# safepal.at — MALICIOUS

> safepal.at poses a high-risk brand impersonation threat targeting SafePal users. Stay alert and avoid interaction. Learn more now.

## Summary
PhishDestroy identifies safepal.at as a high-risk domain impersonating the legitimate SafePal brand. Although currently offline, this domain was registered on February 21, 2026, and was flagged by 15 out of 95 VirusTotal security vendors. It also appears on four security blocklists and is linked to 12 threat intelligence pulses in AlienVault OTX. Such factors highlight the significant danger this domain posed to users by attempting to deceive them into trusting a counterfeit SafePal presence.

This brand impersonation tactic typically involves creating a fake website resembling the official SafePal platform to trick users into submitting sensitive information such as login credentials, private keys, or financial data. By resolving to an IP address associated with malicious activity, safepal.at aimed to exploit the reputation of SafePal to harvest data or deploy malware. The domain's recent registration and multiple listings on threat intelligence feeds confirm its use in phishing campaigns designed to compromise user security.

If you have visited safepal.at, it is crucial to immediately cease all interactions and avoid entering any personal or financial information. Users should scan their devices for malware, change any passwords or keys that might have been exposed, and monitor their accounts for suspicious activity. Reporting the incident to your antivirus provider and the official SafePal team can help protect others from falling victim to this scam. Vigilance and prompt action are key to mitigating the risks from this high-risk impersonation domain.

## Threat Details
- Verdict: MALICIOUS
- Site status: dead (HTTP 403)
- Target brand: SafePal

## Domain Intelligence
- Registered: 2026-02-21 07:01:08
- IP: 172.67.209.39
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: ["cory.ns.cloudflare.com", "ullis.ns.cloudflare.com"]
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 15 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "BitDefender", "CyRadar", "ESET", "Forcepoint ThreatSeeker", "Fortinet", "G-Data", "Lionic", "Phishing Database", "Seclookup", "SOCRadar", "Sophos", "VIPRE", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["PhishDestroy", "MetaMask", "SEAL", "PhishingDB"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019bbe43-90a2-7794-b12f-a9c3577c34da.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/bbba3030-73b1-41ac-9a00-14db8922be5e
- PhishDestroy: https://phishdestroy.io/domain/safepal.at/
- LLM endpoint: https://phishdestroy.io/domain/safepal.at/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/safepal.at/
Last updated: 2026-03-19