Restricted Platforms

Last updated: 2026-05-26

GermanProxy.io maintains a list of platforms that are technically blocked across our infrastructure as part of our proactive anti-fraud, anti-money-laundering, and § 27 StGB compliance strategy. This page describes the categories of restricted platforms, the reasons for their inclusion, and — where applicable — the process by which customers may unblock specific categories for legitimate use.

The restricted-platforms list is incorporated by reference into our General Terms and Conditions (Section 10.3) and may be updated at our reasonable discretion without prior notice to individual customers.

Why Platforms Are Restricted

The platforms listed below are technically blocked because they have been identified — through internal abuse monitoring, published threat intelligence, and documented law-enforcement matters — as exhibiting an elevated risk of one or more of the following:

• Identity fraud and account takeover
• Money laundering (§ 261 StGB, Regulation (EU) 2023/1113)
• Stolen-goods resale (§ 259 StGB)
• Trafficking in stolen payment card data (“carding”)
• Cash-out routes for proceeds of computer fraud (§ 263a StGB)
• Coordination of phishing and social-engineering operations

Restricting access to these platforms across our routing infrastructure supports our position as a § 8 DDG mere-conduit provider while substantially reducing the practical risk of our service being misused by third-party fraudsters.

Restricted Categories

1. Online Classifieds & Peer-to-Peer Resale Marketplaces

European consumer-to-consumer marketplaces including online classifieds and clothing-resale platforms. Examples include kleinanzeigen.de, ebay-kleinanzeigen.de, vinted.de, shpock.com, wallapop.com, leboncoin.fr and similar regional platforms. These platforms exhibit a documented high incidence of advance-payment fraud, stolen-goods resale, and money-mule recruitment.

Unblock available on request — see email-based process below.

2. Retail Online-Banking Portals (DACH Region)

Customer-facing online-banking portals of major retail banks across Germany, Austria, and Switzerland, including their associated two-factor authentication backends.

Hard block — no exceptions. No GermanProxy.io customer has a legitimate business need to access their own online banking through our routing infrastructure.

3. CS:GO / CS2 Skin Trading & Skin-Gambling Platforms

Third-party marketplaces and casino-style platforms used for trading and gambling with in-game cosmetic items (“skins”). These platforms are documented in published industry research and in our own forensic analysis as primary cash-out vehicles for proceeds of credit-card fraud and computer fraud.

Hard block — no exceptions. Legitimate skin trading takes place via the official Steam marketplace, which is not affected by this restriction.

4. Carding Forums & Breach Marketplaces

Online forums and marketplaces specializing in the discussion, trade, and distribution of stolen payment card data, credentials, and exploitation toolkits.

Hard block — no exceptions.

5. Stolen-Data Auto-Shops

Automated marketplaces for the bulk sale of stolen payment cards, account credentials, and identity packages (“fullz”).

Hard block — no exceptions.

6. Carding Cash-Out Services

Gift-card resale platforms and peer-to-peer cryptocurrency exchanges with documented elevated use for converting stolen payment cards into untraceable value.

Hard block — no exceptions.

7. Selected Postal Address-Change Endpoints

Specific subdomains operated by Deutsche Post for online address-change requests (“Nachsendeauftrag”). These endpoints are used in account-takeover operations to redirect physical mail (replacement cards, activation codes) to addresses controlled by the perpetrator.

Hard block — no exceptions. Regular postal services, package tracking, and the Deutsche Post main domain remain accessible.

8. Dynamic Threat Intelligence (Continuously Updated)

In addition to the static categories above, GermanProxy.io integrates dynamic threat intelligence feeds from established industry sources, including URLhaus (abuse.ch), Spamhaus DROP/EDROP, and Phishtank. This automatically blocks rotating phishing infrastructure, command-and-control domains for banking trojans, and active malware distribution endpoints as they are identified.

Hard block — no exceptions.

Unblock Request — Classifieds Only

Online classifieds and peer-to-peer resale marketplaces (Category 1) are the only restricted category for which unblocking may be granted, recognizing that legitimate use cases such as international price monitoring, brand protection, and competitive intelligence do exist.

