IOC Radar
DomainMediumSignal 82/100

netflix-payments.com

Location
TurkeyTurkey
First Seen
Sep 2, 2020
Last Seen
Apr 28, 2026
Sep 2
First Seen
2110d ago
Apr 28
Last Seen
46d ago
11
Reports
source reports
82%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
82%
Signal Score
82 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

28 techniques

Feed Intelligence Summary

11 reports82% confidence
11
Source reports
82%
Confidence score
Category tags
abuseabuse reportaccount compromiseactive scanaerospace & defenseamazonappleattackautomotive manufacturingbad reputationbotnetbotnet activitybrand abusebrand impersonationbrute forcecertcivil servicescommand and controlcredential harvestingcredential stuffingcredential theftcyber securitydata exfiltrationdata store exposuredeceptive marketingdefensedefense contractingdefense logisticsdefense systemsdefense technologydistributed attackselectronics manufacturingexploitation activityfinancefraudulent websitegovernment technologyidentity & access exploitationindicatorindustrial automationindustrial iotindustrial productioninfrastructure acquisitionreconnaissanceingress tool transferinjection activityiociot securitymalicious activitymalicious downloadmalicious linkmalicious linksmalicious softwaremalwaremalware deliverymalware distributionmalware hostingmanufacturing technologymilitary operationsnational securitynetflixnetworknextraynorth americapayment securitypayment system attackpaypalphishingphishing attackphishing campaignphishing domain detectionphishing kitprocess injectionprocess manufacturingpublic administrationpublic infrastructurepublic policypupquality controlransomwarere-bill scamregulatory agenciesresearchedreward scamrogue domainroyalbankscams & fraudsecurity operationsself-signedsocial engineeringsocial engineering attackspamspam campaignsupply chain attacksupply chain managementt1055t1071t1071.001t1078t1105t1189t1192t1204t1204.001t1486t1496t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1583.001t1587.001t1588t1588.002t1590.001t1598t1598.003ta505technical support scamthreat actorthreat intelligencetor nodeturkeytyposquattingunited statesweb security

Activity Timeline

1 total obs
Apr 28Apr 28

Threat Activity Heatmap

· Peak: 2026-04-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
82
SIGNAL
Signal Score
82%
Confidence
11
Reports
First seenSep 2, 2020
Last seenApr 28, 2026

VirusTotal

Not checked

WHOIS

registrar
GMO Internet Group, Inc. d/b/a Onamae.com
description
Phishing, scams, all junk goes here.
domain rank
-1
raw
Admin City: Burlington Admin Country: US Admin Email: [email protected] Admin Organization: Privacy Protect LLC PrivacyProtect org Admin Postal Code: 01803 Admin State/Province: MA Creation Date: 2024-08-10T06:53:20Z DNSSEC: unsigned Domain Name: NETFLIX-PAYMENTS.COM Domain Name: netflix-payments.com Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.GM111.PARKLOGIC.COM Name Server: NS2.GM111.PARKLOGIC.COM Name Server: ns1.gm111.parklogic.com Name Server: ns2.gm111.parklogic.com Registrant City: 7ba6c62985322478 Registrant Country: US Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: edeae57e15fec50a Registrant Organization: c9261b1087030367 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: dbbc67aba64dff83 Registrant Postal Code: 6a048084caacaa97 Registrant State/Province: 36e414cc8874c746 Registrant Street: 53b107811872c5e2 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +81.337709199 Registrar IANA ID: 49 Registrar Registration Expiration Date: 2025-08-10T06:53:20Z Registrar URL: http://gmo.jp Registrar URL: http://www.onamae.com Registrar WHOIS Server: whois.discount-domain.com Registrar: GMO Internet Group, Inc. d/b/a Onamae.com Registrar: GMO Internet, Inc. Registry Admin ID: Not Available From Registry Registry Domain ID: 2906869655_DOMAIN_COM-VRSN Registry Expiry Date: 2026-08-10T06:53:20Z Registry Registrant ID: Not Available From Registry Registry Tech ID: Not Available From Registry Tech City: Burlington Tech Country: US Tech Email: [email protected] Tech Organization: Privacy Protect LLC PrivacyProtect org Tech Postal Code: 01803 Tech State/Province: MA Updated Date: 2025-08-11T07:05:20Z Updated Date: 2025-08-11T07:45:56Z
references
https://unit42.paloaltonetworks.com/cybersquatting/
subdomains count
59

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 1 month ago
Appeared in 11 threat reports