thinkinghatsdev.com.au Open in urlscan Pro
103.9.168.9 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
Submission: On July 21 via automatic, source openphish (July 21st 2019, 3:04:41 pm UTC)

Summary HTTP 26 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 26 HTTP transactions. The main IP is 103.9.168.9, located in Woodend, Australia and belongs to SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD, AU. The main domain is thinkinghatsdev.com.au.

This is the only time thinkinghatsdev.com.au was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Wells Fargo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	103.9.168.9 103.9.168.9	45638 (SYNERGYWH...) (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD)
20	104.109.70.200 104.109.70.200	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	159.45.2.156 159.45.2.156	10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company)
1	159.45.2.145 159.45.2.145	10837 (WELLSFARG...) (WELLSFARGO-10837 - Wells Fargo & Company)
26	5

1 103.9.168.9 (Woodend, Australia)

ASN45638 (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD, AU)
PTR: c4s2-1e-syd.hosting-services.net.au

thinkinghatsdev.com.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 104.109.70.200 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-70-200.deploy.static.akamaitechnologies.com

www01.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www04.wellsfargomedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.45.2.156 (Concord, United States)

ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)

connect.secure.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.45.2.145 (Concord, United States)

ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US)

www.wellsfargo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	wellsfargomedia.com www01.wellsfargomedia.com www04.wellsfargomedia.com	371 KB
2	wellsfargo.com static.wellsfargo.com Failed www.wellsfargo.com Failed connect.secure.wellsfargo.com	20 KB
1	thinkinghatsdev.com.au thinkinghatsdev.com.au	12 KB
26	3

	Domain	Requested by
18	www01.wellsfargomedia.com	thinkinghatsdev.com.au
2	www04.wellsfargomedia.com	thinkinghatsdev.com.au
1	connect.secure.wellsfargo.com	thinkinghatsdev.com.au
1	www.wellsfargo.com	thinkinghatsdev.com.au
1	thinkinghatsdev.com.au
0	static.wellsfargo.com Failed	thinkinghatsdev.com.au
26	6

This site contains links to these domains. Also see Links.

Domain
oam.wellsfargo.com
stories.wf.com
welcome.wf.com
icomplete.wellsfargo.com
www.wellsfargoadvisors.com
connect.secure.wellsfargo.com
privatebank.wf.com
www.abbotdowning.com
www.facebook.com
www.linkedin.com
instagram.com
www.pinterest.com
www.youtube.com
twitter.com

Subject Issuer	Validity	Valid
www01.wellsfargomedia.com GeoTrust RSA CA 2018	`2019-02-19` - `2020-05-20`	a year	crt.sh
connect.secure.wellsfargo.com DigiCert Global CA G2	`2019-02-07` - `2021-02-07`	2 years	crt.sh
www.wellsfargo.com DigiCert Global CA G2	`2019-02-08` - `2021-02-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
Frame ID: 753648B83301C0DC46A8525F81B09F51
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

26
Requests

85 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

3
Countries

403 kB
Transfer

600 kB
Size

0
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://oam.wellsfargo.com/oamo/identity/enrollment
Title: Enroll

Search URL Search Domain Scan URL

URL: https://stories.wf.com/betterbank#/
Title: Learn More

Search URL Search Domain Scan URL

URL: https://welcome.wf.com/better/
Title: Learn More

Search URL Search Domain Scan URL

URL: https://icomplete.wellsfargo.com/oas/status/auth
Title: Finish Application/Check Status

Search URL Search Domain Scan URL

URL: https://www.wellsfargoadvisors.com/services/intuitive-investor.htm?cid=WFA1800032810&excid=WFA1800032810
Title: Digital Investing Plus Advice

Search URL Search Domain Scan URL

URL: https://www.wellsfargoadvisors.com/intuitive-investor/sign-on.htm?cid=WF1800032820&excid=WF1800032820
Title: Open an Intuitive Investor� Account

Search URL Search Domain Scan URL

URL: https://connect.secure.wellsfargo.com/auth/login/present?origin=irt
Title: Employer Plan 401(k) Sign On

Search URL Search Domain Scan URL

URL: https://privatebank.wf.com/conversations/
Title: Conversations Magazine

Search URL Search Domain Scan URL

URL: https://www.abbotdowning.com/contact_us/headquarters/
Title: Contact Abbot Downing

