www.vpn.truewealth.co.nz Open in urlscan Pro
191.96.133.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.vpn.truewealth.co.nz/
Submission: On July 22 via automatic, source certstream-suspicious (July 22nd 2024, 2:02:12 am UTC) — Scanned from NZ

Summary HTTP 10 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 10 HTTP transactions. The main IP is 191.96.133.217, located in Buffalo, United States and belongs to WHG-USE1, GB. The main domain is www.vpn.truewealth.co.nz.
TLS certificate: Issued by R10 on July 22nd 2024. Valid for: 3 months.

This is the only time www.vpn.truewealth.co.nz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
7	191.96.133.217 191.96.133.217	14670 (WHG-USE1) (WHG-USE1)
1 1	159.127.40.133 159.127.40.133	25751 (VALUECLICK) (VALUECLICK)
1	184.27.40.234 184.27.40.234	16625 (AKAMAI-AS) (AKAMAI-AS)
10	3

7 191.96.133.217 (Buffalo, United States)

ASN14670 (WHG-USE1, GB)
PTR: madrid.servershost.net

www.vpn.truewealth.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.127.40.133 (United States) 1 redirects

ASN25751 (VALUECLICK, US)

www.qksrv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.27.40.234 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a184-27-40-234.deploy.static.akamaitechnologies.com

www.yceml.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	truewealth.co.nz www.vpn.truewealth.co.nz	15 KB
1	yceml.net www.yceml.net — Cisco Umbrella Rank: 66338	2 KB
1	qksrv.net 1 redirects www.qksrv.net — Cisco Umbrella Rank: 122970	423 B
0	Failed function sub() { [native code] }. Failed
0	ihug.co.nz Failed homepages.ihug.co.nz Failed
10	5

	Domain	Requested by
7	www.vpn.truewealth.co.nz	www.vpn.truewealth.co.nz
1	www.yceml.net	www.vpn.truewealth.co.nz
1	www.qksrv.net	1 redirects
0	Failed	www.vpn.truewealth.co.nz
0	homepages.ihug.co.nz Failed	www.vpn.truewealth.co.nz
10	5

This site contains no links.

Subject Issuer	Validity	Valid
*.truewealth.co.nz R10	`2024-07-22` - `2024-10-20`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.vpn.truewealth.co.nz/
Frame ID: 1BB13A5C81C2C19C6A3C8CC898036DD7
Requests: 2 HTTP requests in this frame

Frame: https://www.vpn.truewealth.co.nz/bannerframe.htm
Frame ID: 0FEC01A9CFC102DA15685FAB2EC33BB2
Requests: 3 HTTP requests in this frame

Frame: https://www.vpn.truewealth.co.nz/contentsframe.htm
Frame ID: B135F49D627325D49E789CC614ABD58C
Requests: 3 HTTP requests in this frame

Frame: https://www.vpn.truewealth.co.nz/flash_intro.htm
Frame ID: 4BFC70BD9586363DBA1863FC4CB0BAB8
Requests: 1 HTTP requests in this frame

Frame: https://www.vpn.truewealth.co.nz/footer.htm
Frame ID: B4C6DA4C212C54D2B7A911D80B087ABC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

True Wealth Limited - Specialising in wealth, health and lifestyle

Page Statistics

10
Requests

70 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

17 kB
Transfer

20 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://www.qksrv.net/image-1309318-9836611 HTTP 302
https://www.yceml.net/0067/9836611-1567791091366

