ScanMalware.com

Security Scan Report: almawa-madinah.com

Site favicon
Submitted: May 11, 2026, 8:18:58 PMCompleted: May 11, 2026, 8:20:27 PMpubliccompleted
Loading additional data...

Summary

This website contacted 3 IPs in 1 country across 3 domains to perform 12 HTTP transactions. The main domain is almawa-madinah.com and was registered NaN years ago.

Submitted URL: https://almawa-madinah.com/login

AI Security Verdict

Confirmed Scam

Confidence: 95%

10
Risk Score

The site is a newly‑registered, unranked domain hosting a login form and triggering critical malware alerts, indicating a confirmed credential phishing operation.

Risk Factors
Newly registered domain (<7 days) with credential collection
Unranked domain lacking reputation
Critical IDS alerts indicating possible malware C2 and data exfiltration
Presence of a login form on a brand‑new site
Domain age information unavailable

Details

Page Title

login | المأوى المدينة

Scan Type

public

Language

🇸🇦

Arabic

(60% confidence)

Category

technology software

(48%)

Domain Information

The domain name 'almawa-madinah.com' uses the commercial generic top-level domain (.com) without a subdomain. Count 14 characters in 'almawa-madinah' holding six vowels versus seven consonants, along with one hyphen. Splitting it apart reveals four words: alma, wa, madina, h. Average segment length settles at three characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://almawa-madinah.com/login

Page Load Overview

1.91s
Total Load Time
37
HTTP Requests
7
Domains
352 KB
Total Size

Language Analysis

Primary Language

🇸🇦Arabic
Code: ar
Confidence:60%
Script:Arabic
Direction:rtl

Detection Details

Language Code:ar
Detection Confidence:60%
Script Type:Arabic
HTML Lang Attribute:en
Text Length:204 chars
Detector Agreement:75%
Language mismatch: Declared as en but detected as ar

Website Classification

Primary Category

technology software48% confidence
Type: dynamic
Method: ml+structural

All Detected Categories

technology software
48%
corporate
25%

Detected Features

OG: website

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
13172.67.68.11United States
AS13335Cloudflare, Inc.
12142.251.127.84United States
AS15169Google LLC
12216.24.57.1United States
AS397273Render
373--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1A592E82A65127225EC0788F5C9D8B468F002C6A3AE3DEAF5F5CD5E34FFC69A109D3214

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

192:VJa6iaCEc/Y19fEPjyPjY7JXeS7JXex/27xRT6k39iNpNI9iNpNKhcykb1bX3PjD:VJ3jc/Y7fE7hL7Wvykhuy

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:20026:hAxRkdBKCQAMvANQwsiI/2b8CxkgfWAAKBgBKCRQDNDEAAVhEInqKGCdlQAa8CUBFYZCS6OiCEkZgiaht/oQOAgKgJQREfuN

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:ffffe7ffffe7e7fe
Perceptual Hash:f3d966268c22993b
Difference Hash:102a0820320c4d30
Wavelet Hash:feece8f8f8d8c000
Color Hash:#87b7c5

Other Hashes

Crop Resistant:102a0820320c4d30

Scan History

Scan history not available

Unable to load historical scan data