netflix.retencion-info.com Open in urlscan Pro
163.5.120.127 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://netflix.retencion-info.com/
Submission: On September 09 via automatic, source openphish (September 9th 2024, 2:25:21 am UTC) — Scanned from ES

Summary HTTP 19 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 163.5.120.127, located in Madrid, Spain and belongs to OHZ, ES. The main domain is netflix.retencion-info.com.
TLS certificate: Issued by R11 on September 8th 2024. Valid for: 3 months.

This is the only time netflix.retencion-info.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Netflix (Online)

Domain & IP information

	IP Address	AS Autonomous System
17	163.5.120.127 163.5.120.127	202673 (OHZ) (OHZ)
2	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
19	2

17 163.5.120.127 (Madrid, Spain)

ASN202673 (OHZ, ES)

netflix.retencion-info.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	retencion-info.com netflix.retencion-info.com	368 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	97 KB
19	2

	Domain	Requested by
17	netflix.retencion-info.com	netflix.retencion-info.com
2	code.jquery.com	netflix.retencion-info.com
19	2

This site contains links to these domains. Also see Links.

Domain
www.netflix.com
policies.google.com
help.netflix.com
optout.aboutads.info
www.onetrust.com

Subject Issuer	Validity	Valid
netflix.retencion-info.com R11	`2024-09-08` - `2024-12-07`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://netflix.retencion-info.com/
Frame ID: F80330EEF76C4D1C5DA4C777C4FE034E
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Netflix

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)/jquery-ui(?:\.min)?\.js
jquery-ui.*\.js

Page Statistics

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

465 kB
Transfer

1024 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.netflix.com/LoginHelp
Title: ¿Necesitas ayuda?

Search URL Search Domain Scan URL

URL: https://www.netflix.com/
Title: Suscríbete ahora

Search URL Search Domain Scan URL

URL: https://policies.google.com/privacy
Title: Política de privacidad

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Condiciones del servicio

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy#cookies
Title: Cookies y publicidad en Internet

Search URL Search Domain Scan URL

URL: https://help.netflix.com/legal/privacy
Title: Declaración de privacidad.

Search URL Search Domain Scan URL

URL: https://optout.aboutads.info/
Title: aquí.