Search URL Search Domain Scan URL

URL: https://connect.secure.wellsfargo.com/auth/login/rewards
Title: Sign On to Go Far Rewards

Search URL Search Domain Scan URL

URL: https://www.facebook.com/wellsfargo
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/wellsfargo
Title:

Search URL Search Domain Scan URL

URL: https://instagram.com/wellsfargo/
Title:

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/wellsfargo/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/wellsfargo
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/wellsfargo
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request wellsfargo.htm Show response
thinkinghatsdev.com.au/newstartauto/wells/ 60 KB
12 KB 3851ms
404ms Document
text/html 103.9.168.9
SYNERGYWHOLESALE-...

General

Check archive.org

Show headers Download Go to

Full URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
Protocol: HTTP/1.1
Server: 103.9.168.9 Woodend, Australia, ASN45638 (SYNERGYWHOLESALE-AP SYNERGY WHOLESALE PTY LTD, AU),
Reverse DNS: c4s2-1e-syd.hosting-services.net.au
Software: LiteSpeed /
Resource Hash: 96d9b75e8ad9147b429852dbbe1c79d88d39d1818e4c45ae7386e2403f87134b

Request headers

Host: thinkinghatsdev.com.au
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Last-Modified: Sun, 21 Jul 2019 13:35:44 GMT
Content-Type: text/html
Content-Length: 11544
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Sun, 21 Jul 2019 15:04:04 GMT
Server: LiteSpeed
Connection: close

GET utag.sync.js
static.wellsfargo.com/tracking/toppages/ 0
0

GET homepage_ret.css
www.wellsfargo.com/css/home/ 0
0

GET
H/1.1 200
OK homepage-horz-logo.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ 5 KB
3 KB 4293ms
8ms Image
image/svg+xml 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/css/template/homepage/homepage-horz-logo.svg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

780b98a3861aa8d4afe428953ad3b9e988a74cd5f064b4a1eb453f5d901221e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2254
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 21 May 2019 01:44:19 GMT
Server: KONICHIWA/2.0
Date: Sun, 21 Jul 2019 15:04:11 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=1800
ETag: "15b8-5895bfcbfa2c0"
Accept-Ranges: bytes
Expires: Sun, 21 Jul 2019 15:34:11 GMT

GET
H/1.1 200
OK homepage-lock.svg
www04.wellsfargomedia.com/assets/images/css/template/homepage/ 2 KB
1 KB 2538ms
8ms Image
image/svg+xml 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www04.wellsfargomedia.com/assets/images/css/template/homepage/homepage-lock.svg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

7bfab3d904c5effc47fe1577c20615a1efcf84f2a6e1b8e5ccaa501ac657fcab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 789
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 17 Jul 2017 19:00:35 GMT
Server: KONICHIWA/2.0
Date: Sun, 21 Jul 2019 15:04:09 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=1800
ETag: "6f8-554880386bac0"
Accept-Ranges: bytes
Expires: Sun, 21 Jul 2019 15:34:09 GMT

GET
H/1.1 200
OK homepage-signon-lock.svg
www01.wellsfargomedia.com/assets/images/css/template/homepage/ 4 KB
2 KB 47ms
16ms Image
image/svg+xml 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/css/template/homepage/homepage-signon-lock.svg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

ea4b20ddecd76a86c3dc31d488970cf15e6284756c271b1d983f597652ebeb61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 1816
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
Date: Sun, 21 Jul 2019 15:04:13 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=2715
ETag: "f91-5838a9bd97ac0"
Accept-Ranges: bytes
Expires: Sun, 21 Jul 2019 15:49:28 GMT

GET
H/1.1 200
OK wfi111_ph_hph_default1_1200x532.jpg
www01.wellsfargomedia.com/assets/images/homepage/ 56 KB
57 KB 38ms
6ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/homepage/wfi111_ph_hph_default1_1200x532.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

172b637e7559c7d6c2d3dbe28cd5d921d27e63ccff5298481cfc0918508b6e75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Mon, 17 Jul 2017 19:00:38 GMT
Server: KONICHIWA/2.0
ETag: "e0ce-5548803b48180"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=1514
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 57550
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:29:27 GMT

