# twcard.online — MALICIOUS

> twcard.online is a live credential theft domain recently detected. VirusTotal flags 5 of 95 vendors; scan now and block immediately to prevent exposure.

## Summary
PhishDestroy identifies twcard.online as a credential theft endpoint currently leveraging generic lures to harvest user credentials. The domain presents no affiliation with any recognized brand or service, suggesting a standalone phishing operation aimed at deceiving visitors into submitting login details under false pretenses. No crypto-drainer kit artifacts (e.g., MetaMask injectors, wallet address prompts) were observed in sandbox detonation, but captive portals mimicking legitimate login flows are present, indicating a straightforward but active credential harvesting campaign targeting unsuspecting users seeking promotional or service access.

Technical indicators tie twcard.online to elevated risk. VirusTotal’s aggregated telemetry shows a 5 out of 95 detection ratio among participating security vendors as of the latest scan window. The domain resolves to IP 206.251.50.128 and is registered through Global Domain Group LLC with a creation timestamp of March 07, 2026. A Let’s Encrypt SSL certificate is in use, increasing user trust while the site conducts illicit data collection. Google Safe Browsing has not yet flagged this domain as of this advisory, but open threat intelligence feeds and private sandbox detections place the current blocklist count at 7 independent sources, underscoring its emergent and unmitigated nature.

At this time, the domain remains active and unblocked by major browsers or enterprise filters, presenting an elevated window of opportunity for exploitation. Immediate containment actions include adding twcard.online and its resolved IP to DNS and firewall blocklists, disabling access via corporate proxy rules, and updating endpoint detection rules to alert on HTTP POST requests to the credential submission endpoint. While the credential theft mechanism is basic, its fresh registration and low VT coverage elevate both exposure and potential victim count. Remaining risk will persist until widespread blocking at the network edge is enforced and user awareness campaigns highlighting this domain are distributed.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-07 14:09:48
- Registrar: Global Domain Group LLC
- IP: 206.251.50.128

## Detection Status
- VirusTotal: 5 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/3df933ff-741d-480d-8ad5-c941177ca407
- PhishDestroy: https://phishdestroy.io/domain/twcard.online/
- LLM endpoint: https://phishdestroy.io/domain/twcard.online/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/twcard.online/
Last updated: 2026-03-30