# etsy.kleinanze.info — SUSPICIOUS > Domain etsy.kleinanze.info is a brand impersonation scam using fake Etsy login pages to steal credentials. VirusTotal shows 0/95 detections. ## Summary PhishDestroy identifies etsy.kleinanze.info as an active brand impersonation scam impersonating Etsy to harvest login credentials through a fraudulent storefront. The domain leverages a deceptive subdomain structure (kleinanze.info) to mimic official Etsy domains (e.g., etsy.com), a common tactic in credential theft campaigns targeting online marketplace users. No evidence of a crypto drainer kit or advanced obfuscation was detected during initial analysis, suggesting a focus on obtaining user credentials for subsequent account takeover or fraudulent transactions. The threat actor likely aims to exploit trust in the Etsy brand to bypass user skepticism. This domain was flagged with a generic phishing threat type and resolves to IP 188.114.96.3, hosted under a Let's Encrypt SSL certificate to enhance legitimacy. VirusTotal currently reports 0/95 detections, indicating it remains undetected by major antivirus engines as of the latest scan. The domain was registered via an anonymous registrar with no publicly available creation date, and Google Safe Browsing (GSB) has not yet flagged it. Blocklist aggregators also show no current listings. These technical indicators suggest a recently deployed or low-volume campaign, though the lack of detections does not guarantee safety. As of this report, etsy.kleinanze.info remains active with an 'under investigation' status, and security teams have not yet issued takedown requests. Users should refrain from accessing the domain or entering any credentials, as the lack of detections by VirusTotal or GSB does not eliminate the risk of credential theft. Security researchers are advised to monitor the domain for additional indicators, such as the emergence of drainer kits or expanded phishing infrastructure. Immediate action includes blocking the domain and IP at the network level, reporting submissions to PhishDestroy, and warning users about the Etsy impersonation campaign. Remaining risk is classified as high due to the potential for widespread credential harvesting before detection systems catch up. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) ## Domain Intelligence - Registrar: REGISTRAR_NOT_FOUND - IP: 188.114.96.3 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/7c35a8fb-33d9-49ae-a863-0941031f62a7 - PhishDestroy: https://phishdestroy.io/domain/etsy.kleinanze.info/ - LLM endpoint: https://phishdestroy.io/domain/etsy.kleinanze.info/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/etsy.kleinanze.info/ Last updated: 2026-03-24