GET
H/1.1 200
OK wfi000_lg_b-wf-stagecoach_rednoborder_1200x532.gif
www01.wellsfargomedia.com/assets/images/contextual/banner/enterprise/1200x532/ 29 KB
29 KB 38ms
7ms Image
image/gif 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/contextual/banner/enterprise/1200x532/wfi000_lg_b-wf-stagecoach_rednoborder_1200x532.gif

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

ccc70b70befcf5d55b4c60b21b6ea4d1631d2564112d4e6a949a1fa6fe8409ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Sat, 15 Jun 2019 13:29:04 GMT
Server: KONICHIWA/2.0
ETag: "73a4-58b5cbf29e800"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29604
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK task-icon-checking-50x50.png
www01.wellsfargomedia.com/assets/images/contextual/banner/checking/50x50/ 2 KB
3 KB 37ms
6ms Image
image/png 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/contextual/banner/checking/50x50/task-icon-checking-50x50.png

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

8e484163d648d7a53f20bc673aeab303c13d0b4b7c704501e72fbdbd979a8faa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "90c-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2316
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK task-icon-credit-50x50.png
www01.wellsfargomedia.com/assets/images/contextual/banner/credit-card/50x50/ 1 KB
2 KB 38ms
7ms Image
image/png 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/contextual/banner/credit-card/50x50/task-icon-credit-50x50.png

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

87c33e7fd82ad1d9ccdf87d2bae750853883635723d5c3b27adccccd54493a3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "5ee-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1550
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1518
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:30:03 GMT

GET
H/1.1 200
OK task-icon-student-50x50.png
www01.wellsfargomedia.com/assets/images/contextual/banner/student-loans/50x50/ 2 KB
2 KB 36ms
6ms Image
image/png 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/contextual/banner/student-loans/50x50/task-icon-student-50x50.png

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

ab15ef84ab70a529be42cd80dcf9655f320ad4eaedb6e85a5feccf8755007431

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "6ab-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=922
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1707
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:19:35 GMT

GET
H/1.1 200
OK task-icon-account-50x50.png
www01.wellsfargomedia.com/assets/images/homepage/ 1 KB
2 KB 7ms
6ms Image
image/png 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/homepage/task-icon-account-50x50.png

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

cb4cfd594b2f8e32b89c3cb3ce1e766619a0e8273a8b2eb9148880ee534d7ba5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "4fd-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1517
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1277
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:29:30 GMT

GET
H/1.1 200
OK task-icon-rates-50x50.png
www01.wellsfargomedia.com/assets/images/homepage/ 3 KB
3 KB 8ms
8ms Image
image/png 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/homepage/task-icon-rates-50x50.png

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

cede6c6d76d57a1f4da3d157863dc37c7e5a9d63f47b7f0401a985aaeb690f9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "a0a-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2570
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK FICO-phone-borrowing-and-credit-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ 35 KB
35 KB 6ms
6ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/FICO-phone-borrowing-and-credit-970x485.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

e9ecf74092e5fe396ce9fe40ea17070242ed95e6c0b09d595dd4254d8afcabaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "8a28-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35368
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK home-sprite-image.png
www01.wellsfargomedia.com/assets/images/css/template/homepage/ 11 KB
11 KB 6ms
6ms Image
image/png 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/css/template/homepage/home-sprite-image.png

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

11fa95cade4d31642d17ebba420d3706837b9a91090992b2d2aecc74a6b6ab88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Jul 2019 19:06:58 GMT
Server: KONICHIWA/2.0
ETag: "2b6a-58d3025f03880"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11114
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK paying-phone-beach-banking-made-easy-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ 33 KB
33 KB 7ms
7ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/paying-phone-beach-banking-made-easy-970x485.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

7b1acbecc92198d28a194bab0fa46dd84878d9cb78f3e2bbbd4ba771ef168ebd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "8326-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33574
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK couple-beach-retirement-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ 33 KB
33 KB 6ms
6ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/couple-beach-retirement-970x485.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

51044ed6d500b29e1b81d6d9a3033efd718c9ad62307fe1225baebcc8d5fb813

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "8275-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=419
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33397
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:11:12 GMT

