de-go.kelkoogroup.net Open in urlscan Pro
95.211.116.27 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://capitoloneautoloans.com/
Effective URL:
https://de-go.kelkoogroup.net/go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c99226ff849719f67c79ddd77...
Submission: On May 04 via api (May 4th 2022, 7:12:55 am UTC) from US — Scanned from DE

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 5 domains to perform 9 HTTP transactions. The main IP is 95.211.116.27, located in Swifterbant, Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is de-go.kelkoogroup.net. The Cisco Umbrella rank of the primary domain is 430932.
TLS certificate: Issued by Thawte RSA CA 2018 on September 7th 2021. Valid for: a year.

This is the only time de-go.kelkoogroup.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	78.41.204.27 78.41.204.27	62370 (SNEL) (SNEL)
4	66.165.243.160 66.165.243.160	29802 (HVC-AS) (HVC-AS)
3	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1 2	95.211.116.27 95.211.116.27	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
9	4

1 78.41.204.27 (Netherlands) 1 redirects

ASN62370 (SNEL, NL)
PTR: server368.snel.com

capitoloneautoloans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.165.243.160 (Los Angeles, United States)

ASN29802 (HVC-AS, US)
PTR: 66-165-243-160.static.hvvc.us

r.redirekted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.211.116.27 (Swifterbant, Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: dc1-ecs-pub-go-vip.kelkoo.com

de-go.kelkoogroup.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	redirekted.com r.redirekted.com — Cisco Umbrella Rank: 908874	11 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 101	20 KB
2	kelkoogroup.net 1 redirects de-go.kelkoogroup.net — Cisco Umbrella Rank: 430932	4 KB
1	capitoloneautoloans.com 1 redirects capitoloneautoloans.com	462 B
0	kelkoo.com Failed ads.kelkoo.com Failed
9	5

	Domain	Requested by
4	r.redirekted.com	r.redirekted.com
3	www.google-analytics.com	r.redirekted.com www.google-analytics.com
2	de-go.kelkoogroup.net	1 redirects r.redirekted.com
1	capitoloneautoloans.com	1 redirects
0	ads.kelkoo.com Failed	de-go.kelkoogroup.net
9	5

This site contains no links.

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.kelkoogroup.net Thawte RSA CA 2018	`2021-09-07` - `2022-10-07`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://de-go.kelkoogroup.net/go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c99226ff849719f67c79ddd77420db19e4da571ad57822c9ed9fad54c643a4188d7f8707a71a7c01d7ed038ecb2573d965a54dc9f61c5da77e5219394b817f26b2877b626e9ad46d85feff0e77091e60cbe19575424dd0d55f29828c7d4187e0f4659777af2a3a3e3973976eac36d97f54c90156d75f1a04db2308290f8207f974b28bbd0e53bb707bf6543df16147e4a238f35b227b343d1772924bdea4d15d3a8e45b459b65029580b81c41a4cf0ab82f62dc9e2c671ded801675eed9f12437a10cf9715af8de6d164ce5691cd495617deb4f97483f4cefa50a6b5e0ccba81e406344ababd82e101bd670f952cecc449afd6162cee8bf997596708b634a0eb6febfe3580116efbd3c8393e1dd3d587df63c8f3ee6e3171757d91db8ec9d77988c75c6bc09311b4da6260ee28cccdef9f94a460063b63cd80572b7556bdbe5ecba73d803aa04f99147f4f11f6c7af75fb8e525b17d315fcc099b96ad2c1936f044e91f2661d2857cbfb3f9e010c7c0ae17d39d2e105b258471cbd994b91495f54f0f65433faebc2dbd13bf99eb281504cb255145a59b694d5fa283c7fd28c5dbb4a779c097218285ceab87409adab73841e621d15fe0897bd042ce655c43762b92b58c9d0d52c4f6467fd1c10b51a4da93ca542da8e1e1f59596a24b06ee45401911f968853064b92aad9b234a24b558261e06023210cbd62be54462be0a02503975afef6ca23eda1af08e1cbbca2d34bf5dbb6c&o=
Frame ID: BF54065CB3F9EC08E6DBC6A16E034BF6
Requests: 5 HTTP requests in this frame

Frame: http://r.redirekted.com/go?e=DwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV
Frame ID: C6DAAB3641AA621C3CC499D91C6ECC61
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://capitoloneautoloans.com/ HTTP 302
http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a... Page URL
https://de-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1651566003256&.sig=Gn.YCI9vh17kkPvVJokLAhA4j1s-&aff... HTTP 307
https://de-go.kelkoogroup.net/go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c9922... Page URL

