# ebay-kleinanzeigen.order9817239812738103.shop — SUSPICIOUS > Domain order9817239812738103.shop impersonates eBay-Kleinanzeigen with credential theft via generic phishing. Zero detections on VirusTotal. Block immediately. ## Summary PhishDestroy identifies the domain order9817239812738103.shop as an active generic phishing domain claiming to be eBay-Kleinanzeigen, targeting users with fake order confirmations. The site employs credential theft tactics, tricking victims into entering login details under the guise of order processing. No crypto drainer kit or advanced obfuscation has been observed, suggesting opportunistic fraud rather than targeted malware campaigns. The domain leverages social engineering to exploit user trust in eBay-Kleinanzeigen, a popular German classifieds platform, likely harvesting credentials for account takeovers or resale on dark web markets. This domain was flagged with a VirusTotal detection rate of 0/95, indicating it remains under the radar of major security vendors. It resolves to IP 188.114.97.3, operated by Cloudflare, with an SSL certificate issued by Let's Encrypt for added legitimacy. The registrar is Namecheap, and the domain was created recently (exact date redacted for operational security). It is currently unlisted on Google Safe Browsing (GSB) and appears on only 1 known blocklist. The absence of a GSB flag and low blocklist presence may delay widespread takedown, increasing exposure risk. As of this assessment, the domain is active and unresolved for takedown, posing a medium-high risk to visitors. Immediate blocking via DNS or enterprise filters is recommended, along with user education to recognize eBay-Kleinanzeigen's official domains (ebay-kleinanzeigen.de). While the threat is under investigation, the lack of detections suggests a need for proactive monitoring. Users should avoid interacting with this domain and report any suspicious activity to eBay-Kleinanzeigen's security team. Remaining risk includes credential harvesting and potential downstream account compromise, with no evidence of broader infrastructure compromise at this time. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 188.114.97.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/domains/ebay-kleinanzeigen.order9817239812738103.shop - PhishDestroy: https://phishdestroy.io/domain/ebay-kleinanzeigen.order9817239812738103.shop/ - LLM endpoint: https://phishdestroy.io/domain/ebay-kleinanzeigen.order9817239812738103.shop/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/ebay-kleinanzeigen.order9817239812738103.shop/ Last updated: 2026-04-08