GET
H/1.1 200
OK couple-moving-in-homelending-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ 34 KB
34 KB 8ms
8ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/couple-moving-in-homelending-970x485.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

d6fdad356ecabcdcfb77a0486b3e240f450369e0304739e55c71a112d5f3d2df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "875e-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=252
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34654
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:08:25 GMT

GET
H/1.1 200
OK student-graduation-going-to-college-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ 34 KB
35 KB 9ms
8ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/student-graduation-going-to-college-970x485.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

cfd4c24ae595a860f108f4de55ce9a1744bad06d612d508c4d0bf39901b9862c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "891b-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=1568
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35099
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:30:21 GMT

GET
H/1.1 200
OK woman-tablet-investing-basics-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ 32 KB
32 KB 6ms
6ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/woman-tablet-investing-basics-970x485.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

982003c4cecd7caa0d1b5b8ceb4ee3d9a49263cb37fe56ccf4d5113868fe6741

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "7fe5-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32741
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK woman-card-security-center-970x485.jpg
www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/ 34 KB
35 KB 6ms
6ms Image
image/jpeg 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/photography/lifestyle/970x485/woman-card-security-center-970x485.jpg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

7f1d06a3ce29e740376e880b0c35d5fb006ddf1773ee0d539e507c31067acbc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
ETag: "896a-5838a9bd97ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35178
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK homepage_footer_stagecoach.svg
www01.wellsfargomedia.com/assets/images/global/ 14 KB
7 KB 11ms
11ms Image
image/svg+xml 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www01.wellsfargomedia.com/assets/images/global/homepage_footer_stagecoach.svg

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

d6e3a5a263a697df3e5989b893e27ac29972dd9346b01da3e5476becb9a73a25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 6951
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 08 Mar 2019 00:50:27 GMT
Server: KONICHIWA/2.0
Date: Sun, 21 Jul 2019 15:04:13 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: max-age=846
ETag: "3708-5838a9bd97ac0"
Accept-Ranges: bytes
Expires: Sun, 21 Jul 2019 15:18:19 GMT

GET
H/1.1 200
OK home-sprite-image.png
www04.wellsfargomedia.com/assets/images/css/template/homepage/ 11 KB
11 KB 40ms
9ms Image
image/png 104.109.70.200
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www04.wellsfargomedia.com/assets/images/css/template/homepage/home-sprite-image.png

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

104.109.70.200 , Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a104-109-70-200.deploy.static.akamaitechnologies.com

Software

KONICHIWA/2.0 /

Resource Hash

11fa95cade4d31642d17ebba420d3706837b9a91090992b2d2aecc74a6b6ab88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Jul 2019 19:06:58 GMT
Server: KONICHIWA/2.0
ETag: "2b6a-58d3025f03880"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=1800
Date: Sun, 21 Jul 2019 15:04:13 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11114
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:13 GMT

GET
H/1.1 200
OK login-userprefs.min.js
connect.secure.wellsfargo.com/auth/static/prefs/ 83 KB
0 2370ms
686ms Script
application/x-javascript 159.45.2.156
Wells Fargo & Com...

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.secure.wellsfargo.com/auth/static/prefs/login-userprefs.min.js

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.156 Concord, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),

Reverse DNS

Software

KONICHIWA/1.1 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 21 Jul 2019 15:04:11 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 Jul 2019 02:42:13 GMT
Server: KONICHIWA/1.1
X-Frame-Options: SAMEORIGIN
ETag: W/"1c6f-58deb8ea7e3ba"
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: max-age=1800
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000; includeSubdomains;
X-XSS-Protection: 1; mode=block
Expires: Sun, 21 Jul 2019 15:34:11 GMT

GET jquery-hp.js
www.wellsfargo.com/js/vendor/ 0
0

GET
H/1.1 200
OK homepage_per.js Show response
www.wellsfargo.com/js/global/ 83 KB
20 KB 534ms
136ms Script
application/x-javascript 159.45.2.145
Wells Fargo & Com...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.wellsfargo.com/js/global/homepage_per.js

Requested by

Host: thinkinghatsdev.com.au
URL: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.45.2.145 Concord, United States, ASN10837 (WELLSFARGO-10837 - Wells Fargo & Company, US),

