rossanarossi.pe - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 161.132.46.38, located in Lima region, Peru and belongs to Red Cientifica Peruana, PE. The main domain is rossanarossi.pe.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 13th 2024. Valid for: 3 months.

This is the only time rossanarossi.pe was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	161.132.46.38 161.132.46.38	3132 (Red Cient...) (Red Cientifica Peruana)
3	2600:9000:20a... 2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42::272 2a04:4e42::272	54113 (FASTLY) (FASTLY)
6	3

2 161.132.46.38 (Lima region, Peru)

ASN3132 (Red Cientifica Peruana, PE)
PTR: cuyagua.yachay.pe

rossanarossi.pe	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1 (United States)

ASN16509 (AMAZON-02, US)

images-na.ssl-images-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::272 (United States)

ASN54113 (FASTLY, US)

m.media-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ssl-images-amazon.com images-na.ssl-images-amazon.com — Cisco Umbrella Rank: 893	34 KB
2	rossanarossi.pe rossanarossi.pe	9 KB
1	media-amazon.com m.media-amazon.com — Cisco Umbrella Rank: 518	28 KB
6	3

	Domain	Requested by
3	images-na.ssl-images-amazon.com	rossanarossi.pe
2	rossanarossi.pe
1	m.media-amazon.com	images-na.ssl-images-amazon.com
6	3

This site contains links to these domains. Also see Links.

Domain
www.amazon.it

Subject Issuer	Validity	Valid
rossanarossi.pe cPanel, Inc. Certification Authority	`2024-04-13` - `2024-07-12`	3 months	crt.sh
images-na.ssl-images-amazon.com DigiCert Global CA G2	`2024-01-05` - `2024-12-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://rossanarossi.pe/amsoooo/index/openid.pape.max.next.html
Frame ID: A34F97839B102ED2EC5C781D99289DC2
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazon-Anmeldung

Page Statistics

6
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

70 kB
Transfer

221 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.amazon.it/ap/forgotpassword?showRememberMe=true&openid.pape.max_auth_age=0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=itflex&openid.return_to=https%3A%2F%2Fwww.amazon.it%2F%3Fref_%3Dnav_ya_signin&prevRID=FP0THZZGXZT7282HXQBA&openid.assoc_handle=itflex&openid.mode=checkid_setup&prepopulatedLoginId=eyJjaXBoZXIiOiJqV1NJTWVrRWpNUHhXQklBZ1JrSFl4bFpraUhHcml6UHdZckdCUThSQXlNPSIsInZlcnNpb24iOjEsIklWIjoiWkJNSmZuekxFVmljeGtzNnBDSkVIZz09In0%3D&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&timestamp=1603532053000
Title: Passwort vergessen

