# twezy.info — MALICIOUS

> twezy.info was flagged as a high-risk phishing site offering fake Robux. Stay alert and avoid visiting this domain to protect your info.

## Summary
PhishDestroy identifies twezy.info as a high-risk phishing domain that posed a threat by mimicking offers for free Robux, a popular virtual currency for gaming platforms. Such schemes can trick users into revealing personal details or login credentials, putting their accounts and sensitive information at risk. Although the domain is currently offline, the potential harm it could have caused remains significant due to its malicious intent.

This phishing operation worked by presenting users with a webpage titled "Add Robux," attempting to lure gamers with promises of free virtual currency. The site resolved to an IP address known to be associated with suspicious activity and was registered through Gandi SAS in early March 2026. VirusTotal scans indicated that 17 out of 95 security providers recognized the domain as malicious, and it appeared on at least one security blocklist, reinforcing its dangerous reputation.

If you have accessed twezy.info, it is crucial to immediately change any passwords entered on the site and enable multi-factor authentication on your accounts. Monitor your accounts for unusual activity and consider running a comprehensive security scan on your devices. Always be cautious about offers that seem too good to be true, especially involving digital currencies or gaming perks, and verify domains before interacting with them to ensure your safety online.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 0)
- Page title: Add Robux

## Domain Intelligence
- Registered: 2026-03-06 13:07:01
- Registrar: Gandi SAS
- Country: FR
- IP: 91.218.49.169
- IP Country: UA
- IP City: Kyiv
- IP Org: AS6698 Virtual Systems LLC
- Nameservers: ["jill.theonionhost.com", "ray.theonionhost.com"]
- SSL Issuer: none

## Detection Status
- VirusTotal: 17 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "DNS8", "Emsisoft", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Gridinsoft", "Kaspersky", "Lionic", "Netcraft", "OpenPhish", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 1 hits
  Lists: ["PhishDestroy"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019cc312-bc24-77a8-8c34-30cb6b6270aa.png
- Cloudflare Radar: https://radar.cloudflare.com/domains/twezy.info
- Wayback Machine: https://web.archive.org/web/https://twezy.info
- PhishDestroy: https://phishdestroy.io/domain/twezy.info/
- LLM endpoint: https://phishdestroy.io/domain/twezy.info/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/twezy.info/
Last updated: 2026-03-19