Scenario
In this exercise you learn how to spot a suspicious domain while learning the characteristics of a legitimate domain. You will examine two different domains, one will be legitimate, and the other is an actual phishing domain. The two domains are assets.nflxext.com and groupsnetflixpay.com.
Objectives
Objective 1: Which domain appears to be phishing?
Objective 2: Are there any other related Netflix web pages associated with this infrastructure?
Objective 3: Does this appear to be related to a larger phishing attack beyond Netflix?
Searches
First search: Perform a search for the domain assets.nflxext.com.
https://community.riskiq.com/search/assets.nflxext.com
Second search: Perform a search for the domain groupsnetflixpay.com
https://community.riskiq.com/search/groupsnetflixpay.com
Step by Step Video