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request openid.pape.max.next.html Show response rossanarossi.pe/amsoooo/index/	8 KB 8 KB	1397ms 215ms	Document text/html	161.132.46.38 Red Cientifica Pe...
General Check archive.org Show headers Download Go to Full URL https://rossanarossi.pe/amsoooo/index/openid.pape.max.next.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 161.132.46.38 Lima region, Peru, ASN3132 (Red Cientifica Peruana, PE), Reverse DNS cuyagua.yachay.pe Software Apache / Resource Hash `e77463db78ed9be9090caf256871943d110ce5c27d718a116ae93c56d383a77e` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36 Response headers Accept-Ranges bytes Connection close Content-Length 8094 Content-Type text/html Date Tue, 14 May 2024 15:01:43 GMT Last-Modified Mon, 31 Jan 2022 23:16:53 GMT Server Apache
GET H2	200	61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css images-na.ssl-images-amazon.com/images/I/	137 KB 23 KB	175ms 50ms	Stylesheet text/css	2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css?AUIClients/AmazonUI Requested by Host: rossanarossi.pe URL: https://rossanarossi.pe/amsoooo/index/openid.pape.max.next.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `8ff52030ae312e1688bd111f80d21dc533e457cdefd9cdf07722ec9f51de79bb` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://rossanarossi.pe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36 Response headers date Sat, 02 Mar 2024 12:29:40 GMT content-encoding gzip via 1.1 7d775f7e444ed74169f0db8decde7d20.cloudfront.net (CloudFront) age 4069878 x-amz-cf-pop MUC50-P5 edge-cache-tag x-cache-292,/images/I/61Brdu0o6LL x-nginx-cache-status HIT x-cache Hit from cloudfront server-timing provider;desc="cf" alt-svc h3=":443"; ma=86400 surrogate-key x-cache-292 /images/I/61Brdu0o6LL last-modified Wed, 03 Jan 2018 00:13:54 GMT server Server content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 9c827244-98e7-41be-90c0-63a04cba39ef timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id TUyLahwQOmZHDaj-S7Qvod6WrD0X50Fs6npKdQMCb3UlTqgBJerBdw== expires Fri, 26 Feb 2044 12:29:40 GMT
GET H2	200	01SdjaY0ZsL._RC%7C419sIPk+mYL.css,41+ENBGOqUL.css_.css images-na.ssl-images-amazon.com/images/I/	46 KB 9 KB	167ms 43ms	Stylesheet text/css	2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/01SdjaY0ZsL._RC%7C419sIPk+mYL.css,41+ENBGOqUL.css_.css?AUIClients/AuthenticationPortalAssets Requested by Host: rossanarossi.pe URL: https://rossanarossi.pe/amsoooo/index/openid.pape.max.next.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `379abf5c20c39001941fa149c641d61154d10bfe6a2e009f9c25dc060919480e` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://rossanarossi.pe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36 Response headers date Sat, 20 Apr 2024 07:21:30 GMT content-encoding gzip via 1.1 7d775f7e444ed74169f0db8decde7d20.cloudfront.net (CloudFront) age 568711 x-amz-cf-pop MUC50-P5 edge-cache-tag x-cache-740,/images/I/01SdjaY0ZsL x-nginx-cache-status HIT x-cache Hit from cloudfront server-timing provider;desc="cf" alt-svc h3=":443"; ma=86400 surrogate-key x-cache-740 /images/I/01SdjaY0ZsL last-modified Sat, 30 May 2015 02:58:48 GMT server Server content-type text/css access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id 731db642-4411-4573-9c2c-b75ecc91a708 timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id rChebwUQG2xkN_Kt2RAUd6drA5bhWU8XHDukcxCaOyQ-gMN2et34_g== expires Fri, 15 Apr 2044 07:21:30 GMT
GET H2	200	11E08O3eXDL.css images-na.ssl-images-amazon.com/images/I/	2 KB 1 KB	201ms 76ms	Stylesheet text/css	2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://images-na.ssl-images-amazon.com/images/I/11E08O3eXDL.css?AUIClients/CVFAssets Requested by Host: rossanarossi.pe URL: https://rossanarossi.pe/amsoooo/index/openid.pape.max.next.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Server / Resource Hash `122a38d736dd4b129af47e1d4f6d955d335f55256f2f231d8ccd1a58562cd381` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://rossanarossi.pe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36 Response headers date Tue, 02 Jan 2024 06:21:45 GMT content-encoding gzip via 1.1 7d775f7e444ed74169f0db8decde7d20.cloudfront.net (CloudFront) age 9392441 x-amz-cf-pop MUC50-P5 edge-cache-tag x-cache-906,/images/I/11E08O3eXDL x-nginx-cache-status HIT x-cache Hit from cloudfront server-timing provider;desc="cf" alt-svc h3=":443"; ma=86400 surrogate-key x-cache-906 /images/I/11E08O3eXDL last-modified Fri, 27 Mar 2020 19:40:05 GMT server Server content-type text/css; charset=utf-8 access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id c5d38104-bfc7-4ffb-8b21-1d6db5e875a4 timing-allow-origin https://www.amazon.in, https://www.amazon.com x-amz-cf-id ma_shGPPq6eSJ6ipDAVJa18jkcA5TlZvDBHZawqzl6w0OITkNK2YaQ== expires Mon, 28 Dec 2043 06:21:45 GMT
GET H2	200	AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png m.media-amazon.com/images/G/01/AUIClients/	27 KB 28 KB	190ms 56ms	Image image/png	2a04:4e42::272 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://m.media-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png Requested by Host: images-na.ssl-images-amazon.com URL: https://images-na.ssl-images-amazon.com/images/I/61Brdu0o6LL._RC%7C11Fd9tJOdtL.css,21y5jWQoUML.css,31Q3id-QR0L.css,31P8A7PnBZL.css_.css?AUIClients/AmazonUI#us.not-trident Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::272 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash `437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://images-na.ssl-images-amazon.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36 Response headers date Tue, 14 May 2024 15:01:43 GMT age 1068939 x-cache HIT from fastly, HIT from fastly x-nginx-cache-status MISS server-timing provider;desc="fy" alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 27972 x-served-by cache-iad-kjyo7100116-IAD, cache-mxp6948-MXP last-modified Fri, 22 Sep 2017 00:23:19 GMT content-type image/png access-control-allow-origin * cache-control max-age=630720000,public x-amz-ir-id e7813be5-eb12-4625-aa62-cde45e3882bc accept-ranges bytes timing-allow-origin https://www.amazon.com expires Mon, 21 Sep 2043 11:52:38 GMT
GET H/1.1	404 Not Found	favicon.ico rossanarossi.pe/	315 B 479 B	638ms 213ms	Other text/html	161.132.46.38 Red Cientifica Pe...
General Check archive.org Show headers Download Go to Full URL https://rossanarossi.pe/favicon.ico Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 161.132.46.38 Lima region, Peru, ASN3132 (Red Cientifica Peruana, PE), Reverse DNS cuyagua.yachay.pe Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://rossanarossi.pe/amsoooo/index/openid.pape.max.next.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36 Response headers Date Tue, 14 May 2024 15:01:44 GMT Server Apache Connection close Content-Length 315 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getCookie

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://rossanarossi.pe/amsoooo/index/openid.pape.max.next.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://rossanarossi.pe/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

images-na.ssl-images-amazon.com
m.media-amazon.com
rossanarossi.pe
161.132.46.38
2600:9000:20ae:4e00:1d:d7f6:39d3:d9e1
2a04:4e42::272
122a38d736dd4b129af47e1d4f6d955d335f55256f2f231d8ccd1a58562cd381
379abf5c20c39001941fa149c641d61154d10bfe6a2e009f9c25dc060919480e
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
8ff52030ae312e1688bd111f80d21dc533e457cdefd9cdf07722ec9f51de79bb
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e77463db78ed9be9090caf256871943d110ce5c27d718a116ae93c56d383a77e

rossanarossi.pe Open in urlscan Pro 161.132.46.38 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

6 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

70 kBTransfer

221 kBSize

0 Cookies

1 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

rossanarossi.pe Open in urlscan Pro
161.132.46.38 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

70 kB
Transfer

221 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!