388218295.com Open in urlscan Pro
217.160.0.244 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://388218295.com/
Submission: On May 26 via automatic, source openphish (May 26th 2024, 1:22:33 pm UTC) — Scanned from DE

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 217.160.0.244, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is 388218295.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on May 25th 2024. Valid for: a year.

This is the only time 388218295.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: mobile.de (Marketplace)

Domain & IP information

	IP Address		AS Autonomous System
4	217.160.0.244 217.160.0.244		8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
10	2

4 217.160.0.244 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-244.elastic-ssl.ui-r.com

388218295.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	388218295.com 388218295.com	232 KB
0	classistatic.de Failed static.classistatic.de Failed
10	2

	Domain	Requested by
4	388218295.com	388218295.com
0	static.classistatic.de Failed	388218295.com
10	2

This site contains no links.

Subject Issuer	Validity	Valid
388218295.com GeoTrust TLS RSA CA G1	`2024-05-25` - `2025-05-24`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://388218295.com/
Frame ID: 703FD905720E2051E2DAD06BFC43CA5E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Händler mobile.de - der Automarkt für Gebrauchtwagen

Page Statistics

10
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

232 kB
Transfer

237 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 388218295.com/	10 KB 4 KB	98ms 30ms	Document text/html	217.160.0.244 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://388218295.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.244 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-244.elastic-ssl.ui-r.com Software Apache / Resource Hash `50a4b3803593ccfda460d0cfece740a358e48b211b33df5d8e5a1ec0cfef6b3e` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-encoding gzip content-type text/html date Sun, 26 May 2024 13:22:28 GMT etag W/"2889-5fc1d0bdf7bc0" last-modified Sat, 20 May 2023 09:56:07 GMT server Apache
GET H2	200	main.0e6071be.css 388218295.com/index_files/	153 KB 153 KB	35ms 35ms	Stylesheet text/css	217.160.0.244 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://388218295.com/index_files/main.0e6071be.css Requested by Host: 388218295.com URL: https://388218295.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.244 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-244.elastic-ssl.ui-r.com Software Apache / Resource Hash `3e70d11c1c5068352f88e42f4434a510abd8a86726435678b14ac607949462d4` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://388218295.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 26 May 2024 13:22:28 GMT last-modified Sun, 26 Mar 2023 16:34:42 GMT server Apache accept-ranges bytes etag "2633e-5f7d0340bcc80" content-length 156478 content-type text/css
GET H2	200	4aa13a690ca448eaa2c823f854705402.jpg 388218295.com/index_files/	73 KB 73 KB	97ms 97ms	Image image/jpeg	217.160.0.244 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://388218295.com/index_files/4aa13a690ca448eaa2c823f854705402.jpg Requested by Host: 388218295.com URL: https://388218295.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.244 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-244.elastic-ssl.ui-r.com Software Apache / Resource Hash `e572aae1298f3288f49d9c7e876c357c50d21398a2964ebe55f829e62f938bb3` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://388218295.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 26 May 2024 13:22:28 GMT last-modified Fri, 23 Feb 2024 23:36:29 GMT server Apache accept-ranges bytes etag "1249f-6121507753940" content-length 74911 content-type image/jpeg
GET		gibson-semibold-v4.woff2 static.classistatic.de/fonts/	0 0

GET		gibson-medium-v4.woff2 static.classistatic.de/fonts/	0 0

GET		gibson-regular-v4.woff2 static.classistatic.de/fonts/	0 0

GET H2	200	favicon.ico 388218295.com/index_files/	1 KB 1 KB	26ms 26ms	Other image/vnd.microsoft.icon	217.160.0.244 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://388218295.com/index_files/favicon.ico Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.244 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-244.elastic-ssl.ui-r.com Software Apache / Resource Hash `e58c5ecd2b514360ebc3c840a04b1f6dfbc4e6527695b93f0f2c15a52077e123` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://388218295.com/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 26 May 2024 13:22:28 GMT last-modified Sun, 26 Mar 2023 18:12:27 GMT server Apache accept-ranges bytes etag "47e-5f7d191a098c0" content-length 1150 content-type image/vnd.microsoft.icon
GET		gibson-semibold-v4.woff static.classistatic.de/fonts/	0 0

GET		gibson-medium-v4.woff static.classistatic.de/fonts/	0 0

GET		gibson-regular-v4.woff static.classistatic.de/fonts/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff2

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff

Domain: static.classistatic.de
URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: mobile.de (Marketplace)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://388218295.com/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v4.woff2' from origin 'https://388218295.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://388218295.com/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-medium-v4.woff2' from origin 'https://388218295.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://388218295.com/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v4.woff2' from origin 'https://388218295.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://388218295.com/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-semibold-v4.woff' from origin 'https://388218295.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-semibold-v4.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://388218295.com/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-medium-v4.woff' from origin 'https://388218295.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-medium-v4.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://388218295.com/ Message: Access to font at 'https://static.classistatic.de/fonts/gibson-regular-v4.woff' from origin 'https://388218295.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://static.classistatic.de/fonts/gibson-regular-v4.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

388218295.com
static.classistatic.de
static.classistatic.de
217.160.0.244
3e70d11c1c5068352f88e42f4434a510abd8a86726435678b14ac607949462d4
50a4b3803593ccfda460d0cfece740a358e48b211b33df5d8e5a1ec0cfef6b3e
e572aae1298f3288f49d9c7e876c357c50d21398a2964ebe55f829e62f938bb3
e58c5ecd2b514360ebc3c840a04b1f6dfbc4e6527695b93f0f2c15a52077e123

388218295.com Open in urlscan Pro 217.160.0.244 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

40 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

232 kBTransfer

237 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

12 Console Messages

Indicators

388218295.com Open in urlscan Pro
217.160.0.244 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

232 kB
Transfer

237 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!