dealer-services.de Open in urlscan Pro
2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dealer-services.de/
Submission: On June 26 via api (June 26th 2024, 11:29:54 am UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 12 HTTP transactions. The main IP is 2001:8d8:100f:f000::200, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is dealer-services.de.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on April 20th 2024. Valid for: a year.

This is the only time dealer-services.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: mobile.de (Marketplace)

Domain & IP information

	IP Address	AS Autonomous System
4	2001:8d8:100f... 2001:8d8:100f:f000::200	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
2	51.222.108.20 51.222.108.20	16276 (OVH) (OVH)
12	3

4 2001:8d8:100f:f000::200 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)

dealer-services.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.222.108.20 (Canada)

ASN16276 (OVH, FR)
PTR: cloudfilt.com

srv18649.cloudfilt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	dealer-services.de dealer-services.de	232 KB
2	cloudfilt.com srv18649.cloudfilt.com	2 KB
0	classistatic.de Failed static.classistatic.de Failed
12	3

	Domain	Requested by
4	dealer-services.de	dealer-services.de
2	srv18649.cloudfilt.com	dealer-services.de srv18649.cloudfilt.com
0	static.classistatic.de Failed	dealer-services.de
12	3

This site contains no links.

Subject Issuer	Validity	Valid
*.dealer-services.de Encryption Everywhere DV TLS CA - G2	`2024-04-20` - `2025-04-19`	a year	crt.sh
*.cloudfilt.com TrustSign RSA DV CA	`2023-08-31` - `2024-08-30`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dealer-services.de/
Frame ID: 2ABEAFFA1B4EFC6875A6406BC57E9659
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Händler mobile.de - der Automarkt für Gebrauchtwagen

Page Statistics

12
Requests

50 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

233 kB
Transfer

239 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dealer-services.de/	10 KB 4 KB	245ms 65ms	Document text/html	2001:8d8:100f:f000::200 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://dealer-services.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:8d8:100f:f000::200 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS Software Apache / Resource Hash `f9bb65088e57b39f1bd5a58c3e6582f1cbc6b299645a68b1de7cc718715fa27c` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-encoding gzip content-type text/html date Wed, 26 Jun 2024 11:29:41 GMT etag W/"288e-6199a917fe540" last-modified Wed, 29 May 2024 16:51:57 GMT server Apache
GET H/1.1	200 OK	analyz.js Show response srv18649.cloudfilt.com/	2 KB 1 KB	443ms 124ms	Script application/javascript	51.222.108.20 OVH
General Check archive.org Show headers Download Go to Full URL https://srv18649.cloudfilt.com/analyz.js?render=SJS8G7BqEv5cwoTSySyt Requested by Host: dealer-services.de URL: https://dealer-services.de/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 51.222.108.20 , Canada, ASN16276 (OVH, FR), Reverse DNS cloudfilt.com Software Apache / Resource Hash `02d26bd551d9329d02f390935b071a458868a9a6457ae29df741aaeac16370d4` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dealer-services.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma no-cache Date Wed, 26 Jun 2024 11:29:42 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Upgrade h2,h2c Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Connection Upgrade, Keep-Alive Keep-Alive timeout=5, max=10000 Content-Length 937 Expires Sat, 26 Jul 1997 05:00:00 GMT
GET H2	200	main.0e6071be.css dealer-services.de/index_files/	153 KB 153 KB	221ms 220ms	Stylesheet text/css	2001:8d8:100f:f000::200 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://dealer-services.de/index_files/main.0e6071be.css Requested by Host: dealer-services.de URL: https://dealer-services.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:8d8:100f:f000::200 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS Software Apache / Resource Hash `3e70d11c1c5068352f88e42f4434a510abd8a86726435678b14ac607949462d4` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dealer-services.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 11:29:41 GMT last-modified Sun, 26 Mar 2023 16:34:42 GMT server Apache accept-ranges bytes etag "2633e-5f7d0340bcc80" content-length 156478 content-type text/css
GET H2	200	4aa13a690ca448eaa2c823f854705402.jpg dealer-services.de/index_files/	73 KB 73 KB	101ms 101ms	Image image/jpeg	2001:8d8:100f:f000::200 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://dealer-services.de/index_files/4aa13a690ca448eaa2c823f854705402.jpg Requested by Host: dealer-services.de URL: https://dealer-services.de/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:8d8:100f:f000::200 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS Software Apache / Resource Hash `e572aae1298f3288f49d9c7e876c357c50d21398a2964ebe55f829e62f938bb3` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dealer-services.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 11:29:41 GMT last-modified Fri, 23 Feb 2024 23:36:30 GMT server Apache accept-ranges bytes etag "1249f-6121507847b80" content-length 74911 content-type image/jpeg
GET		gibson-semibold-v4.woff2 static.classistatic.de/fonts/	0 0

GET		gibson-medium-v4.woff2 static.classistatic.de/fonts/	0 0

GET		gibson-regular-v4.woff2 static.classistatic.de/fonts/	0 0

GET H/1.1	200 OK	analyzC.js Show response srv18649.cloudfilt.com/	0 353 B	882ms 882ms	Script application/javascript	51.222.108.20 OVH
General Check archive.org Show headers Download Go to Full URL https://srv18649.cloudfilt.com/analyzC.js?render=SJS8G7BqEv5cwoTSySyt&url=https%3A%2F%2Fdealer-services.de%2F&ln=de-DE&sch=1200&scw=1600&pln=5&lnn=2&bv=Chrome%20126&hl=false Requested by Host: srv18649.cloudfilt.com URL: https://srv18649.cloudfilt.com/analyz.js?render=SJS8G7BqEv5cwoTSySyt Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 51.222.108.20 , Canada, ASN16276 (OVH, FR), Reverse DNS cloudfilt.com Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dealer-services.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Pragma no-transform Date Wed, 26 Jun 2024 11:29:42 GMT Server Apache Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Connection Keep-Alive Keep-Alive timeout=5, max=9999 Content-Length 0 Expires Sat, 26 Jul 1997 05:00:00 GMT
GET		gibson-regular-v4.woff static.classistatic.de/fonts/	0 0

GET		gibson-medium-v4.woff static.classistatic.de/fonts/	0 0

GET		gibson-semibold-v4.woff static.classistatic.de/fonts/	0 0

GET H2	200	favicon.ico dealer-services.de/index_files/	1 KB 1 KB	62ms 62ms	Other image/vnd.microsoft.icon	2001:8d8:100f:f000::200 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://dealer-services.de/index_files/favicon.ico Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2001:8d8:100f:f000::200 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS Software Apache / Resource Hash `e58c5ecd2b514360ebc3c840a04b1f6dfbc4e6527695b93f0f2c15a52077e123` Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://dealer-services.de/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 26 Jun 2024 11:29:43 GMT last-modified Sun, 26 Mar 2023 18:12:28 GMT server Apache accept-ranges bytes etag "47e-5f7d191afdb00" content-length 1150 content-type image/vnd.microsoft.icon

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: mobile.de (Marketplace)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://dealer-services.de/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v4.woff2' from origin 'https://dealer-services.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://dealer-services.de/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-medium-v4.woff2' from origin 'https://dealer-services.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://dealer-services.de/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v4.woff2' from origin 'https://dealer-services.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://dealer-services.de/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v4.woff' from origin 'https://dealer-services.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://dealer-services.de/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v4.woff' from origin 'https://dealer-services.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://dealer-services.de/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-medium-v4.woff' from origin 'https://dealer-services.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dealer-services.de
srv18649.cloudfilt.com
static.classistatic.de
static.classistatic.de
2001:8d8:100f:f000::200
51.222.108.20
02d26bd551d9329d02f390935b071a458868a9a6457ae29df741aaeac16370d4
3e70d11c1c5068352f88e42f4434a510abd8a86726435678b14ac607949462d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e572aae1298f3288f49d9c7e876c357c50d21398a2964ebe55f829e62f938bb3
e58c5ecd2b514360ebc3c840a04b1f6dfbc4e6527695b93f0f2c15a52077e123
f9bb65088e57b39f1bd5a58c3e6582f1cbc6b299645a68b1de7cc718715fa27c

dealer-services.de Open in urlscan Pro 2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

12 Requests

50 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

233 kBTransfer

239 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

12 Console Messages

Indicators

dealer-services.de Open in urlscan Pro
2001:8d8:100f:f000::200 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

50 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

233 kB
Transfer

239 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!