Legit or Not?

Scenario

In this exercise you learn how to spot a suspicious domain while learning the characteristics of a legitimate domain. You will examine two different domains, one will be legitimate, and the other is an actual phishing domain. The two domains are assets.nflxext.com and groupsnetflixpay.com.

Objectives

Objective 1: Which domain appears to be phishing?

Objective 2: Are there any other related Netflix web pages associated with this infrastructure?

Objective 3: Does this appear to be related to a larger phishing attack beyond Netflix?

Searches

First search: Perform a search for the domain assets.nflxext.com.
https://community.riskiq.com/search/assets.nflxext.com

Second search: Perform a search for the domain groupsnetflixpay.com
https://community.riskiq.com/search/groupsnetflixpay.com

Step by Step Video

Back to Resources

Forrester Wave: External Threat Intelligence Services, Q1 2021

RiskIQ Illuminate® Internet Intelligence Platform Datasheet

Five Security Intelligence Must-Haves For Next-Gen Attack Surface Management

Threat Investigations and Response RiskIQ Solution Brief

Illuminate One-Hour On-Demand Event

Legit or Not?

Scenario

Objectives

Searches

Step by Step Video