CONTINUOUS INTERNET TELEMETRY24H DRIFT667 material changesacross 586 domains · +213 vs yesterdayDNS DRIFT14 domains changed DNS providertop destination seizedservers.com · +10 vs yesterdayEMAIL DRIFT2 domains switched email providertop destination outlook.comNOW2,415 curated domains not answering+200 vs yesterdayERRORS9,342 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED2,531 throttled or blocked our scanner429 rate-limit / 403 bot-block24H DRIFT667 material changesacross 586 domains · +213 vs yesterdayDNS DRIFT14 domains changed DNS providertop destination seizedservers.com · +10 vs yesterdayEMAIL DRIFT2 domains switched email providertop destination outlook.comNOW2,415 curated domains not answering+200 vs yesterdayERRORS9,342 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED2,531 throttled or blocked our scanner429 rate-limit / 403 bot-block

tibia.com

Observed 2026-07-16T20:17:53.401Z (8h ago). Every field below was attested with an Ed25519 signature at scan time.

Not responding
Runs onAmazon
Registered withMesh Digital Limited
Also usesGoogle Search Console
2 subdomains · tranco_20k
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat tibia.com actually stands on - every host below is a signed observation
tibia.com
A / AAAA
3.5.122.1123.5.135.2123.5.138.113.5.138.21+4 more
Amazonserves the site
NS
ns-281.awsdns-35.comns-549.awsdns-04.netns-1479.awsdns-56.orgns-1731.awsdns-24.co.uk
awsdns-35.com + awsdns-04.net + moreanswers its DNS
MX
mx01.hornetsecurity.commx04.hornetsecurity.commx03.hornetsecurity.commx02.hornetsecurity.com
hornetsecurity.comreceives its email

HTTPS probe

timeout No response within the timeout Connection timed out - no response within 3s
HTTP status0
Servernot observed
TLS protocolnot observed
TLS issuernot observed
Behind Cloudflareno
Response time6200 ms
DNS resolutionNOERROR

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 8

  • 3.5.122.112
  • 3.5.135.212
  • 3.5.138.11
  • 3.5.138.21
  • 52.219.75.90
  • 52.219.169.44
  • 3.5.137.126
  • 52.219.171.4

MX 4

  • 10mx01.hornetsecurity.com
  • 40mx04.hornetsecurity.com
  • 30mx03.hornetsecurity.com
  • 20mx02.hornetsecurity.com

TXT 4

  • v=spf1 redirect=cipsoft.com
  • google-site-verification=EOaq7oh7qcdRZVTB5o0kS0xXPtmETTSKuUB8wgZeRoc
  • v=DMARC1; p=none; rua=mailto:postmaster@tibia.com;
  • v=DKIM1; (detected)

NS 4

  • ns-281.awsdns-35.com
  • ns-549.awsdns-04.net
  • ns-1479.awsdns-56.org
  • ns-1731.awsdns-24.co.uk

SOA 1

  • ns-281.awsdns-35.com awsdns-hostmaster.amazon.com

CAA 7

  • iodef mailto:techsupport@cipsoft.com
  • issuewild ssl.com
  • issuewild letsencrypt.org
  • issue letsencrypt.org
  • issue amazon.com
  • issue digicert.com
  • issue ssl.com

TLS Certificates (0)

None.

Subdomains (2)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for tibia.com. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for tibia.com <a href="https://domaindrift.io/t/tibia.com"> <img src="https://domaindrift.io/badge/tibia.com.svg" width="300" height="64" alt="DomainDrift signed observations for tibia.com"> </a>

Ed25519 Receipt

Receipt ID
73e4cf17-dea3-40c2-8b02-16057361d26c
Output Hash
5b9e03239fd5de4e42b2309d2681715d71a5f1ce17524b5d8649d5b8c1e2cb7f
Signature
ed25519:4b30d9f87d0b4a9bc4ac3e83cd8c8478ce7ed71e1175008b4b78e232a6652b4136e1f3f8d7fdbcfca8de7f8bb61e5cdfee7c5c14eea9ffc07942a1f9ac202e0f
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser