Report - carpen.adv.br/securewellsfargosecure/wellsfargo/login/

Report Overview

Submitted URL
carpen.adv.br/securewellsfargosecure/wellsfargo/login/
IP
216.172.172.129
ASN
#19871 NETWORK-SOLUTIONS-HOSTING
Submitted
2024-04-19 17:43:38
Access
public
Website Title
Sign On to View Your Personal Accounts | Wells Fargo
Final URL
carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Tags
wellsfargo financial phishing
urlquery detections
Phishing - Wells Fargo

Detections

urlquery
32
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
carpen.adv.br	unknown	unknown	No data	No data	16 kB	3.5 MB	216.172.172.129
www15.wellsfargomedia.com	20573	2009-06-25	2019-09-12	2024-03-23	1.6 kB	73 kB	96.6.19.156

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (23)

	URL	Size	First Seen	Last Seen
	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/atadun.js	1.2 kB	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/atadun.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-02 10:37:11 Times Seen4757 Hash 566dda94252f1860a7a28665c715b530 6aa0455dc8ea41441b1f3a733985758dc40af736 43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.5.js	6.1 kB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.5.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:11 Times Seen43 Hash 4cd4bf818c99ff83fc9ce2156c6be55f 26927a92d9bc8ba2b63af7e05eee77578703245d 08d354755dc9adefb41c59c46592115a5c76ccd543108ce7c6ab2fb7617a908f Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/wfui.7eb7682fa52759a99024.chunk.js	1.2 MB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/wfui.7eb7682fa52759a99024.chunk.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:11 Times Seen14 Hash 15146f4f1e4f9ac8c65850e73d6251bf 958bcf6c0c195c8ca305de1f1df7fe0259dbccef 02f87dcaadd2fa731b332356439b7cd60a1d502d2afff838871fb8410332ef85 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/vendor.0f3b274789da9fa3a8b1.chunk.js	459 kB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/vendor.0f3b274789da9fa3a8b1.chunk.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:10 Times Seen14 Hash 958af6a342be0fcbd1f7fb64023d35f9 ceb165a2d27cc74767276d626912a92b349773d5 ed5b2b6b14ac5cc200bf2d771069661e0c516349d756cf29536bebd10e09a3e2 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/main.17d807918e15956ad95f.chunk.js	6.9 kB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/main.17d807918e15956ad95f.chunk.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:11 Times Seen16 Hash 788d50a34153b374d17dc89c015209e9 b4e78cb4d69e31ed42b4538a46acf4788f91bd77 c18f15acded5ea4038de366888e3df2a241a30c4a76774f6589efc7068bde3fa Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/	186 B	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/ IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 12:07:14 Last Seen2024-05-02 10:37:10 Times Seen154 Hash f3ca36a997a7e2eb1c22d306f354a391 3d04f6cbfc5dc22ff7c2dedde66b2ed345049b19 4d5a95c5fb6ddc7fbf700cb2de740be804070d72121dd44db9fcb3cc43b59e30 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.9.js	11 kB	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.9.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-05-02 10:37:11 Times Seen44 Hash b7d078e49a0d7b507dbff8cf78554ec3 89020fd9ed1678f2fd3d97fa6008ba5a5875b1cc 34d6af1ed862f62ede259dedabcadba6446c1e9182cd70b19c66cb3acedae93d Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/ZTE	211 kB	2023-07-24	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/ZTE IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-24 17:01:17 Last Seen2024-05-02 10:37:11 Times Seen1135 Hash 9c7ea8a620421f0366414d9076866069 7151cb6e8abf7b53b41ac1a504a8feba71f3b068 ce6faf4362953335a4429f61ec96e585d554c26eeb0ee538fc752cfbf863cdac Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.4.js	5.9 kB	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.4.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-05-02 10:37:11 Times Seen45 Hash 15bd844e81d95845c29b50ec9f3e100c b4694ab4ad0384db500c155b371df093790f01f6 d05c6eece255484babbedeb74b3a5b19daaa9763049e08362b82cfdf1fc8bfbe Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.3.js	5.6 kB	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.3.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-05-02 10:37:11 Times Seen45 Hash afb83cb0c351cf06179a4e19d73ab7be 77e67c47f724a1a96839fc4ef843b5366100a62b 3636799d3181248d5db968a7851b9aa972ea77f64b3cba9ce6b0a8933106c0c2 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.10.js	21 kB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.10.