[False Negative]: add 2 phishing domains (safepal[.]com[.]co, dashboard[.]www[.]safepal[.]com[.]co)

[ninjacatcher]

Executive Summary

This report documents 2 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.

The following 2 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):

safepal.com.co
dashboard.www.safepal.com.co

Threat Analysis

Phishing Attack Details

These domains are part of a phishing campaign targeting сompanies and cryptocurrency holders/investors. The attackers use fake login pages and tampered software to steal seeds/keys.

Technical Details

• Use Cloudflare (maybe Pro or Business) accounts.
• No sophisticated cloaking detected.

Detections

• safepal.com.co - 0 detections - https://www.virustotal.com/gui/domain/safepal.com.co/detection
• dashboard.www.safepal.com.co - 0 detections - https://www.virustotal.com/gui/domain/dashboard.www.safepal.com.co/detection

Targeted Brands

• safepal.com.co - SafePal (safepal.com)

Temporal Information

• Date of Identification and Submission: 2025-07-18 09:11 UTC
• Estimated Campaign Activity Start: Approximately 7-14 days prior to detection

Screenshots

(If screenshots are not displayed, see the scans pages)

Screenshots

Scans

• safepal.com.co - https://urlscan.io/result/01981cc4-24c1-761f-8547-cdcbab5b8565/
• dashboard.www.safepal.com.co - https://urlscan.io/result/01981cc4-24c1-761f-8547-cdcbab5b8565/