urlscan.io logo urlscan.io
SecurityTrails logo

kaufklein.com Open in urlscan Pro
198.177.120.5  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://kaufklein.com/pp/
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On February 06 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 198.177.120.5, located in United States and belongs to NAMECHEAP-NET, US. The main domain is kaufklein.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on February 5th 2024. Valid for: a year.
This is the only time kaufklein.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

IP Address AS Autonomous System
2 198.177.120.5 22612 (NAMECHEAP...)
4 192.229.221.25 15133 (EDGECAST)
7 3
Apex Domain
Subdomains		 Transfer
4 paypalobjects.com
www.paypalobjects.com — Cisco Umbrella Rank: 2611
52 KB
2 kaufklein.com
kaufklein.com
57 KB
0 ebay.de Failed
kleinanzeigen.ebay.de Failed
7 3
Domain Requested by
4 www.paypalobjects.com kaufklein.com
2 kaufklein.com kaufklein.com
0 kleinanzeigen.ebay.de Failed kaufklein.com
7 3

This site contains no links.

Subject Issuer Validity Valid
kaufklein.com
Sectigo RSA Domain Validation Secure Server CA		 2024-02-05 -
2025-02-05		 a year crt.sh
www.paypal.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-12 -
2024-10-31		 a year crt.sh

This page contains 1 frames:

Primary Page: https://kaufklein.com/pp/
Frame ID: 7A3D1127C490A92F339EE68DD86A3845
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Kaufabwicklung

Detected technologies

Overall confidence: 100%
Detected patterns
  • paypalobjects\.com

Page Statistics

7
Requests

86 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

109 kB
Transfer

402 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
kaufklein.com/pp/ 		82 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kaufklein.com/pp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.177.120.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium702-1.web-hosting.com
Software
LiteSpeed /
Resource Hash
0e8e0df9c26587ee290a13df925b4897bd3e05fcb71ba8248294682cca02ceaa

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ranges
bytes
content-encoding
br
content-length
17797
content-type
text/html
date
Tue, 06 Feb 2024 10:44:06 GMT
last-modified
Mon, 05 Feb 2024 16:58:23 GMT
server
LiteSpeed
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
styles.css
kaufklein.com/pp/PayPal-Kaufabwicklung_files/ 		269 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://kaufklein.com/pp/PayPal-Kaufabwicklung_files/styles.css
Requested by
Host: kaufklein.com
URL: https://kaufklein.com/pp/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.177.120.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
premium702-1.web-hosting.com
Software
LiteSpeed /
Resource Hash
fb0e64eab95d98cc465fac8fcfaac70aa3611fbd252f04cf20984d27392bec0d

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://kaufklein.com/pp/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 10:44:06 GMT
content-encoding
br
last-modified
Tue, 30 Jan 2024 22:23:40 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
39712
expires
Tue, 13 Feb 2024 10:44:06 GMT
logo-ebayk-402x80.png
kleinanzeigen.ebay.de/static/img/common/logo/ 		0
0
hermes_window_sprite_v16.png
www.paypalobjects.com/images/checkout/hermes/ 		23 KB
23 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/checkout/hermes/hermes_window_sprite_v16.png
Requested by
Host: kaufklein.com
URL: https://kaufklein.com/pp/PayPal-Kaufabwicklung_files/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6CCD) /
Resource Hash
e8867e9b228e90c2c64825bf2bacaea7f283fce1176ccf849f0935a94da488dc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://kaufklein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 10:44:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
c8df7b5f9cec8
dc
ccg11-origin-www-1.paypal.com
content-length
23268
last-modified
Sat, 13 Feb 2021 00:20:21 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
server
ECAcc (mil/6CCD)
traceparent
00-0000000000000000000c8df7b5f9cec8-6474186c01855f29-01
etag
"60271b45-5ae4"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 06 Feb 2024 11:44:06 GMT
sprite_forms_1x.png
www.paypalobjects.com/images/shared/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/shared/sprite_forms_1x.png
Requested by
Host: kaufklein.com
URL: https://kaufklein.com/pp/PayPal-Kaufabwicklung_files/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6CB4) /
Resource Hash
1a11b5fece8c057aaa6fdcbb113912ada810127d6056d7518812425f1d0859eb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://kaufklein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 10:44:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
2981ec06f6157
dc
ccg11-origin-www-1.paypal.com
content-length
14656
last-modified
Sat, 13 Feb 2021 00:20:23 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
server
ECAcc (mil/6CB4)
traceparent
00-00000000000000000002981ec06f6157-114550e05372fd3d-01
etag
"60271b47-3940"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 06 Feb 2024 11:44:06 GMT
sprite_logos_wallet_v10_1x.png
www.paypalobjects.com/images/checkout/hermes/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/checkout/hermes/sprite_logos_wallet_v10_1x.png
Requested by
Host: kaufklein.com
URL: https://kaufklein.com/pp/PayPal-Kaufabwicklung_files/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6CB9) /
Resource Hash
0b175b8e12a2422c1fb98456cd5dd4f84d3eb93a01c2f98abe0d6a77d8563a96
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://kaufklein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 10:44:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
1dcbeb0e32fc1
dc
ccg11-origin-www-1.paypal.com
content-length
11637
last-modified
Sat, 13 Feb 2021 00:20:21 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
server
ECAcc (mil/6CB9)
traceparent
00-00000000000000000001dcbeb0e32fc1-c43ef20275f88c9c-01
etag
"60271b45-2d75"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 06 Feb 2024 11:44:06 GMT
scr_vp_fprd_shield_bags.png
www.paypalobjects.com/images/checkout/hermes/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.paypalobjects.com/images/checkout/hermes/scr_vp_fprd_shield_bags.png
Requested by
Host: kaufklein.com
URL: https://kaufklein.com/pp/PayPal-Kaufabwicklung_files/styles.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.221.25 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (mil/6C88) /
Resource Hash
156e258a495a63275b069120c11f94ac292f5eea950b80ce93eff4c42d3d2753
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://kaufklein.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 10:44:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-cache
HIT
paypal-debug-id
d4d448aff4dec
dc
ccg11-origin-www-1.paypal.com
content-length
2986
last-modified
Sat, 13 Feb 2021 00:20:21 GMT
accept-ch
DPR, Viewport-Width, Width, ECT, Downlink
server
ECAcc (mil/6C88)
traceparent
00-0000000000000000000d4d448aff4dec-976fe399180e59c6-01
etag
"60271b45-baa"
content-type
image/png
cache-control
s-maxage=31536000, public,max-age=3600
accept-ranges
bytes
timing-allow-origin
https://www.paypal.com,https://www.sandbox.paypal.com
expires
Tue, 06 Feb 2024 11:44:06 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
kleinanzeigen.ebay.de
URL
https://kleinanzeigen.ebay.de/static/img/common/logo/logo-ebayk-402x80.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| bindGdprEvents

0 Cookies

2 Console Messages

Source Level URL
Text
rendering warning URL: https://kaufklein.com/pp/(Line 14)
Message:
Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.
network error URL: https://kleinanzeigen.ebay.de/static/img/common/logo/logo-ebayk-402x80.png
Message:
Failed to load resource: net::ERR_SSL_PROTOCOL_ERROR