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:11 Times Seen44 Hash cbc6a7a6729ddbafeb954b2688e4e4bb a18e5362444cd63d08180a035e3d07c52e699f34 de5f63b7382d3479f84e396eb2b19ea62be6a30a6292bbf5b95d46716be552c7 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/	108 B	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/ IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:13:04 Last Seen2024-05-02 10:37:10 Times Seen378 Hash c6dbfe04305a6bb9c5a30556554f0e77 e9ba626700cbb46bd799f0e9cf529d186c835cc5 6d24d0eb1dd6a7cad93bd6dc21d351619b77b133cea78303ae8e2354c9c90a70 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/adrum-ext.js	46 kB	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/adrum-ext.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:54:04 Last Seen2024-05-02 10:37:11 Times Seen33 Hash 69c630c91c0669d3c88d29c9860ea4b5 1ad3e1b9c9e737b6a26006d5c98d86c8048ab6dc b78d57e1736f692e67a9f3e3762b84993e8984d3d7d72bc9a55e4913880ef3d7 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/1.8b0d9aac9c76cdd18a46.chunk.js	104 kB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/1.8b0d9aac9c76cdd18a46.chunk.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:11 Times Seen14 Hash 67114f60408b4eb1471281538603c14a 1f1298e06ed27b3a8585b052e22632e32408f4b9 0949a7219e0aad15c35ee060d70908e65194677c569eb24c5cd67e61b265c64c Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.15.js	3.8 kB	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.15.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:38 Last Seen2024-05-02 10:37:11 Times Seen43 Hash ecc23176aa665855c451bceb08ca718e ad9d1d43415aa1800b2f2c024d07e1e9042cfed6 384f41d37d3a9be1a72e761589096fcce4119150ea81ead29ba758514d321e94 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.7.js	10 kB	2023-03-07	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.7.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:39 Last Seen2024-05-02 10:37:11 Times Seen47 Hash ab4745d183b02aecc2f060184d98883d 6ea6f3d306bda585b0743f4760d6a9ae368a2c40 9c4cf53fef9222fc5d6659fa4b776fe20d64c46886c3d96547aaae16134afb2a Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/login-userprefs.min.js	3.9 kB	2023-06-26	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/login-userprefs.min.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-26 14:52:50 Last Seen2024-05-02 10:37:11 Times Seen16 Hash 574080213b6b287119358249c6ca02b0 98dbb0bc9c4f3972da420437218549183adc9a2f 7c4ce6fc09971a6af0a2da2ad4d73c52e89c3da2eb3375c5860c0049c3007070 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.js	34 kB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:11 Times Seen40 Hash 52ceaa24ff02c7acc2123d516f74ac76 854f566a3ded22d56d80856bae40b73185d1dee2 8e011261942d9f89c394af6e3ec838beef85c536f43fc8a3d052deed076a5ce7 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/generic1675376475943.js	349 kB	2023-03-26	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/generic1675376475943.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-26 01:37:27 Last Seen2024-05-02 10:37:11 Times Seen98 Hash 3b10a8b88d4eee74f20aa2554682a84e a6ffb585edbbf689f2c83975f9f9b4868582b641 352dee2c122f974f609e7b97062206bc722f219565556f174b98dbc45c4cba09 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/	741 B	2024-04-19	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/ IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 19:43:46 Last Seen2024-05-02 10:37:10 Times Seen3 Hash 3ca0be82aee0143b211674be057ec72d fec891e87ac8e7eebb4233578f4d02312203fca3 39b0e4a876ec9fbf7982261ea1d0957919adf51bc0fa7d89eaeb09a0213f7d8e Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/0.2d945b14e107c71513b9.chunk.js	66 kB	2023-05-10	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/0.2d945b14e107c71513b9.chunk.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-10 15:11:47 Last Seen2024-05-02 10:37:11 Times Seen17 Hash 056b124c3a66ac58d401d50a91200b69 e39e81e6fa35344b0e5bf21251aadc1ee523a71a e4ab30c330e75066f03b99bef2fbe8fcb6751747dedea88223ac7114aabded32 Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/2.db20e550851dff8bb362.chunk.js	219 kB	2023-09-01	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/2.db20e550851dff8bb362.chunk.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-01 23:33:44 Last Seen2024-05-02 10:37:10 Times Seen5 Hash 809e9ee2057b5cbf14679f7a211e231f bdf9e04a3fdd823cf47a398ef5dea7551b443405 cf9ffc941704857e7d04bc85f48c45972e7abba90bcb2f88bfcf9ea480a68a0a Loading...

	carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.21.js	4.4 kB	2023-03-08	2024-05-02
Pretty URL carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.21.js IP 216.172.172.129 ASN #19871 NETWORK-SOLUTIONS-HOSTING Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:37:52 Last Seen2024-05-02 10:37:11 Times Seen26 Hash 725f20ce8d1afdb672062ad7b6375652 7920821c6cf158f9051bdac8c835c50939e2416e f6d94388f08f73ea73adbfa84c4ec5bff48ba7130e76c71479fcbf832c302d7c Loading...

HTTP Transactions (34)

URL IP Response Size

carpen.adv.br/securewellsfargosecure/wellsfargo/login/

216.172.172.129

200 OK

9.0 kB

URL User Request GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2328), with CRLF line terminators
Size
9.0 kB (9032 bytes)
Hash
581b13fb78c498b5c6cb445b3569aacc
f28fb3d3a5d4139ec639e227c38d10adca80fc98
f269f08b519254ee36678bf46258d05d190f7d7f2ba3704d6cb44247d009d57d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/ HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-length: 9032
content-type: text/html; charset=UTF-8
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/COB-BOB-IRT-enroll_tractor.jpg

216.172.172.129

200 OK

613 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/COB-BOB-IRT-enroll_tractor.jpg
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=www.apeloga.se], baseline, precision 8, 2400x1600, components 3
Size
613 kB (613304 bytes)
Hash
598c358e4116e7c92dcb86c0921e4c4b
215f0238729c4a8db8f1a50b0728e31892e471c9
d3ee0c954f26a12702c2ad4ca5fc14fa14198eadd59113a5baef17e0c1240ebe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/COB-BOB-IRT-enroll_tractor.jpg HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
content-length: 613304
content-type: image/jpeg
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/0.8b28e64ff92cf7a02329.chunk.css

216.172.172.129

200 OK

2.8 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/0.8b28e64ff92cf7a02329.chunk.css
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
ASCII text, with very long lines (8845), with no line terminators
Size
2.8 kB (2819 bytes)
Hash
a996466d889213b16cfe21111974bdf3
5db3b86e4cd4e8ecc6ecba286b4dd7e48f6d4028
bc2e28c4a95d553900cf09260347cb09aad757084d30e4ccf2ac8a35d4efe1aa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/0.8b28e64ff92cf7a02329.chunk.css HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2819
content-type: text/css
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/1.826835780deda3cfc8be.chunk.css

216.172.172.129

200 OK

4.1 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/1.826835780deda3cfc8be.chunk.css
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
ASCII text, with very long lines (17110), with no line terminators
Size
4.1 kB (4105 bytes)
Hash
7663a99610c6e623d730ce25a5398d77
d46fbc838343b939041cf5ff737a8196aa0795cf
dfda4f5b8d14996f570bd2e751a1ac7bc0b631dca09cf4693f47c750595b64e0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/1.826835780deda3cfc8be.chunk.css HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 4105
content-type: text/css
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/main.4870f47b74ad9141ce5b.chunk.css

216.172.172.129

200 OK

478 B

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/main.4870f47b74ad9141ce5b.chunk.css
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
ASCII text, with very long lines (3580), with no line terminators
Size
478 B (478 bytes)
Hash
5478cd781a86d43ea0ec9d311a84061a
63bfb881f921436cfb13df69759d4efd2aa60c98
c09753711c376ac7d47b28dca007a00ea49e907c3476fd12bdf8ae303cf52ec9