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.vpn.truewealth.co.nz/	1 KB 705 B	1126ms 217ms	Document text/html	191.96.133.217 WHG-USE1
General Check archive.org Show headers Download Go to Full URL https://www.vpn.truewealth.co.nz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 191.96.133.217 Buffalo, United States, ASN14670 (WHG-USE1, GB), Reverse DNS madrid.servershost.net Software LiteSpeed / Resource Hash `bdebdc774c6476bea29fd14ddca0ab0a1552ab4d31abdd5a5151e44d7d286e48` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-length 451 content-type text/html date Mon, 22 Jul 2024 02:02:06 GMT last-modified Sat, 22 Mar 2008 19:20:39 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	bannerframe.htm Show response www.vpn.truewealth.co.nz/ Frame 0FEC	1 KB 584 B	220ms 220ms	Document text/html	191.96.133.217 WHG-USE1
General Check archive.org Show headers Download Go to Full URL https://www.vpn.truewealth.co.nz/bannerframe.htm Requested by Host: www.vpn.truewealth.co.nz URL: https://www.vpn.truewealth.co.nz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 191.96.133.217 Buffalo, United States, ASN14670 (WHG-USE1, GB), Reverse DNS madrid.servershost.net Software LiteSpeed / Resource Hash `8232cd8d4949781166043007d4c32517065b77a4d9f37f3a5579f686e122ef04` Request headers Referer https://www.vpn.truewealth.co.nz/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding br content-length 507 content-type text/html date Mon, 22 Jul 2024 02:02:07 GMT last-modified Mon, 22 Jan 2007 09:14:37 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	contentsframe.htm Show response www.vpn.truewealth.co.nz/ Frame B135	3 KB 758 B	225ms 225ms	Document text/html	191.96.133.217 WHG-USE1
General Check archive.org Show headers Download Go to Full URL https://www.vpn.truewealth.co.nz/contentsframe.htm Requested by Host: www.vpn.truewealth.co.nz URL: https://www.vpn.truewealth.co.nz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 191.96.133.217 Buffalo, United States, ASN14670 (WHG-USE1, GB), Reverse DNS madrid.servershost.net Software LiteSpeed / Resource Hash `9112a52f681eb3903827f1b7e94286089fda730004a891473477241e694be56c` Request headers Referer https://www.vpn.truewealth.co.nz/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding br content-length 704 content-type text/html date Mon, 22 Jul 2024 02:02:07 GMT last-modified Sat, 22 Mar 2008 19:21:35 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	flash_intro.htm Show response www.vpn.truewealth.co.nz/ Frame 4BFC	1 KB 563 B	231ms 231ms	Document text/html	191.96.133.217 WHG-USE1
General Check archive.org Show headers Download Go to Full URL https://www.vpn.truewealth.co.nz/flash_intro.htm Requested by Host: www.vpn.truewealth.co.nz URL: https://www.vpn.truewealth.co.nz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 191.96.133.217 Buffalo, United States, ASN14670 (WHG-USE1, GB), Reverse DNS madrid.servershost.net Software LiteSpeed / Resource Hash `dd957213c212159feebb2faff136735e162bc6ac68327543059eb682c6e74b71` Request headers Referer https://www.vpn.truewealth.co.nz/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding br content-length 510 content-type text/html date Mon, 22 Jul 2024 02:02:07 GMT last-modified Thu, 19 Feb 2004 23:08:03 GMT server LiteSpeed vary Accept-Encoding
GET H2	200	footer.htm Show response www.vpn.truewealth.co.nz/ Frame B4C6	626 B 343 B	230ms 230ms	Document text/html	191.96.133.217 WHG-USE1
General Check archive.org Show headers Download Go to Full URL https://www.vpn.truewealth.co.nz/footer.htm Requested by Host: www.vpn.truewealth.co.nz URL: https://www.vpn.truewealth.co.nz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 191.96.133.217 Buffalo, United States, ASN14670 (WHG-USE1, GB), Reverse DNS madrid.servershost.net Software LiteSpeed / Resource Hash `64afc51ac0f730a4f814d4985e6be7005ffc04d361364d84b429a8268b34c996` Request headers Referer https://www.vpn.truewealth.co.nz/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers accept-ranges bytes content-encoding br content-length 289 content-type text/html date Mon, 22 Jul 2024 02:02:07 GMT last-modified Mon, 22 Jan 2007 09:21:39 GMT server LiteSpeed vary Accept-Encoding
GET H3	200	twlsm.gif www.vpn.truewealth.co.nz/ Frame 0FEC	11 KB 11 KB	218ms 217ms	Image image/gif	191.96.133.217 WHG-USE1
General Check archive.org Show headers Download Go to Show image Full URL https://www.vpn.truewealth.co.nz/twlsm.gif Requested by Host: www.vpn.truewealth.co.nz URL: https://www.vpn.truewealth.co.nz/bannerframe.htm Protocol H3 Security QUIC, , AES_128_GCM Server 191.96.133.217 Buffalo, United States, ASN14670 (WHG-USE1, GB), Reverse DNS madrid.servershost.net Software LiteSpeed / Resource Hash `3210b21691f2232cd1b96a5c588942aca1d8a82d6fedf1780446e988bf5126bc` Request headers Referer https://www.vpn.truewealth.co.nz/bannerframe.htm User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Mon, 22 Jul 2024 02:02:07 GMT last-modified Thu, 19 Feb 2004 23:10:40 GMT server LiteSpeed content-type image/gif cache-control public, max-age=604800 accept-ranges bytes alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-length 10858 expires Mon, 29 Jul 2024 02:02:07 GMT
GET		Count.cgi homepages.ihug.co.nz/cgi-bin/ Frame 0FEC	0 0