Detected technologies

Datadome (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

9
Requests

22 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

33 kB
Transfer

60 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://capitoloneautoloans.com/ HTTP 302
http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11 Page URL
https://de-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1651566003256&.sig=Gn.YCI9vh17kkPvVJokLAhA4j1s-&affiliationId=96965856&comId=13002613&country=de&offerId=ff42ab46e19c2297b6c4f84b53cf5e2a&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=j3BvtxsmImMdRJqVWGXwp0Z2uzEetFqtIwqbE0ZuIaE0bRM7ZGLtq2V0qlM-AUpTk3BzN2r7DUF7gQrVkKXVyRsmOUL9gRAW5Up&custom2=8IPsVk3p4STsy03MlRJFQqwqw0QA-tzE HTTP 307
https://de-go.kelkoogroup.net/go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c99226ff849719f67c79ddd77420db19e4da571ad57822c9ed9fad54c643a4188d7f8707a71a7c01d7ed038ecb2573d965a54dc9f61c5da77e5219394b817f26b2877b626e9ad46d85feff0e77091e60cbe19575424dd0d55f29828c7d4187e0f4659777af2a3a3e3973976eac36d97f54c90156d75f1a04db2308290f8207f974b28bbd0e53bb707bf6543df16147e4a238f35b227b343d1772924bdea4d15d3a8e45b459b65029580b81c41a4cf0ab82f62dc9e2c671ded801675eed9f12437a10cf9715af8de6d164ce5691cd495617deb4f97483f4cefa50a6b5e0ccba81e406344ababd82e101bd670f952cecc449afd6162cee8bf997596708b634a0eb6febfe3580116efbd3c8393e1dd3d587df63c8f3ee6e3171757d91db8ec9d77988c75c6bc09311b4da6260ee28cccdef9f94a460063b63cd80572b7556bdbe5ecba73d803aa04f99147f4f11f6c7af75fb8e525b17d315fcc099b96ad2c1936f044e91f2661d2857cbfb3f9e010c7c0ae17d39d2e105b258471cbd994b91495f54f0f65433faebc2dbd13bf99eb281504cb255145a59b694d5fa283c7fd28c5dbb4a779c097218285ceab87409adab73841e621d15fe0897bd042ce655c43762b92b58c9d0d52c4f6467fd1c10b51a4da93ca542da8e1e1f59596a24b06ee45401911f968853064b92aad9b234a24b558261e06023210cbd62be54462be0a02503975afef6ca23eda1af08e1cbbca2d34bf5dbb6c&o= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://capitoloneautoloans.com/ HTTP 302
http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11

Request Chain 4

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 6

http://www.google-analytics.com/collect?v=1&_v=j96&a=35399378&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=290431295.1651648371&tid=UA-32454353-1&_gid=2075844157.1651648371&cd1=oz9lMJE8n2kesUk8sT5ipzIxsTgfn3k8sUj%3D&z=2029252337 HTTP 307
https://www.google-analytics.com/collect?v=1&_v=j96&a=35399378&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=290431295.1651648371&tid=UA-32454353-1&_gid=2075844157.1651648371&cd1=oz9lMJE8n2kesUk8sT5ipzIxsTgfn3k8sUj%3D&z=2029252337

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

redirect Show response
r.redirekted.com/
Redirect Chain

http://capitoloneautoloans.com/
http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11

814 B
1022 B

333ms
146ms

Document
text/html

66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
Protocol: HTTP/1.1
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.21.5 / PHP/8.0.14
Resource Hash: 7a169b278e1f7ae2fb3ad631fe84189c6af207c68e183b69cb0bb9f358863fa6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 04 May 2022 07:12:50 GMT
Server: nginx/1.21.5
Transfer-Encoding: chunked
X-Powered-By: PHP/8.0.14

Redirect headers

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 04 May 2022 07:12:49 GMT
location: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
server: nginx

GET
H/1.1 200
OK adren.css
r.redirekted.com/css/ 243 B
479 B 145ms
145ms Stylesheet
text/css 66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://r.redirekted.com/css/adren.css?n=3743029373
Requested by: Host: r.redirekted.com
URL: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
Protocol: HTTP/1.1
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.21.5 /
Resource Hash: e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Wed, 04 May 2022 07:12:50 GMT
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Server: nginx/1.21.5
ETag: "60dff9aa-f3"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 243

