Legit or Not?

Scenario

In this exercise you learn how to spot a suspicious domain while learning the characteristics of a legitimate domain. You will examine two different domains, one will be legitimate, and the other is an actual phishing domain. The two domains are assets.nflxext.com and groupsnetflixpay.com.

Objectives

Objective 1: Which domain appears to be phishing?

Objective 2: Are there any other related Netflix web pages associated with this infrastructure?

Objective 3: Does this appear to be related to a larger phishing attack beyond Netflix?

Searches

First search: Perform a search for the domain assets.nflxext.com.
https://community.riskiq.com/search/assets.nflxext.com

Second search: Perform a search for the domain groupsnetflixpay.com
https://community.riskiq.com/search/groupsnetflixpay.com

Step by Step Video