Reverse DNS

Software

KONICHIWA/2.0 /

Resource Hash

8ffc4d6a0d55daee3089560883f6e3c21cbbfef5b674a8dc875d9529e5e5376c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://thinkinghatsdev.com.au/newstartauto/wells/wellsfargo.htm
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sun, 21 Jul 2019 15:04:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Vary: Accept-Encoding
Content-Length: 19966
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 26 Jun 2019 22:18:44 GMT
Server: KONICHIWA/2.0
ETag: "14a1f-58c416da75900-gzip"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubdomains;
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Accept-Ranges: bytes
Keep-Alive: timeout=15, max=76
Expires: Sun, 21 Jul 2019 16:04:13 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.wellsfargo.com
URL: https://static.wellsfargo.com/tracking/toppages/utag.sync.js

Domain: www.wellsfargo.com
URL: https://www.wellsfargo.com/css/home/homepage_ret.css

Domain: www.wellsfargo.com
URL: https://www.wellsfargo.com/js/vendor/jquery-hp.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Wells Fargo (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| utag_data

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.secure.wellsfargo.com
static.wellsfargo.com
thinkinghatsdev.com.au
www.wellsfargo.com
www01.wellsfargomedia.com
www04.wellsfargomedia.com
static.wellsfargo.com
www.wellsfargo.com
103.9.168.9
104.109.70.200
159.45.2.145
159.45.2.156
11fa95cade4d31642d17ebba420d3706837b9a91090992b2d2aecc74a6b6ab88
172b637e7559c7d6c2d3dbe28cd5d921d27e63ccff5298481cfc0918508b6e75
51044ed6d500b29e1b81d6d9a3033efd718c9ad62307fe1225baebcc8d5fb813
780b98a3861aa8d4afe428953ad3b9e988a74cd5f064b4a1eb453f5d901221e7
7b1acbecc92198d28a194bab0fa46dd84878d9cb78f3e2bbbd4ba771ef168ebd
7bfab3d904c5effc47fe1577c20615a1efcf84f2a6e1b8e5ccaa501ac657fcab
7f1d06a3ce29e740376e880b0c35d5fb006ddf1773ee0d539e507c31067acbc3
87c33e7fd82ad1d9ccdf87d2bae750853883635723d5c3b27adccccd54493a3a
8e484163d648d7a53f20bc673aeab303c13d0b4b7c704501e72fbdbd979a8faa
8ffc4d6a0d55daee3089560883f6e3c21cbbfef5b674a8dc875d9529e5e5376c
96d9b75e8ad9147b429852dbbe1c79d88d39d1818e4c45ae7386e2403f87134b
982003c4cecd7caa0d1b5b8ceb4ee3d9a49263cb37fe56ccf4d5113868fe6741
ab15ef84ab70a529be42cd80dcf9655f320ad4eaedb6e85a5feccf8755007431
cb4cfd594b2f8e32b89c3cb3ce1e766619a0e8273a8b2eb9148880ee534d7ba5
ccc70b70befcf5d55b4c60b21b6ea4d1631d2564112d4e6a949a1fa6fe8409ed
cede6c6d76d57a1f4da3d157863dc37c7e5a9d63f47b7f0401a985aaeb690f9e
cfd4c24ae595a860f108f4de55ce9a1744bad06d612d508c4d0bf39901b9862c
d6e3a5a263a697df3e5989b893e27ac29972dd9346b01da3e5476becb9a73a25
d6fdad356ecabcdcfb77a0486b3e240f450369e0304739e55c71a112d5f3d2df
e9ecf74092e5fe396ce9fe40ea17070242ed95e6c0b09d595dd4254d8afcabaa
ea4b20ddecd76a86c3dc31d488970cf15e6284756c271b1d983f597652ebeb61

thinkinghatsdev.com.au Open in urlscan Pro 103.9.168.9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

26 Requests

85 %HTTPS

0 %IPv6

3 Domains

6 Subdomains

5 IPs

3 Countries

403 kBTransfer

600 kBSize

0 Cookies

16 Outgoing links

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

thinkinghatsdev.com.au Open in urlscan Pro
103.9.168.9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

85 %
HTTPS

0 %
IPv6

3
Domains

6
Subdomains

5
IPs

3
Countries

403 kB
Transfer

600 kB
Size

0
Cookies

26 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!