https://shellharmonie.nl/
104.21.66.168 · Cloudflare, Inc.
Toronto, Canada
9 days
200 · 28.5s
Valid· WE1, Google Trust Services, US
COMPLETED
No KB/IOK detections were recorded for this scan.
finance | technology | ecommerce · 7/19/2026
The page presents FB88 branding and content, including a FB88 sports theme, logo styling, and related banners, but is hosted on shellharmonie.nl, a newly registered domain (9 days old) using Cloudflare. The page content and metadata strongly mimic a legitimate FB88 sportsbook, with a Vietnamese locale and Facebook-like branding cues. Network and asset analysis show multiple external script inclusions and DMCA badge scripts, but there is no clear login form or credential capture in static HTML; however, the combination of brand-imitation on a non-official domain, a suspicious exfil/referer endpoint (cdn-cgi/rum) and heavy JS load suggests potential credential harvesting or redirect-based abuse if forms are rendered and submitted via JS. The overall risk is elevated due to first-party impersonation signals on a recently registered domain, pointing to potential phishing abuse, though direct credential collection interfaces were not observed in the static HTML sample.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 2
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 71
Hosts: 3
Domains: 3
Suspicious Endpoints
hxxps://shellharmonie[.]nl/
The site is branded to mirror FB88 and is hosted on a recently created domain, which is a classic impersonation signal. The page uses FB88 branding, images, and Vietnamese text to present a sportsbook frontend, potentially designed to lure victims. Although no explicit credential form is visible in the static HTML, the late-render observations and heavy JS loading imply that a login or credential capture surface could be rendered client-side, which, combined with the impersonation signals, supports a phishing risk. Given the domain age, WAF evasion indicators, and impersonation cues, this is a moderate to high-risk abuse case requiring close monitoring and possible takedown action if further evidence shows credential collection or redirection to payment endpoints. Recommend monitoring and preparing abuse report with brand impersonation findings; consider suspension if further evidence confirms credential capture or exploitation.
Monitor