GET
H/1.1 200
OK adren.min.js Show response
r.redirekted.com/js/ 7 KB
8 KB 291ms
145ms Script
application/javascript 66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://r.redirekted.com/js/adren.min.js?n=3743029373
Requested by: Host: r.redirekted.com
URL: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
Protocol: HTTP/1.1
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.21.5 /
Resource Hash: 55afe8ae4db5b6ca9ec5a3aca1f3a7b482ca51d0914acd250093f1a9ecbfccec

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

Date: Wed, 04 May 2022 07:12:51 GMT
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Server: nginx/1.21.5
ETag: "60dff9aa-1d68"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7528

GET
H/1.1 200
OK go Show response
r.redirekted.com/ Frame C6DA 2 KB
2 KB 146ms
146ms Document
text/html 66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://r.redirekted.com/go?e=DwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV
Requested by: Host: r.redirekted.com
URL: http://r.redirekted.com/js/adren.min.js?n=3743029373
Protocol: HTTP/1.1
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.21.5 / PHP/8.0.14
Resource Hash: da6035efd497565abb485f12815c7a4eb145d5aae508c6bd35e4e166a027befa

Request headers

Referer: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 04 May 2022 07:12:51 GMT
Server: nginx/1.21.5
Transfer-Encoding: chunked
X-Powered-By: PHP/8.0.14

GET
H2

200

analytics.js Show response
www.google-analytics.com/ Frame C6DA
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

49 KB
20 KB

48ms
4ms

Script
text/javascript

2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: r.redirekted.com
URL: http://r.redirekted.com/go?e=DwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV

Protocol

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://r.redirekted.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 5881
date: Wed, 04 May 2022 05:34:50 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 04 May 2022 07:34:50 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

POST
H2 200 collect
www.google-analytics.com/j/ Frame C6DA 2 B
207 B 17ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=35399378&t=pageview&_s=1&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1110959215&gjid=264202911&cid=290431295.1651648371&tid=UA-32454353-1&_gid=2075844157.1651648371&_r=1&_slc=1&z=404564773

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://r.redirekted.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 04 May 2022 07:12:51 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://r.redirekted.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

collect
www.google-analytics.com/ Frame C6DA
Redirect Chain

http://www.google-analytics.com/collect?v=1&_v=j96&a=35399378&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvF...
https://www.google-analytics.com/collect?v=1&_v=j96&a=35399378&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVv...

35 B
55 B

15ms
11ms

Image
image/gif

2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=35399378&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=290431295.1651648371&tid=UA-32454353-1&_gid=2075844157.1651648371&cd1=oz9lMJE8n2kesUk8sT5ipzIxsTgfn3k8sUj%3D&z=2029252337

Requested by

Protocol

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://r.redirekted.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 03 May 2022 14:05:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 61633
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/collect?v=1&_v=j96&a=35399378&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DDwCaxHVbblL9AKA7jaqw0wXY1KB85mV74UX51wXyRaBdHvWs13pkgQsyjaLefQqWy3C5kGVyVvFdfRqwglBzfHsyZvC9g0W9j3BwjwX-DKF8gHs60aqdRTs7xKCdtFs-x3C55GVxfvEuHPsv13p8uRs7jmF9gRs-bFLRu2Z_pPEmV3XTEwLwbHVyDmL55QL80KX99SA781F9uvXscFW5jGsmcPLeHlX9jUXajwXYOULefGs84aq1cGs7LlLdfxWtkUWefxXvyaLuHPquk3pj5QAu1aFlZ3KWk3BjuHr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=290431295.1651648371&tid=UA-32454353-1&_gid=2075844157.1651648371&cd1=oz9lMJE8n2kesUk8sT5ipzIxsTgfn3k8sUj%3D&z=2029252337
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H/1.1

404
Not Found

Primary Request go Show response
de-go.kelkoogroup.net/
Redirect Chain

https://de-go.kelkoogroup.net/ctl/go/offersearchGo?.ts=1651566003256&.sig=Gn.YCI9vh17kkPvVJokLAhA4j1s-&affiliationId=96965856&comId=13002613&country=de&offerId=ff42ab46e19c2297b6c4f84b53cf5e2a&serv...
https://de-go.kelkoogroup.net/go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c99226ff849719f67c79ddd77420db19e4da571ad57822c9ed9fad54c643a4188d7f8707a71a7c01d7ed038ecb2573d9...

