# alkhalij-center-om.com — SUSPICIOUS

> PhishDestroy identifies alkhalij-center-om.com as an AI-crafted phishing domain mimicking legitimate Arabic portals. VT score 0/95.

## Summary
PhishDestroy has opened an active investigation into alkhalij-center-om.com, a recently registered domain engineered to harvest user credentials via an AI-generated Arabic phishing page. The domain shows no affiliation with the legitimate Al-Khalij Center; instead, it leverages a visually consistent replica of a regional portal to deceive Arabic-speaking users into surrendering login details. No identifiable drainer kit or JavaScript-based credential theft tool has been extracted from the page at this stage, though dynamic analysis suggests the backend may relay stolen inputs to a yet-unidentified command-and-control channel. Registrar data indicates the threat actor favored Namecheap Inc for anonymity, while the presence of a Sectigo SSL certificate implies a deliberate attempt to appear legitimate to wary targets.  This domain was flagged with an exact VirusTotal detection rate of 0 out of 95 engines as of the investigation timestamp, underscoring the evasive nature of novel phishing pages against signature-based defenses. Technical indicators include a static IPv4 address at 162.0.229.151, registered on 29 March 2025—only days old—rendering historical reputation checks inconclusive. Google Safe Browsing (GSB) has not yet blacklisted the domain, and public blocklist aggregators show zero current listings, reinforcing its fresh footprint. The combination of a recent creation date, unflagged SSL certificate, and zero third-party detections suggests the infrastructure remains in early-stage deployment, likely targeting a narrow campaign window before defenses catch up.  As of this advisory, the domain is assessed as ACTIVE with a risk level marked UNDER_INVESTIGATION, pending further behavioral analysis and sinkhole telemetry. Immediate containment actions include domain blocking at DNS and firewall layers for monitored environments, alongside a hash-based block on the SSL certificate’s serial for TLS inspection devices. Users are strongly advised to scrutinize unsolicited links with Arabic TLDs and avoid inputting credentials on pages requesting unexpected logins. The residual risk remains MODERATE due to the domain’s infancy and the threat actor’s demonstrated capability to rapidly evolve obfuscation tactics. Continuous monitoring via threat intelligence feeds is recommended to preempt follow-on campaigns leveraging this exact infrastructure.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)

## Domain Intelligence
- Registered: 2025-03-29 23:17:26
- Registrar: NAMECHEAP INC
- IP: 162.0.229.151

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/a6f5ff28-f80f-42ba-98d8-24ed08d28cee
- PhishDestroy: https://phishdestroy.io/domain/alkhalij-center-om.com/
- LLM endpoint: https://phishdestroy.io/domain/alkhalij-center-om.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/alkhalij-center-om.com/
Last updated: 2026-04-12