home

tibia-tools.com

Ola Niewiadomsk

Domain Information

The domain tibia-tools.com registered by Ola Niewiadomsk was initially registered in July of 2014 through KEY-SYSTEMS GMBH. Currently this domain has been known to host various forms of malware. The hosted servers are located in Warsaw, Mazowieckie within Poland which resides on the RIPE Network Coordination Centre network.
Registrar:
KEY-SYSTEMS GMBH

Server location:
Mazowieckie, Poland (PL)

Create date:
Tuesday, July 29, 2014

Expires date:
Friday, July 29, 2016

Updated date:
Monday, October 12, 2015

ASN:
AS16276 OVH OVH SAS,FR

Whois:
1 tibia-tools.com record

Scanner detections:
Malware distribution  (100% detected)

Scan engine
Details
Detections

ESET NOD32
multiple threats, Win32/PSW.Tibia.NIC trojan, Win32/Injector.BUAP trojan
75.00%

F-Prot
W32/Tibia.S (exact, not disinfectable)
75.00%

McAfee
Trojan.PWSZbot-FAHG!5D318652FE8D, Trojan.Generic-FAUS!CD7CC4D9C389, Trojan.Artemis!AEF4261007F6
75.00%

Norman
Gen:Variant.Symmi.57134, Dropped:Trojan.GenericKD.1885163, Gen:Variant.Symmi.50584
75.00%

Microsoft Security Essentials
Threat.Undefined
75.00%

Emsisoft Anti-Malware
Dropped:Trojan.GenericKD.1885163, Gen:Variant.Symmi.50584
75.00%

Dr.Web
Trojan.Inject1.45128, - infected archive c:\users\test\appdata\local\temp\5e4b4fab4d88b4978124a60f3f2580c2861b380b modifi
50.00%

VIPRE Antivirus
Threat.4150696
25.00%

MicroWorld eScan
Dropped:Trojan.GenericKD.1885163
25.00%

nProtect
Dropped:Trojan.GenericKD.1885163
25.00%

Trend Micro House Call
TROJ_GE.D562E0F5
25.00%

avast!
Win32:Malware-gen
25.00%

Bitdefender
Dropped:Trojan.GenericKD.1885163
25.00%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
25.00%

Lavasoft Ad-Aware
Dropped:Trojan.GenericKD.1885163
25.00%

The domain tibia-tools.com has been seen to resolve to the following IP address.

87.98.239.16
cluster005.ovh.net
June 22, 2016

File downloads found at URLs served by tibia-tools.com.

6 / 68      (Malware)
http://tibia-tools.com/.../?f=Tibia TibiaAuto v10.73.exe  (bf908b621d4f200ceddda19454bc380c)

9 / 68      (Malware)
http://tibia-tools.com/.../?f=Tibia XenoBot v10.56.exe  (4f45869ef3ec6cf6e5d67ef690bee121)

19 / 68    (Malware)
http://tibia-tools.com/.../?f=Tibia NeoBot v10.56.exe  (6acfbfb965047e9812a0815478289fba)

6 / 68      (Malware)
http://tibia-tools.com/.../?f=Tibia Auto v10.74.exe  (d2dbd1e5487f45a78ff9fc9257073695)

The following 3 files have been seen to comunicate with tibia-tools.com in live environments.

TCP » 87.98.239.16:80
produpd.exe (produpd.exe by Vested Development, Inc)

TCP » 87.98.239.16:443
online-guardian.exe

TCP » 87.98.239.16:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

URL:
http://tibia-tools.com/

Google Analytics:
UA-10948521

Title:
“tibia-tools.com - Najlepsze darmowe boty i programy do Tibii”

Description:
“tibia-tools.com - najlepsze darmowe boty do tibi, mapy do tibi, boty, tibia auto, cave bot, lazy tool, pacc za darmo, auto exp, download boty, tibiabot windbot, update, darmowe boty, i wiele innych znajdziesz na naszej stronie, przezroczyste drze...”

Web server:
Apache (PHP/5.4.45)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.