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/main.4870f47b74ad9141ce5b.chunk.css HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 478
content-type: text/css
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.3.js

216.172.172.129

200 OK

2.3 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.3.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (1022)
Size
2.3 kB (2313 bytes)
Hash
afb83cb0c351cf06179a4e19d73ab7be
77e67c47f724a1a96839fc4ef843b5366100a62b
3636799d3181248d5db968a7851b9aa972ea77f64b3cba9ce6b0a8933106c0c2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.3.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2313
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.10.js

216.172.172.129

200 OK

6.8 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.10.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (2575)
Size
6.8 kB (6752 bytes)
Hash
cbc6a7a6729ddbafeb954b2688e4e4bb
a18e5362444cd63d08180a035e3d07c52e699f34
de5f63b7382d3479f84e396eb2b19ea62be6a30a6292bbf5b95d46716be552c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.10.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 6752
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.21.js

216.172.172.129

200 OK

2.0 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.21.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (1090)
Size
2.0 kB (1977 bytes)
Hash
725f20ce8d1afdb672062ad7b6375652
7920821c6cf158f9051bdac8c835c50939e2416e
f6d94388f08f73ea73adbfa84c4ec5bff48ba7130e76c71479fcbf832c302d7c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.21.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1977
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/ZTE

216.172.172.129

200 OK

211 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/ZTE
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
data
Size
211 kB (211125 bytes)
Hash
9c7ea8a620421f0366414d9076866069
7151cb6e8abf7b53b41ac1a504a8feba71f3b068
ce6faf4362953335a4429f61ec96e585d554c26eeb0ee538fc752cfbf863cdac

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/ZTE HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
content-length: 211125
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.7.js

216.172.172.129

200 OK

3.6 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.7.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (1579)
Size
3.6 kB (3606 bytes)
Hash
ab4745d183b02aecc2f060184d98883d
6ea6f3d306bda585b0743f4760d6a9ae368a2c40
9c4cf53fef9222fc5d6659fa4b776fe20d64c46886c3d96547aaae16134afb2a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.7.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3606
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.9.js

216.172.172.129

200 OK

4.0 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.9.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (3237)
Size
4.0 kB (3953 bytes)
Hash
b7d078e49a0d7b507dbff8cf78554ec3
89020fd9ed1678f2fd3d97fa6008ba5a5875b1cc
34d6af1ed862f62ede259dedabcadba6446c1e9182cd70b19c66cb3acedae93d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.9.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 3953
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/atadun.js

216.172.172.129

200 OK

622 B

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/atadun.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
622 B (622 bytes)
Hash
566dda94252f1860a7a28665c715b530
6aa0455dc8ea41441b1f3a733985758dc40af736
43dd833f33570535401d009e6b6f9cde54bdac4e210fc6c89cfdcfcbaa9fc903

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/atadun.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 622
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.15.js

216.172.172.129

200 OK

1.8 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.15.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (1142)
Size
1.8 kB (1760 bytes)
Hash
ecc23176aa665855c451bceb08ca718e
ad9d1d43415aa1800b2f2c024d07e1e9042cfed6
384f41d37d3a9be1a72e761589096fcce4119150ea81ead29ba758514d321e94

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.15.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1760
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/login-userprefs.min.js

216.172.172.129

200 OK

1.7 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/login-userprefs.min.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (559)
Size
1.7 kB (1721 bytes)
Hash
574080213b6b287119358249c6ca02b0
98dbb0bc9c4f3972da420437218549183adc9a2f
7c4ce6fc09971a6af0a2da2ad4d73c52e89c3da2eb3375c5860c0049c3007070

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/login-userprefs.min.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1721
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/runtime.880333131bd6186f5de0.js