1 KB
2 KB

39ms
36ms

Document
text/html

95.211.116.27
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://de-go.kelkoogroup.net/go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c99226ff849719f67c79ddd77420db19e4da571ad57822c9ed9fad54c643a4188d7f8707a71a7c01d7ed038ecb2573d965a54dc9f61c5da77e5219394b817f26b2877b626e9ad46d85feff0e77091e60cbe19575424dd0d55f29828c7d4187e0f4659777af2a3a3e3973976eac36d97f54c90156d75f1a04db2308290f8207f974b28bbd0e53bb707bf6543df16147e4a238f35b227b343d1772924bdea4d15d3a8e45b459b65029580b81c41a4cf0ab82f62dc9e2c671ded801675eed9f12437a10cf9715af8de6d164ce5691cd495617deb4f97483f4cefa50a6b5e0ccba81e406344ababd82e101bd670f952cecc449afd6162cee8bf997596708b634a0eb6febfe3580116efbd3c8393e1dd3d587df63c8f3ee6e3171757d91db8ec9d77988c75c6bc09311b4da6260ee28cccdef9f94a460063b63cd80572b7556bdbe5ecba73d803aa04f99147f4f11f6c7af75fb8e525b17d315fcc099b96ad2c1936f044e91f2661d2857cbfb3f9e010c7c0ae17d39d2e105b258471cbd994b91495f54f0f65433faebc2dbd13bf99eb281504cb255145a59b694d5fa283c7fd28c5dbb4a779c097218285ceab87409adab73841e621d15fe0897bd042ce655c43762b92b58c9d0d52c4f6467fd1c10b51a4da93ca542da8e1e1f59596a24b06ee45401911f968853064b92aad9b234a24b558261e06023210cbd62be54462be0a02503975afef6ca23eda1af08e1cbbca2d34bf5dbb6c&o=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

95.211.116.27 Swifterbant, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

dc1-ecs-pub-go-vip.kelkoo.com

Software

Resource Hash

51bf3fd7d441b0c1aa9b3482e46c36977411afde3f20dde7360e5433f875deaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: http://r.redirekted.com/redirect?redirect_id=42c18f5354f75e24dba133b4f622eacf&request_id=f847c0dec3a2dc9bea0ba5440c137f11
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
ApacheTracking: localhost
Connection: Keep-Alive
Content-Length: 1259
Content-Type: text/html; charset=UTF-8
Date: Wed, 04 May 2022 07:12:51 GMT
Keep-Alive: timeout=40, max=24
P3P: CP="Anything"
Referrer-Policy: unsafe-url
Request-Time: PT0.016903S
X-Content-Type-Options: nosniff
X-DataDome: protected
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: master-only
X-Robots-Tag: noindex,nofollow
X-XSS-Protection: 1; mode=block
clickId: 107698147_1651648371555_4003097

Redirect headers

Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
ApacheTracking: localhost
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/plain
Date: Wed, 04 May 2022 07:12:51 GMT
Keep-Alive: timeout=40, max=51
Location: /go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c99226ff849719f67c79ddd77420db19e4da571ad57822c9ed9fad54c643a4188d7f8707a71a7c01d7ed038ecb2573d965a54dc9f61c5da77e5219394b817f26b2877b626e9ad46d85feff0e77091e60cbe19575424dd0d55f29828c7d4187e0f4659777af2a3a3e3973976eac36d97f54c90156d75f1a04db2308290f8207f974b28bbd0e53bb707bf6543df16147e4a238f35b227b343d1772924bdea4d15d3a8e45b459b65029580b81c41a4cf0ab82f62dc9e2c671ded801675eed9f12437a10cf9715af8de6d164ce5691cd495617deb4f97483f4cefa50a6b5e0ccba81e406344ababd82e101bd670f952cecc449afd6162cee8bf997596708b634a0eb6febfe3580116efbd3c8393e1dd3d587df63c8f3ee6e3171757d91db8ec9d77988c75c6bc09311b4da6260ee28cccdef9f94a460063b63cd80572b7556bdbe5ecba73d803aa04f99147f4f11f6c7af75fb8e525b17d315fcc099b96ad2c1936f044e91f2661d2857cbfb3f9e010c7c0ae17d39d2e105b258471cbd994b91495f54f0f65433faebc2dbd13bf99eb281504cb255145a59b694d5fa283c7fd28c5dbb4a779c097218285ceab87409adab73841e621d15fe0897bd042ce655c43762b92b58c9d0d52c4f6467fd1c10b51a4da93ca542da8e1e1f59596a24b06ee45401911f968853064b92aad9b234a24b558261e06023210cbd62be54462be0a02503975afef6ca23eda1af08e1cbbca2d34bf5dbb6c&o=
P3P: CP="Anything"
Referrer-Policy: unsafe-url
Request-Time: PT0.011671S
X-Content-Type-Options: nosniff
X-DataDome: protected
X-Frame-Options: DENY
X-Permitted-Cross-Domain-Policies: master-only
X-Robots-Tag: noindex,nofollow
X-XSS-Protection: 1; mode=block
clickId: 107698147_1651648371555_4003097
country: de