GET H/1.1	200 OK	9836611-1567791091366 www.yceml.net/0067/ Frame B135 Redirect Chain https://www.qksrv.net/image-1309318-9836611 https://www.yceml.net/0067/9836611-1567791091366	1 KB 2 KB	1195ms 1047ms	Image image/gif	184.27.40.234 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.yceml.net/0067/9836611-1567791091366 Requested by Host: www.vpn.truewealth.co.nz URL: https://www.vpn.truewealth.co.nz/contentsframe.htm Protocol HTTP/1.1 Server 184.27.40.234 Sydney, Australia, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-27-40-234.deploy.static.akamaitechnologies.com Software Resin/4.0.66 / Resource Hash `c9cbcc7a9fa28bfce9fd1960917fc54441fb349e146d8937b9d6b447492cf395` Request headers Referer https://www.vpn.truewealth.co.nz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Date Mon, 22 Jul 2024 02:02:09 GMT Cache-Control max-age=604744 Server Resin/4.0.66 Connection keep-alive Content-Length 1535 Expires Mon, 29 Jul 2024 02:01:13 GMT Redirect headers Pragma no-cache Date Mon, 22 Jul 2024 02:02:08 GMT Server Resin/4.0.66 Content-Type text/html; charset=utf-8 Location https://www.yceml.net/0067/9836611-1567791091366 P3P policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT" Cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Length 86 Expires Mon, 22 Jul 2024 02:02:08 GMT
GET		twltime2.jpg /U:/ Frame B135	0 0

GET H3	404	favicon.ico www.vpn.truewealth.co.nz/	1 KB 1 KB	217ms 216ms	Other text/html	191.96.133.217 WHG-USE1
General Check archive.org Show headers Download Go to Full URL https://www.vpn.truewealth.co.nz/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 191.96.133.217 Buffalo, United States, ASN14670 (WHG-USE1, GB), Reverse DNS madrid.servershost.net Software LiteSpeed / Resource Hash `5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807` Request headers Referer https://www.vpn.truewealth.co.nz/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers pragma no-cache date Mon, 22 Jul 2024 02:02:09 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 server LiteSpeed content-length 1238 content-type text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: homepages.ihug.co.nz
URL: https://homepages.ihug.co.nz/cgi-bin/Count.cgi?df=daseel&st=1

Domain
URL: file:///U:/twltime2.jpg

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.vpn.truewealth.co.nz/bannerframe.htm Message: Mixed Content: The page at 'https://www.vpn.truewealth.co.nz/bannerframe.htm' was loaded over HTTPS, but requested an insecure element 'http://homepages.ihug.co.nz/cgi-bin/Count.cgi?df=daseel&st=1'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.vpn.truewealth.co.nz/contentsframe.htm Message: Mixed Content: The page at 'https://www.vpn.truewealth.co.nz/contentsframe.htm' was loaded over HTTPS, but requested an insecure element 'http://www.qksrv.net/image-1309318-9836611'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.vpn.truewealth.co.nz/bannerframe.htm(Line 35) Message: Mixed Content: The page at 'https://www.vpn.truewealth.co.nz/bannerframe.htm' was loaded over HTTPS, but requested an insecure element 'http://homepages.ihug.co.nz/cgi-bin/Count.cgi?df=daseel&st=1'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.vpn.truewealth.co.nz/contentsframe.htm(Line 125) Message: Mixed Content: The page at 'https://www.vpn.truewealth.co.nz/contentsframe.htm' was loaded over HTTPS, but requested an insecure element 'http://www.qksrv.net/image-1309318-9836611'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
javascript	error	URL: https://www.vpn.truewealth.co.nz/contentsframe.htm Message: Not allowed to load local resource: file:///U:/twltime2.jpg
network	error	URL: https://homepages.ihug.co.nz/cgi-bin/Count.cgi?df=daseel&st=1 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://www.vpn.truewealth.co.nz/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.


homepages.ihug.co.nz
www.qksrv.net
www.vpn.truewealth.co.nz
www.yceml.net

homepages.ihug.co.nz
159.127.40.133
184.27.40.234
191.96.133.217
3210b21691f2232cd1b96a5c588942aca1d8a82d6fedf1780446e988bf5126bc
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
64afc51ac0f730a4f814d4985e6be7005ffc04d361364d84b429a8268b34c996
8232cd8d4949781166043007d4c32517065b77a4d9f37f3a5579f686e122ef04
9112a52f681eb3903827f1b7e94286089fda730004a891473477241e694be56c
bdebdc774c6476bea29fd14ddca0ab0a1552ab4d31abdd5a5151e44d7d286e48
c9cbcc7a9fa28bfce9fd1960917fc54441fb349e146d8937b9d6b447492cf395
dd957213c212159feebb2faff136735e162bc6ac68327543059eb682c6e74b71

www.vpn.truewealth.co.nz Open in urlscan Pro 191.96.133.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

10 Requests

70 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

3 IPs

2 Countries

17 kBTransfer

20 kBSize

0 Cookies

0 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

0 Cookies

7 Console Messages

Indicators

www.vpn.truewealth.co.nz Open in urlscan Pro
191.96.133.217 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

70 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

17 kB
Transfer

20 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions