The FiveM Trust Chain: How Cfx.re, Tebex and a tebex.io Domain Fit Together
The FiveM Trust Chain: How Cfx.re, Tebex and a tebex.io Domain Fit Together
Every week someone in a FiveM Discord posts a screenshot of a store that sold them a leaked script, a backdoored resource, or simply nothing at all. The domain looked plausible. The prices were reasonable. The product pages had screenshots. The tell they missed was simple: the domain contained no reference to tebex.io. That one omission breaks every layer of protection the ecosystem has built for buyers.
Recommended FiveM scripts for your server
Why There Is a Chain at All
FiveM is not a casual mod loader. Cfx.re built a platform: server licensing through Keymaster, asset delivery through escrow, and a sanctioned monetization layer through Tebex. Each piece exists because the raw alternative — anonymous file transfers, PayPal friends-and-family payments, Discord DMs — left buyers with no recourse and developers with no protection. The chain closes those gaps systematically.
Understanding the three links in that chain gives you a fast way to evaluate any store before you hand over payment details.
Link One: Cfx.re and Keymaster
Your Cfx.re account is the root of your identity as a FiveM server operator. Keymaster sits inside it: it’s where your server license lives, where your granted assets appear, and where the escrow system checks ownership every time your server starts. When you buy an escrowed resource legitimately, Cfx.re writes a grant against your Keymaster account. The resource’s encrypted files phone home to that grant on each server boot — no grant, no load.
This is not optional infrastructure. Cfx.re built the escrow specification, and Tebex integrates directly with the Keymaster API to deliver grants automatically on purchase completion. No other payment processor or storefront has access to that API. A store operating outside this integration cannot deliver a properly escrowed asset — it can only deliver raw, unprotected files or outright stolen ones.
Link Two: Tebex as the Sanctioned Payment and Fulfilment Layer
Tebex is the exclusive monetization platform permitted under the Cfx.re Platform License Agreement. Using any other payment method to sell FiveM resources is a ToS violation — for the seller, not just an inconvenience for you. That matters because it means every legitimate developer who wants Keymaster escrow delivery, Cfx.re seller approval, and continued access to the platform must route through Tebex.
Tebex requires identity verification (ID check via Onfido) before a store goes live. It enforces an Acceptable Use Policy and reviews stores before approving them for sale. When a purchase completes, Tebex calls the Cfx.re API and the grant lands in your Keymaster portal automatically — you do not receive a download link or a zip file. That direct API handoff is what separates a legitimate transaction from a resale or leak.
A store collecting payment through Stripe embeds, crypto wallets, or “direct transfer” and then emailing you a zip is not using Tebex fulfilment. The escrow chain is broken at this link regardless of what the product page claims.
Link Three: The tebex.io Domain
When a developer creates a Tebex store, Tebex gives them a free subdomain on tebex.io — something like yourstore.tebex.io. They can optionally point a custom domain at it, but the underlying store is still hosted and served by Tebex’s infrastructure. The tebex.io subdomain is the outward-facing confirmation that the store exists inside Tebex’s system.
A store on a custom domain — fivemscripts.store, cfxassets.com, some variation with “tebax” or “tebix” instead of “tebex” — may or may not be a Tebex store at all. You have no way to verify from the URL alone. Some lookalike domains are outright scams. Others are legitimate resellers operating outside the platform rules. Either way, you cannot confirm Tebex fulfilment just from looking at the page.
When the domain contains tebex.io — as a subdomain like store.tebex.io, or as part of a domain like scripts-tebex.io — you can verify that relationship. Stores like scripts-tebex.io, marketplace-tebex.io, and official-tebex.io make the Tebex connection visible in the address bar. That is the chain completing itself at the point you can actually check before clicking Pay.
What a Broken Chain Looks Like in Practice
You see a script advertised on Reddit. The store is at cfxmods-scripts.store. The product page shows a preview video, lists ESX and QBCore compatibility, and quotes a resmon of 0.02ms. You buy it. What arrives?
- A zip file containing raw Lua — no Keymaster grant, no escrow, no update delivery mechanism.
- Possibly a leaked copy of a legitimate paid script, stripped of its encryption.
- Possibly a modified copy with a
TriggerServerEventhidden in a comment block that phones home or opens a remote execution surface on your server. - No Tebex dispute process, because the transaction never went through Tebex.
- No Cfx.re support escalation, because the store has no Cfx.re seller relationship.
The missing tebex.io in the domain was the first signal. Everything downstream of that purchase — the files, the support, the security — was unverifiable because the chain was broken before you paid.
How to Check Before You Buy
This takes under ten seconds. Look at the browser address bar on the store page. Ask: does the domain contain tebex.io? If yes, you have a starting point for trust — the store exists inside Tebex’s infrastructure, the seller passed Tebex’s ID verification, and purchases route through the Tebex/Keymaster API. If no, you have no fast way to confirm any part of that chain is intact, and you should investigate further before paying.
Secondary checks once you confirm the domain: look for a Cfx.re asset grant (not a zip download) in the product description, check whether the store has any Cfx.re forum thread tied to it, and verify the seller account is active and not newly created. But the domain is the gate. It is the fastest signal the whole chain is in place, and it costs you nothing to check.
The Broader Pattern: Why Scammers Can’t Fake This
Typosquatters register domains like tebax.io, tebex.store, or tebexio.net because they cannot register anything.tebex.io — Tebex controls that subdomain namespace. They also cannot fake a Cfx.re Keymaster grant without a real Tebex seller account, and they cannot get a real Tebex seller account without passing identity verification and store review. The combination of domain, platform access, and API integration is hard to fake precisely because it is not a single thing — it is a chain, and every link has to hold.
That is why the domain check works. It is not foolproof on its own — a real Tebex store can still sell a bad product. But a store without tebex.io in the domain has already failed the most basic external test of platform membership. Start there, and you eliminate the vast majority of the risk before your payment details go anywhere.
Upgrade your server — shop our FiveM scripts
Free Scripts on Tebex
