hosts icon indicating copy to clipboard operation
hosts copied to clipboard
verified publisher icon StevenBlack

[False Negative]: add 5 phishing domains (thetrust-wal-et[.]com, sf-epal[.]com, ...)

Open ninjacatcher opened this issue 4 months ago • 0 comments

Executive Summary

This report documents 5 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.

The following 5 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):

thetrust-wal-et.com
sf-epal.com
trustsafpal.com
ldgerw-allet.com
trezrwa-let.com

Threat Analysis

Phishing Attack Details

These domains are part of a phishing campaign targeting сompanies and cryptocurrency holders/investors. The attackers use fake login pages and tampered software to steal seeds/keys.

Technical Details

  • Use Cloudflare (maybe Pro or Business) accounts.
  • Cloaked, if the request does not comply with the rules, redirect to a non-existent subdomain "www.www." (in most cases)

Detections

  • thetrust-wal-et.com - 1 detections - https://www.virustotal.com/gui/domain/thetrust-wal-et.com/detection
  • sf-epal.com - 10 detections - https://www.virustotal.com/gui/domain/sf-epal.com/detection
  • trustsafpal.com - 5 detections - https://www.virustotal.com/gui/domain/trustsafpal.com/detection
  • ldgerw-allet.com - 10 detections - https://www.virustotal.com/gui/domain/ldgerw-allet.com/detection
  • trezrwa-let.com - 0 detections - https://www.virustotal.com/gui/domain/trezrwa-let.com/detection

Targeted Brands

  • thetrust-wal-et.com - Trust Wallet (trustwallet.com)
  • sf-epal.com - SafePal (safepal.com)
  • trustsafpal.com - SafePal (safepal.com)
  • ldgerw-allet.com - Ledger (ledger.com)
  • trezrwa-let.com - Trezor Wallet (trezor.io)

Temporal Information

  • Date of Identification and Submission: 2025-08-01 11:23 UTC
  • Estimated Campaign Activity Start: Approximately 7-14 days prior to detection

Screenshots

(If screenshots are not displayed, see the scans pages)

Screenshots

Screenshot

Screenshot

Screenshot

Screenshot

Scans

  • thetrust-wal-et.com - https://urlscan.io/result/0198654e-574c-70cd-b4a9-d422bd044110/
  • sf-epal.com - https://urlscan.io/result/0198654e-5bd2-707c-8e7b-eb47bb6bf2b9/
  • trustsafpal.com - https://urlscan.io/result/0198654e-607d-7009-9f0b-0c15a1358482/
  • ldgerw-allet.com - https://urlscan.io/result/0198654e-6521-724e-83c9-efc6c08c6ac8/
  • trezrwa-let.com - https://urlscan.io/result/0198654e-69c7-759b-a10e-1ecfe14013ec/

ninjacatcher avatar Aug 01 '25 11:08 ninjacatcher