# twpay.app — SUSPICIOUS

> twpay.app hosts a crypto drainer phishing site, flagged by PhishDestroy with 0/95 VirusTotal detections.

## Summary
PhishDestroy identifies twpay.app as a live cryptocurrency drainer scam currently under active review. This domain mimics legitimate payment portals to trick users into connecting fraudulent wallets and surrendering digital assets. The site resolves to IP 172.67.172.39 and leverages a recently issued Let's Encrypt SSL certificate, giving it a false veneer of legitimacy. Attackers commonly register look‑alike domains days or weeks before launching campaigns, so early detection is critical for wallet safety.  This domain was flagged by PhishDestroy with zero VirusTotal detections out of 95 engines as of seed 6de418, indicating it remains under the radar while actively phishing. Registration records show twpay.app was created on March 23, 2026, through NICENIC INTERNATIONAL GROUP CO., LIMITED, a registrar known for bulk and privacy‑protected registrations that can obscure true ownership. The combination of a brand‑new domain, low detection coverage, and a generic payment theme creates a perfect storm for unsuspecting cryptocurrency users.  If you visited twpay.app, immediately disconnect your wallet, revoke any connected contracts through your wallet’s interface, and scan your device with updated antivirus software. Never enter seed phrases, private keys, or wallet passwords on any site claiming to be a payment portal. Report the domain to your wallet provider and file an incident with local cybercrime units. Always verify URLs via official project channels before interacting with crypto payment interfaces.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2026-03-23 18:26:51
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 172.67.172.39

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/e504ce07-b3fc-41ed-9e1b-dc4ae72b89f6
- PhishDestroy: https://phishdestroy.io/domain/twpay.app/
- LLM endpoint: https://phishdestroy.io/domain/twpay.app/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/twpay.app/
Last updated: 2026-03-27