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response netflix.retencion-info.com/	190 KB 28 KB	697ms 413ms	Document text/html	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `c09932575d0edca787573853fb4ef3e1e031b079e873b7119c6504744dd137c2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 28372 content-type text/html; charset=UTF-8 date Mon, 09 Sep 2024 02:25:15 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding
GET H2	200	error-page.b122c37502204303115a.css netflix.retencion-info.com/assets/css/	12 KB 3 KB	62ms 61ms	Stylesheet text/css	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/css/error-page.b122c37502204303115a.css Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `c89ae176ef8cc2ae1266b935060f9a42fc890fafa5b070644e509cee8b8c544e` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT content-encoding gzip last-modified Thu, 03 Aug 2023 06:58:34 GMT server nginx etag W/"64cb501a-2ebb" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	loginBase.b1adf06b6a2a1720f790.css netflix.retencion-info.com/assets/css/	44 KB 9 KB	62ms 61ms	Stylesheet text/css	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/css/loginBase.b1adf06b6a2a1720f790.css Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `28893dd43488d83c7ab4f71734f746bb94d8f268cafc6f7da9292e6e59ac209b` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT content-encoding gzip last-modified Wed, 02 Aug 2023 12:46:28 GMT server nginx etag W/"64ca5024-ae7f" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	Login.10b0d4338e625d30279d.css netflix.retencion-info.com/assets/css/	117 KB 16 KB	115ms 115ms	Stylesheet text/css	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/css/Login.10b0d4338e625d30279d.css Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `62f51997e38ed75eec0d7ebfb122dfa30a0728a5ece9835a001c82527fd4a5b2` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT content-encoding gzip last-modified Thu, 03 Aug 2023 07:02:50 GMT server nginx etag W/"64cb511a-1d26d" vary Accept-Encoding content-type text/css cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery-3.6.0.min.js Show response code.jquery.com/	87 KB 31 KB	105ms 32ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.0.min.js Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 2040821 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 30875 x-served-by cache-lga21931-LGA, cache-mad22034-MAD last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1725848716.884455,VS0,VE0 etag W/"28feccc0-15d9d" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 221837, 48022
GET H2	200	jquery-ui.min.js Show response code.jquery.com/ui/1.12.1/	248 KB 66 KB	114ms 41ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/ui/1.12.1/jquery-ui.min.js Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3875385 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 67751 x-served-by cache-lga21945-LGA, cache-mad22034-MAD last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1725848716.884581,VS0,VE0 etag W/"28feccc0-3dee4" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 75974, 10897
GET H2	200	live.js Show response netflix.retencion-info.com/assets/js/	388 B 582 B	115ms 115ms	Script application/javascript	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/js/live.js Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `3f8664fd423a4321876720e4dbd919f2f93f66d6e4e65e83a699a1b6d5095f4d` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT last-modified Sun, 13 Feb 2022 06:08:40 GMT server nginx etag "6208a068-184" content-type application/javascript; charset=utf-8 cache-control max-age=315360000 accept-ranges bytes content-length 388 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	fondo1.jpg netflix.retencion-info.com/assets/images/	113 KB 113 KB	63ms 63ms	Image image/jpeg	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Show image Full URL https://netflix.retencion-info.com/assets/images/fondo1.jpg Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `24ba3008c3d0de85f99bb546699f5a7d5232cbda001f4639ce83a9369f0bcd5c` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT last-modified Wed, 02 Aug 2023 09:27:04 GMT server nginx etag "64ca2168-1c375" content-type image/jpeg cache-control max-age=315360000 accept-ranges bytes content-length 115573 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	Netflix_Logo_PMS.png netflix.retencion-info.com/assets/images/	16 KB 16 KB	64ms 64ms	Image image/png	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Show image Full URL https://netflix.retencion-info.com/assets/images/Netflix_Logo_PMS.png Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT last-modified Wed, 02 Aug 2023 09:03:26 GMT server nginx etag "64ca1bde-4002" content-type image/png cache-control max-age=315360000 accept-ranges bytes content-length 16386 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	powered_by_logo.svg netflix.retencion-info.com/assets/images/	5 KB 2 KB	61ms 61ms	Image image/svg+xml	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Show image Full URL https://netflix.retencion-info.com/assets/images/powered_by_logo.svg Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT content-encoding gzip last-modified Wed, 02 Aug 2023 09:03:26 GMT server nginx etag W/"64ca1bde-144a" vary Accept-Encoding content-type image/svg+xml cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	NetflixSans_W_Rg.woff2 netflix.retencion-info.com/assets/fonts/	52 KB 52 KB	62ms 60ms	Font font/woff2	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/fonts/NetflixSans_W_Rg.woff2 Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/css/error-page.b122c37502204303115a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167` Request headers Referer https://netflix.retencion-info.com/assets/css/error-page.b122c37502204303115a.css Origin https://netflix.retencion-info.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT last-modified Thu, 03 Aug 2023 06:53:02 GMT server nginx etag "64cb4ece-d038" content-type font/woff2 cache-control max-age=315360000 accept-ranges bytes content-length 53304 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	NetflixSans_W_Md.woff2 netflix.retencion-info.com/assets/fonts/	53 KB 53 KB	63ms 61ms	Font font/woff2	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/fonts/NetflixSans_W_Md.woff2 Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/css/error-page.b122c37502204303115a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e` Request headers Referer https://netflix.retencion-info.com/assets/css/error-page.b122c37502204303115a.css Origin https://netflix.retencion-info.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT last-modified Thu, 03 Aug 2023 06:53:16 GMT server nginx etag "64cb4edc-d2b4" content-type font/woff2 cache-control max-age=315360000 accept-ranges bytes content-length 53940 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	nf-icon-v1-93.woff netflix.retencion-info.com/assets/fonts/	72 KB 72 KB	67ms 66ms	Font font/woff	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/fonts/nf-icon-v1-93.woff Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/css/Login.10b0d4338e625d30279d.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d` Request headers Referer https://netflix.retencion-info.com/assets/css/Login.10b0d4338e625d30279d.css Origin https://netflix.retencion-info.com User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:15 GMT last-modified Thu, 03 Aug 2023 07:01:16 GMT server nginx etag "64cb50bc-11f64" content-type font/woff cache-control max-age=315360000 accept-ranges bytes content-length 73572 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	nficon2016.ico netflix.retencion-info.com/assets/images/	17 KB 2 KB	63ms 62ms	Other image/x-icon	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/assets/images/nficon2016.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:16 GMT content-encoding gzip last-modified Wed, 02 Aug 2023 09:17:52 GMT server nginx etag W/"64ca1f40-423e" vary Accept-Encoding content-type image/x-icon cache-control max-age=315360000 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	updateOnline.php Show response netflix.retencion-info.com/helpers/	4 B 132 B	62ms 62ms	XHR text/html	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/helpers/updateOnline.php?user_id=90213779 Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/js/live.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `b221d9dbb083a7f33428d7c2a3c3198ae925614d70210e28716ccaa7cd4ddb79` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:17 GMT content-encoding gzip server nginx content-length 24 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H2	200	updateOnline.php Show response netflix.retencion-info.com/helpers/	4 B 132 B	63ms 62ms	XHR text/html	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/helpers/updateOnline.php?user_id=90213779 Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/js/live.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `b221d9dbb083a7f33428d7c2a3c3198ae925614d70210e28716ccaa7cd4ddb79` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:18 GMT content-encoding gzip server nginx content-length 24 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H2	200	updateOnline.php Show response netflix.retencion-info.com/helpers/	4 B 132 B	63ms 63ms	XHR text/html	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/helpers/updateOnline.php?user_id=90213779 Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/js/live.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `b221d9dbb083a7f33428d7c2a3c3198ae925614d70210e28716ccaa7cd4ddb79` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:19 GMT content-encoding gzip server nginx content-length 24 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H2	200	updateOnline.php Show response netflix.retencion-info.com/helpers/	4 B 132 B	64ms 64ms	XHR text/html	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/helpers/updateOnline.php?user_id=90213779 Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/js/live.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `b221d9dbb083a7f33428d7c2a3c3198ae925614d70210e28716ccaa7cd4ddb79` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:20 GMT content-encoding gzip server nginx content-length 24 vary Accept-Encoding content-type text/html; charset=UTF-8
GET H2	200	updateOnline.php Show response netflix.retencion-info.com/helpers/	4 B 132 B	63ms 63ms	XHR text/html	163.5.120.127 OHZ
General Check archive.org Show headers Download Go to Full URL https://netflix.retencion-info.com/helpers/updateOnline.php?user_id=90213779 Requested by Host: netflix.retencion-info.com URL: https://netflix.retencion-info.com/assets/js/live.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 163.5.120.127 Madrid, Spain, ASN202673 (OHZ, ES), Reverse DNS Software nginx / Resource Hash `b221d9dbb083a7f33428d7c2a3c3198ae925614d70210e28716ccaa7cd4ddb79` Request headers Referer https://netflix.retencion-info.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Mon, 09 Sep 2024 02:25:21 GMT content-encoding gzip server nginx content-length 24 vary Accept-Encoding content-type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Netflix (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Online function| saludar

