Most server owners check a price before they check a domain. That's backwards. Thirty seconds of URL literacy is the only thing standing between you and a fake storefront that takes your money and hands you a ZIP full of leaked scripts — or nothing at all.
The FiveM asset market has a clone problem. Bad actors register lookalike domains, dress them up with a product grid, and wait. The tells are in the URL itself, every time. This guide breaks a store URL apart component by component so you know exactly where to look and what has to be there.
The Four Parts of Any Store URL
Take a representative URL and label it:
https://scripts-tebex.io/product/esx-police-job
scheme subdomain + registrable domain + TLD pathEvery part has a job. Scammers exploit the parts you probably glance past.
Scheme (https://) — This just tells your browser to use an encrypted connection. A padlock or https is necessary but nowhere near sufficient. Scam sites have SSL certificates too; you can get one free in two minutes. Never treat https as a trust signal on its own.
Subdomain (the bit before the first dot) — Anyone who owns any domain can create unlimited subdomains at zero cost. If a store's domain is fakeshop.com, the owner can make tebex.fakeshop.com in about ten seconds. The subdomain is completely uncontrolled by Tebex.
Registrable domain (tebex.io) — This is the piece a registrar sold to somebody. It is the only part of a URL that requires paying a registrar, going through ICANN rules, and proving you own the string. This is where trust is anchored.
TLD (.io) — The extension is part of the registrable domain. tebex.io and tebex.com are owned by two entirely different entities and have nothing to do with each other.
Path (everything after the first single slash) — A path can say anything. A scammer can register fraud.com and send you to fraud.com/tebex.io/store/ and the path is meaningless for trust.
The Only Check That Matters
The registrable domain must contain tebex.io. Nothing else. Not .com, not .store, not .net. The .io extension is part of what makes it specific — tebex.io as a whole unit is what Tebex registered. That unit has to sit immediately before the first single forward-slash in the URL.
Here is how to find it mechanically: strip the scheme, read left to right, find the first slash — everything before that slash is the host. Take the last two dot-separated segments of the host. That is your registrable domain. It must read tebex.io.
Right vs. Wrong: Worked Examples
Domains that pass (registrable domain is tebex.io):
scripts-tebex.io— registrable domaintebex.io— trustedcars-tebex.io— registrable domaintebex.io— trustedassets-tebex.io— registrable domaintebex.io— trusted
Domains that fail, and why:
tebex.store— wrong TLD, registrable domain istebex.storetebex.com— wrong TLD, registrable domain istebex.comtebex.io.shop.com— heretebex.iois only a subdomain; the real domain isshop.comtebax.io— typosquat, a different string entirelytebexstore.io— different string, nottebex.iostore.tebex.fakeshop.com—tebexis just a subdomain; the real domain isfakeshop.com
The middle entries are the tricks that catch people. A scammer can register tebex.io.scamhost.com and your eye slides over tebex.io and your brain registers "trusted." It isn't. The registrable domain is scamhost.com.
How Scammers Abuse Each Part
Subdomain abuse is the most common. They own legit-sounding-fivem.com and put tebex.scripts.legit-sounding-fivem.com in their Discord. The tebex.scripts part is just a subdomain they invented for free in their DNS panel.
Path abuse is less common but exists: fakestore.io/tebex.io/packages — the entire tebex.io/packages string is a path segment. It controls nothing.
TLD switching is straightforward typosquatting. tebex.store and tebex.com look close enough that a quick Discord message with a link gets clicks. Neither is owned by Tebex.
Character substitution produces domains like tebax.io (a for e), tebcx.io, or t3bex.io. Some of these have run real storefronts. The swap is one character and your eyes fill it in automatically when reading fast.
The 10-Second Check Before You Pay
- Hover over the buy button or copy the URL before clicking.
- Strip the
https://and everything from the first/onward. - Look at what remains. It should end in
tebex.iowith nothing after it except a dot-separated subdomain prefix. - If anything other than
tebex.iois the last two segments, close the tab.
Stores like scripts-tebex.io, cars-tebex.io, and assets-tebex.io all pass this check — the registrable domain in every case is exactly tebex.io, which means Tebex's infrastructure is handling the transaction, not some third party running off with your card details.
Why This Matters More Than a Padlock
The HTTPS padlock verifies that your connection to the server is encrypted. It says nothing about who owns the server. A scam site with a valid SSL cert and a convincing design gives you a green padlock and an empty Discord DM three days later. Domain verification is the layer the padlock cannot give you.
Read the registrable domain. If it contains tebex.io, you're on Tebex infrastructure. If it doesn't, you're trusting a stranger with your money. That's the whole framework. Two segments, before the first slash, must read tebex.io — everything else is noise.
