delivery Network

Proceed with caution

Our automated review flagged enough risk that you should treat this site as unverified.

  • Treat tursowhats.netlify.app as unverified

    Do not enter credentials or send money until you have independently verified the business.

  • Verify the business through independent channels

    Check the company's social profiles, registry records, and search for recent news or reviews that are not hosted on the site itself.

  • Never use irreversible payment methods

    Crypto, gift cards, wire transfers, and cash apps offer zero buyer protection. Use a credit card or PayPal if you must pay.

  • Share your experience

    If you have additional context, drop a comment below or post on the MalwareTips forum.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review marked tursowhats.netlify.app as suspicious. Several warning signs were detected; it may still turn out legitimate, but you should verify it through independent channels before trusting it with money or credentials.
  • tursowhats.netlify.app currently scores 45/100 on our trust scale. We found enough warning signals to recommend caution. Verify the site through independent channels before entering credentials or money.
  • Yes. tursowhats.netlify.app presents a valid TLSv1.3 certificate issued by DigiCert Inc · DigiCert Global G2 TLS RSA SHA256 2020 CA1, expiring in 273 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • tursowhats.netlify.app is 0 days old. Scam domains are often freshly registered — a site under 6 months old warrants extra caution.
  • No. All 92 antivirus engines in our malware network report tursowhats.netlify.app as clean.
  • No. tursowhats.netlify.app is not currently listed on the major browser blocklist feeds that modern browsers use.
  • tursowhats.netlify.app resolves to an IP operated by Amazon Technologies Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 19, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around tursowhats.netlify.app have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·tursowhats.netlify.app
SUSPICIOUS

This is a newly deployed personal chat tool that requires users to enter sensitive database credentials to function. While it may be a legitimate developer project, the lack of identity and the request for API tokens on a brand-new domain pose a significant security risk.

Do not enter your Turso API tokens or database credentials into this site unless you personally know the developer. If you have already used the site, we recommend rotating your Turso Auth Tokens immediately.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Suspicious reports

Browse all reports
Suspicioustrust41
c-bt.com
1m ago
Read the review
Suspicioustrust54
anistream.to
1m ago
Read the review
Suspicioustrust53
ziperto.com
2m ago
Read the review
Suspicioustrust58
app.ytdown.to
50m ago
Read the review
Suspicioustrust55
cocoflix.com
59m ago
Read the review
Suspicioustrust41
sanjeettiwari539-cmd.github.io
1h ago
Read the review
Suspicioustrust63
five-nights-at-freddys-sister-location.en.softonic.com
1h ago
Read the review
Suspicioustrust49
onepace.co
1h ago
Read the review
Suspicioustrust58
benelova.com
1h ago
Read the review
Suspicioustrust53
doctorsondemand.co.uk
2h ago
Read the review
Suspicioustrust46
cinehub.one
2h ago
Read the review
Suspicioustrust51
pchelpsoft.com
2h ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.