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			netflix.retencion-info.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: l69erdm41tq5qmhl14drq2sq9p

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
netflix.retencion-info.com
163.5.120.127
2a04:4e42::649
24ba3008c3d0de85f99bb546699f5a7d5232cbda001f4639ce83a9369f0bcd5c
28893dd43488d83c7ab4f71734f746bb94d8f268cafc6f7da9292e6e59ac209b
3f8664fd423a4321876720e4dbd919f2f93f66d6e4e65e83a699a1b6d5095f4d
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62f51997e38ed75eec0d7ebfb122dfa30a0728a5ece9835a001c82527fd4a5b2
675dd7b68acf580f893bec532f5b260b8f984b67734a9a6831334b2ff4aad384
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
abe8012eb65c0dc0ac3e87dcc1e60e1908ebd8f12b7c47a5df1856f7a7bb1edd
b221d9dbb083a7f33428d7c2a3c3198ae925614d70210e28716ccaa7cd4ddb79
c09932575d0edca787573853fb4ef3e1e031b079e873b7119c6504744dd137c2
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
c89ae176ef8cc2ae1266b935060f9a42fc890fafa5b070644e509cee8b8c544e
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

netflix.retencion-info.com Open in urlscan Pro 163.5.120.127 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

465 kBTransfer

1024 kBSize

1 Cookies

8 Outgoing links

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

1 Cookies

Indicators

netflix.retencion-info.com Open in urlscan Pro
163.5.120.127 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

465 kB
Transfer

1024 kB
Size

1
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!