GET scout.js
ads.kelkoo.com/javascripts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ads.kelkoo.com
URL: https://ads.kelkoo.com/javascripts/scout.js

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.capitoloneautoloans.com/	1970-02-13 23:18:52	Name: sid Value: 9b6de3b2-cb79-11ec-ae42-06261a68fb62
r.redirekted.com/	1970-01-20 02:48:54	Name: uuid Value: 3964205301440182784
.redirekted.com/	1970-01-20 20:18:40	Name: _ga Value: GA1.2.290431295.1651648371
.redirekted.com/	1970-01-20 02:48:54	Name: _gid Value: GA1.2.2075844157.1651648371
.redirekted.com/	1970-01-20 02:47:28	Name: _gat Value: 1
.kelkoogroup.net/	1970-01-20 11:33:04	Name: referer Value: http%3A%2F%2Fr.redirekted.com%2F
.kelkoogroup.net/	1970-01-20 11:33:04	Name: datadome Value: fFpxuTTpIbUxHljAOe2-1wgmSFFw6eDpMcueuE0WVVKDzUejyU~vIFglar-tRhNaGcQFf6-g4FSeTlXLOeQZ141w016MR3ZE.2C7nd~0pl3.E.aAehjW7DehW1Hb5lr

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://de-go.kelkoogroup.net/go?country=de&k=e6f1edef20cd5dcd27f748505537aa947c126565523f3ef9f059e03c99226ff849719f67c79ddd77420db19e4da571ad57822c9ed9fad54c643a4188d7f8707a71a7c01d7ed038ecb2573d965a54dc9f61c5da77e5219394b817f26b2877b626e9ad46d85feff0e77091e60cbe19575424dd0d55f29828c7d4187e0f4659777af2a3a3e3973976eac36d97f54c90156d75f1a04db2308290f8207f974b28bbd0e53bb707bf6543df16147e4a238f35b227b343d1772924bdea4d15d3a8e45b459b65029580b81c41a4cf0ab82f62dc9e2c671ded801675eed9f12437a10cf9715af8de6d164ce5691cd495617deb4f97483f4cefa50a6b5e0ccba81e406344ababd82e101bd670f952cecc449afd6162cee8bf997596708b634a0eb6febfe3580116efbd3c8393e1dd3d587df63c8f3ee6e3171757d91db8ec9d77988c75c6bc09311b4da6260ee28cccdef9f94a460063b63cd80572b7556bdbe5ecba73d803aa04f99147f4f11f6c7af75fb8e525b17d315fcc099b96ad2c1936f044e91f2661d2857cbfb3f9e010c7c0ae17d39d2e105b258471cbd994b91495f54f0f65433faebc2dbd13bf99eb281504cb255145a59b694d5fa283c7fd28c5dbb4a779c097218285ceab87409adab73841e621d15fe0897bd042ce655c43762b92b58c9d0d52c4f6467fd1c10b51a4da93ca542da8e1e1f59596a24b06ee45401911f968853064b92aad9b234a24b558261e06023210cbd62be54462be0a02503975afef6ca23eda1af08e1cbbca2d34bf5dbb6c&o= Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://ads.kelkoo.com/javascripts/scout.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.kelkoo.com
capitoloneautoloans.com
de-go.kelkoogroup.net
r.redirekted.com
www.google-analytics.com
ads.kelkoo.com
2a00:1450:4001:80f::200e
66.165.243.160
78.41.204.27
95.211.116.27
51bf3fd7d441b0c1aa9b3482e46c36977411afde3f20dde7360e5433f875deaa
55afe8ae4db5b6ca9ec5a3aca1f3a7b482ca51d0914acd250093f1a9ecbfccec
7a169b278e1f7ae2fb3ad631fe84189c6af207c68e183b69cb0bb9f358863fa6
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
da6035efd497565abb485f12815c7a4eb145d5aae508c6bd35e4e166a027befa
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

de-go.kelkoogroup.net Open in urlscan Pro 95.211.116.27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

22 %HTTPS

25 %IPv6

5 Domains

5 Subdomains

4 IPs

3 Countries

33 kBTransfer

60 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

7 Cookies

2 Console Messages

Indicators

de-go.kelkoogroup.net Open in urlscan Pro
95.211.116.27 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

22 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

4
IPs

3
Countries

33 kB
Transfer

60 kB
Size

7
Cookies

9 HTTP transactions
0 data transactions