216.172.172.129

200 OK

3.0 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/runtime.880333131bd6186f5de0.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with CRLF line terminators
Size
3.0 kB (2969 bytes)
Hash
b7e9631b0feb87a173a1f276d8fdf556
b95eb00910787d5fa078ec1a5ae382556fcc62b4
eabaa88d8a1a9a5e979910075fc36ebabb0e30bbc15894024cf4aa94d9cf6af3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/runtime.880333131bd6186f5de0.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:42:20 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2969
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.5.js

216.172.172.129

200 OK

2.8 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.5.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (1438)
Size
2.8 kB (2755 bytes)
Hash
4cd4bf818c99ff83fc9ce2156c6be55f
26927a92d9bc8ba2b63af7e05eee77578703245d
08d354755dc9adefb41c59c46592115a5c76ccd543108ce7c6ab2fb7617a908f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.5.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2755
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.4.js

216.172.172.129

200 OK

1.7 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.4.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (4209)
Size
1.7 kB (1702 bytes)
Hash
15bd844e81d95845c29b50ec9f3e100c
b4694ab4ad0384db500c155b371df093790f01f6
d05c6eece255484babbedeb74b3a5b19daaa9763049e08362b82cfdf1fc8bfbe

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.4.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 1702
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.js

216.172.172.129

200 OK

13 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/utag.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (4327), with CRLF line terminators
Size
13 kB (12984 bytes)
Hash
52ceaa24ff02c7acc2123d516f74ac76
854f566a3ded22d56d80856bae40b73185d1dee2
8e011261942d9f89c394af6e3ec838beef85c536f43fc8a3d052deed076a5ce7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/utag.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 12984
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/main.17d807918e15956ad95f.chunk.js

216.172.172.129

200 OK

2.9 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/main.17d807918e15956ad95f.chunk.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (6889), with no line terminators
Size
2.9 kB (2914 bytes)
Hash
788d50a34153b374d17dc89c015209e9
b4e78cb4d69e31ed42b4538a46acf4788f91bd77
c18f15acded5ea4038de366888e3df2a241a30c4a76774f6589efc7068bde3fa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/main.17d807918e15956ad95f.chunk.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 2914
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2

96.6.19.156

200 OK

23 kB

URL GET HTTP/2
www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-sbd.woff2
IP
96.6.19.156:443
ASN
#16625 AKAMAI-AS

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerDigiCert Inc
Subjectwww15.wellsfargomedia.com
FingerprintDC:E4:44:A1:3F:E4:8F:5F:29:7D:F0:E0:17:49:BA:51:7E:2A:A5:65
ValidityWed, 27 Sep 2023 00:00:00 GMT - Thu, 26 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22600, version 1.13107
Size
23 kB (22600 bytes)
Hash
83df8749c013f13019fa8e0912041759
2bbffcf012a59e47661c0a37edda0fc772992ae7
ab9d8c97b35ed86b6224aca911aa304a0d7dbcbd28e00a4c6585b96e28ed30ba

HTTP Headers

GET /wfui/css/fonts/wellsfargosans-sbd.woff2 HTTP/1.1
Host: www15.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://carpen.adv.br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 22600
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5c7595ba-5848"
access-control-allow-origin: *
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 19 Apr 2025 17:43:12 GMT
date: Fri, 19 Apr 2024 17:43:12 GMT
X-Firefox-Spdy: h2

www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2

96.6.19.156

200 OK

27 kB

URL GET HTTP/2
www15.wellsfargomedia.com/wfui/css/fonts/wellsfargoserif-rg.woff2
IP
96.6.19.156:443
ASN
#16625 AKAMAI-AS

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerDigiCert Inc
Subjectwww15.wellsfargomedia.com
FingerprintDC:E4:44:A1:3F:E4:8F:5F:29:7D:F0:E0:17:49:BA:51:7E:2A:A5:65
ValidityWed, 27 Sep 2023 00:00:00 GMT - Thu, 26 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 26708, version 1.13107
Size
27 kB (26708 bytes)
Hash
885d42ab7ffcffc42ed29816c3ce9727
3d84cb41ddfb5bf8627e2b9dc867237bea47baad
aeb7b3bfc4281d35b02dfde05ac7a6c0d3daa7f3123b35a9cbd4b5a8e3f3c310

