https://www.alsafwaco.net/
194.39.149.124 · WHG Hosting Services Ltd
Dallas, United States
4909 days
200 · 23.1s
Valid· R13, Let's Encrypt, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Alsafwa I & E
Vendors
30/31
Status
partial
Registered-domain escalation
Submit alsafwaco.net as the primary IOC, enriched with evidence from hostile subdomains like www.alsafwaco.net.
No KB/IOK detections were recorded for this scan.
ecommerce | technology | finance · 7/19/2026
The page presents Arabic branding for Alsafwa I & E, but the domain www.alsafwaco.net appears to host the site. Visuals show the real brand styling and content related to Alsafwa Import & Export. However, the page includes a login form and credential collection UI within a site that is not obviously the official Alsafwa corporate domain, raising potential impersonation concerns if the domain is misaligned with the legitimate brand. The evidence does show password fields and POST endpoints, but there is no definitive proof of credential harvesting directed at a third-party brand; the presence of login UI and external POST endpoints warrants further review to determine if impersonation or phishing is occurring.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: Yes
Credential Signals
Forms: 2
Password fields: 1
Late-stage login UI: No
Resource Signals
Resources: 153
Hosts: 10
Domains: 8
Suspicious Endpoints
hxxps://www[.]alsafwaco[.]net/index.php/ar/
The site displays Alsafwa branding with Arabic content and appears to be a legitimate page for the brand. However, the presence of a password field and login form on the same page, coupled with POST requests to external endpoints and an iframe embedding YouTube content, creates ambiguity about credential handling and potential data exfiltration. The mixed signals (brand presence vs. suspicious external POSTs) justify closer monitoring and possible abuse reporting if the domain is not the official corporate domain. The SSL is valid but short-lived, and the site is hosted on a US-based provider; no definitive credential-phishing flow is confirmed from the available data alone.
Monitor