The login form above is served by good.cyberguyenterprises.com inside a
cross-origin <iframe>. A password manager should detect the domain mismatch and require
confirmation before filling credentials — if it fills silently, the cross-origin check
has been bypassed.