HTTP Headers

GET /wfui/css/fonts/wellsfargoserif-rg.woff2 HTTP/1.1
Host: www15.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://carpen.adv.br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 26708
last-modified: Mon, 11 Mar 2019 20:52:01 GMT
etag: "5c86ca71-6854"
access-control-allow-origin: *
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 19 Apr 2025 17:43:12 GMT
date: Fri, 19 Apr 2024 17:43:12 GMT
X-Firefox-Spdy: h2

www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2

96.6.19.156

200 OK

22 kB

URL GET HTTP/2
www15.wellsfargomedia.com/wfui/css/fonts/wellsfargosans-rg.woff2
IP
96.6.19.156:443
ASN
#16625 AKAMAI-AS

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerDigiCert Inc
Subjectwww15.wellsfargomedia.com
FingerprintDC:E4:44:A1:3F:E4:8F:5F:29:7D:F0:E0:17:49:BA:51:7E:2A:A5:65
ValidityWed, 27 Sep 2023 00:00:00 GMT - Thu, 26 Sep 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 22424, version 1.13107
Size
22 kB (22424 bytes)
Hash
0a1639ebe9fab396657a62aa5233c832
9b58164729ad918dd7255e4856f9da7f3a90bfde
631f3b6267a831a8d67c45e480b5d5a2601f10ff8708bcf3a45a41b377a129cc

HTTP Headers

GET /wfui/css/fonts/wellsfargosans-rg.woff2 HTTP/1.1
Host: www15.wellsfargomedia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://carpen.adv.br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 22424
last-modified: Tue, 26 Feb 2019 19:38:34 GMT
etag: "5c7595ba-5798"
access-control-allow-origin: *
accept-ranges: bytes
cache-control: max-age=31536000
expires: Sat, 19 Apr 2025 17:43:12 GMT
date: Fri, 19 Apr 2024 17:43:12 GMT
X-Firefox-Spdy: h2

carpen.adv.br/_bm/get_params?type=web-jsto,get-akid

216.172.172.129

404 Not Found

836 B

URL GET HTTP/2
carpen.adv.br/_bm/get_params?type=web-jsto,get-akid
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
836 B (836 bytes)
Hash
11a0bbc52834cf74da795d5815b7dc63
5d401cf953df570210427a92d27e00ddf403f4b7
c989a169a129121f006c8fcbf90ab305d9005d516ce72cc44b4949167eed39d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /_bm/get_params?type=web-jsto,get-akid HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
ADRUM: isAjax:true
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
last-modified: Tue, 04 Oct 2022 14:01:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 836
content-type: text/html
date: Fri, 19 Apr 2024 17:43:12 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/auth/static/scripts/adrum-ext.b4436be974de477658d4a93afb752165.js

216.172.172.129

404 Not Found

836 B

URL GET HTTP/2
carpen.adv.br/auth/static/scripts/adrum-ext.b4436be974de477658d4a93afb752165.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
836 B (836 bytes)
Hash
11a0bbc52834cf74da795d5815b7dc63
5d401cf953df570210427a92d27e00ddf403f4b7
c989a169a129121f006c8fcbf90ab305d9005d516ce72cc44b4949167eed39d5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /auth/static/scripts/adrum-ext.b4436be974de477658d4a93afb752165.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
last-modified: Tue, 04 Oct 2022 14:01:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 836
content-type: text/html
date: Fri, 19 Apr 2024 17:43:12 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/wfui.ab4e6b27ee491347fb16.chunk.css

216.172.172.129

200 OK

26 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/wfui.ab4e6b27ee491347fb16.chunk.css
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
26 kB (26243 bytes)
Hash
a94e453e27349ee62035c4c4c9e5a1e5
37020ec785ddd64715ac876591be9d8cdf155903
f8cef74b4cc1685a445a2dd11d7c5d0c61e0795467eca81020c812b2df400c85

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/wfui.ab4e6b27ee491347fb16.chunk.css HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/vendor.0f3b274789da9fa3a8b1.chunk.js

