https://www.malbongolfus.com/my-account/
104.21.4.35 · Cloudflare, Inc.
Toronto, Canada
327 days
200 · 48.5s
Valid· WE1, Google Trust Services, US
COMPLETED
Linked Phishing Report
This scan is attached to a vendor submission report
Brand
Malbon Golf Shop
Vendors
3/3
Status
completed
Registered-domain escalation
Submit malbongolfus.com as the primary IOC, enriched with evidence from hostile subdomains like www.malbongolfus.com.
No KB/IOK detections were recorded for this scan.
E-Commerce · 7/19/2026
The page presents a My Account login/register interface on the domain malbongolfus.com. Visual cues from the screenshot show Malbon Golf branding, a two-column login/registration form, and a footer with legitimate-looking navigation. The static HTML indicates a login form with password field and multiple POST endpoints, but the domain appears to be a real site rather than an impersonation of a well-known brand; however, the hosting domain name is suspicious (malbongolfus.com) and the WHOIS shows a recent creation date and short domain age, which can be indicative of a newly registered domain attempting to harvest credentials. The combination of credential fields, POST to get_refreshed_fragments, and external script loading warrants caution for potential credential harvesting on a first-party site that is itself young or misconfigured.
Capture
Stages: 2
Canonical: Settled Render
Changed: No
Credential Signals
Forms: 5
Password fields: 2
Late-stage login UI: No
Resource Signals
Resources: 92
Hosts: 4
Domains: 4
Suspicious Endpoints
hxxps://www[.]malbongolfus[.]com/
hxxps://www[.]malbongolfus[.]com/my-account/
The page shows a legitimate-looking account surface for Malbon Golf Shop with a login form and password field, which could facilitate credential entry. However, the domain malbongolfus.com is newly created (327 days) with a recent SSL and Cloudflare protection, and the WHOIS indicates a short registration window. The presence of a login UI on this domain, the POST endpoint to refresh fragments, and a high volume of external scripts create risk for credential harvesting or session manipulation. Given the visual impersonation potential and the suspicious domain age, this warrants cautious handling and monitoring, with consideration of further verification of the site’s ownership and hosting origin.
Monitor