Unblocking is granted exclusively upon individual review of a written request submitted by email. Requests are processed manually and approval is at the sole discretion of the Provider. Requests without a substantive justification, or requests that fail to demonstrate a plausible legitimate purpose, will be rejected without further explanation.

How to Request Unblocking

Send an email to [email protected] with the following information:

• Subject line: Category 1 Unblock Request — [your account ID]
• Customer account ID or registered email address
• Specific platforms requested for unblocking (e.g., kleinanzeigen.de, vinted.de)
• Detailed statement of intended legitimate purpose — generic descriptions such as “market research” or “business use” are insufficient. The statement must describe concretely what activity will be performed, on which platform, for which entity, and for what commercial reason (e.g., “ongoing price monitoring of own brand ‘XYZ’ clothing listings on vinted.de for inventory pricing decisions in our export business based in [country]”)
• Optional supporting context: brand name, trademark registration number, business website, or any other element that supports the plausibility of the stated purpose
• Explicit written acknowledgment of the following statement, included verbatim in the email body:

“I confirm that the unblocking requested above will be used exclusively for the stated legitimate purpose. I acknowledge that any misuse — including but not limited to fraud, account takeover, stolen-goods trade, or money laundering — will result in immediate termination of the unblocking permission and my customer account without refund, and may be reported to competent authorities. I acknowledge that a materially false declaration shifts all resulting criminal and civil liability fully to me as the requesting party.”

Processing and Decision

The Provider reviews each request individually. There is no service-level commitment on response time. The Provider may approve, reject, or request additional information at its sole discretion. A request may be rejected without specific reason given.

If approved, the Provider manually configures the unblocking for the customer’s account and notifies the customer by email. The full email correspondence — including the original request, the statement of purpose, the verbatim acknowledgment, the timestamp, and the originating email address — is retained for the duration of the customer relationship plus the applicable statutory retention period. This audit trail may be used by the Provider in cooperation with law enforcement or in defense against third-party claims.

The Provider may revoke an unblocking permission at any time without prior notice if abuse indicators are detected through internal monitoring, customer complaints, or law-enforcement notification.

Hard-Block Categories — No Exceptions

Categories 2 through 8 are subject to a hard block with no exceptions whatsoever. This includes retail online-banking portals, CS:GO/CS2 skin-trading and skin-gambling platforms, carding forums, stolen-data marketplaces, carding cash-out services, postal address-change endpoints, and dynamic threat-intelligence-blocked domains.

The Provider does not maintain a procedure — formal or informal — for unblocking platforms in these categories. Emails requesting such unblocking will not be processed and may not receive a reply.

Cooperation with Law Enforcement

GermanProxy.io cooperates with lawful requests from German and EU law-enforcement authorities under §§ 100g, 100j StPO, § 174 TKG, and Regulation (EU) 2022/2065 (Digital Services Act), subject to applicable legal requirements including judicial authorization where required.

Connection metadata generated by the proxy service is processed and retained by our processor iProxy Online Solutions LLC (United States, servers in the European Union) for a period of two (2) years pursuant to a Data Processing Agreement under Art. 28 GDPR. Full details are set out in our Privacy Policy at https://germanproxy.io/privacy-policy, Section 3.

For authority requests, contact: [email protected]

Legal Framework

The restrictions described on this page are implemented within the following legal framework:

• § 8 DDG (Digital Services Act implementation, formerly § 8 TMG) — Mere Conduit safe harbor
• § 27 StGB — Jurisprudence on neutral professional conduct and the threshold for criminal complicity (BGH 5 StR 624/99 and successor decisions)
• § 261 StGB — All-Crimes Approach to money laundering (effective 18.03.2021)
• Regulation (EU) 2023/1113 — Transfer of Funds Regulation (AML)
• Regulation (EU) 2022/2065 — Digital Services Act
• Art. 28 GDPR — Optional Data Processing Agreement for enterprise customers

Questions

General questions about this policy: [email protected] Category 1 unblock requests: [email protected] Law-enforcement requests: [email protected]

This page is part of the GermanProxy.io General Terms and Conditions and is updated as required to reflect current threat intelligence and operational practice.