216.172.172.129

200 OK

459 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/vendor.0f3b274789da9fa3a8b1.chunk.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type

Size
459 kB (459178 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/vendor.0f3b274789da9fa3a8b1.chunk.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/0.2d945b14e107c71513b9.chunk.js

216.172.172.129

200 OK

66 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/0.2d945b14e107c71513b9.chunk.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
66 kB (65580 bytes)
Hash
056b124c3a66ac58d401d50a91200b69
e39e81e6fa35344b0e5bf21251aadc1ee523a71a
e4ab30c330e75066f03b99bef2fbe8fcb6751747dedea88223ac7114aabded32

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/0.2d945b14e107c71513b9.chunk.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/1.8b0d9aac9c76cdd18a46.chunk.js

216.172.172.129

200 OK

104 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/1.8b0d9aac9c76cdd18a46.chunk.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type

Size
104 kB (103614 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/1.8b0d9aac9c76cdd18a46.chunk.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/2.c3e28c438d94d046d21b.chunk.css

216.172.172.129

200 OK

109 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/2.c3e28c438d94d046d21b.chunk.css
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
109 kB (108743 bytes)
Hash
1d6d5a8a5710f8ae95b4b106d965b13b
43944b7bbbf3edec24226b72bf8327c4eb1bd21b
73ceca17cef332552d3235d60ea43f6f43560516bcac78d1ab5799823c8c7451

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/2.c3e28c438d94d046d21b.chunk.css HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/css
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/adrum-ext.js

216.172.172.129

200 OK

46 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/adrum-ext.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
JavaScript source, ASCII text, with very long lines (675)
Size
46 kB (45592 bytes)
Hash
69c630c91c0669d3c88d29c9860ea4b5
1ad3e1b9c9e737b6a26006d5c98d86c8048ab6dc
b78d57e1736f692e67a9f3e3762b84993e8984d3d7d72bc9a55e4913880ef3d7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/adrum-ext.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/wfui.7eb7682fa52759a99024.chunk.js

216.172.172.129

200 OK

1.2 MB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/wfui.7eb7682fa52759a99024.chunk.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type

Size
1.2 MB (1188434 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/wfui.7eb7682fa52759a99024.chunk.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/favicon.ico

216.172.172.129

404 Not Found

2.4 kB

URL GET HTTP/2
carpen.adv.br/favicon.ico
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2553), with no line terminators
Size
2.4 kB (2361 bytes)
Hash
f6117cde11582c69d15926f6eaa2c01e
e364986bfd9ca8d3e6636fa60eabe97ec10f2456
e32e774da87306c618ca633fd1d1ce9c05cd85c9b33e1645255a58380d87652c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
last-modified: Tue, 04 Oct 2022 14:01:30 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 836
content-type: text/html
date: Fri, 19 Apr 2024 17:43:12 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/generic1675376475943.js

216.172.172.129

200 OK

349 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/generic1675376475943.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type

Size
349 kB (348779 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/generic1675376475943.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/2.db20e550851dff8bb362.chunk.js

216.172.172.129

200 OK

219 kB

URL GET HTTP/2
carpen.adv.br/securewellsfargosecure/wellsfargo/login/includes/2.db20e550851dff8bb362.chunk.js
IP
216.172.172.129:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Certificate
IssuerLet's Encrypt
Subjectcarpen.adv.br
FingerprintF5:21:7D:E5:A1:42:CD:A1:C9:C3:B0:1F:A8:F8:2F:F5:0C:10:21:99
ValiditySun, 17 Mar 2024 10:12:33 GMT - Sat, 15 Jun 2024 10:12:32 GMT

File type

Size
219 kB (218570 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Wells Fargo

HTTP Headers

GET /securewellsfargosecure/wellsfargo/login/includes/2.db20e550851dff8bb362.chunk.js HTTP/1.1
Host: carpen.adv.br
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://carpen.adv.br/securewellsfargosecure/wellsfargo/login/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Sun, 30 Jul 2023 01:38:36 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
date: Fri, 19 Apr 2024 17:43:11 GMT
server: Apache
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (23)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML