# app.twcard.pro — SUSPICIOUS

> Investigating app.twcard.pro as a crypto drainer phishing domain with 1/95 VirusTotal detections. Immediate blocking and user warnings advised.

## Summary
PhishDestroy identifies app.twcard.pro as an active crypto drainer phishing domain posing an elevated risk to cryptocurrency users. This domain employs social engineering tactics to trick victims into connecting their wallets and authorizing malicious transactions, resulting in irreversible fund losses. The infrastructure leverages deceptive branding and urgency-based prompts to bypass user skepticism, making it particularly hazardous in decentralized finance ecosystems where transaction approvals are often irreversible.

Technical analysis reveals this domain (app.twcard.pro) resolves to IP address 91.219.238.195 and operates under an SSL certificate issued by Let's Encrypt, providing a false sense of legitimacy. VirusTotal analysis shows only 1 out of 95 security vendors currently flag this domain, indicating minimal detection coverage despite active malicious operations. Historical WHOIS data suggests recent domain registration, though exact creation timestamps remain obscured through privacy protection services. The absence of widespread blocklisting suggests this threat may be newly emerged or deliberately obfuscated.

Organizations should immediately block both the domain and IP address at network perimeter defenses while updating endpoint protection systems with specific indicators. Users must be warned against interacting with any 'twcard' branded services outside official channels, particularly those requesting wallet connections. Financial institutions should monitor for transaction patterns involving this infrastructure and implement wallet address screening for known malicious addresses. Immediate incident response should include revoking any unauthorized wallet approvals and conducting forensics on affected systems to identify potential lateral movement vectors.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registrar: REGISTRAR_NOT_FOUND
- IP: 91.219.238.195

## Detection Status
- VirusTotal: 1 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/087350e5-623f-4ba4-adb6-07b5ec0cd714
- PhishDestroy: https://phishdestroy.io/domain/app.twcard.pro/
- LLM endpoint: https://phishdestroy.io/domain/app.twcard.pro/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/app.twcard.pro/
Last updated: 2026-03-31