{"id":1499,"date":"2018-08-07T23:13:21","date_gmt":"2018-08-07T23:13:21","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=1499"},"modified":"2020-05-06T10:27:04","modified_gmt":"2020-05-06T17:27:04","slug":"are-you-sure-those-domains-are-what-you-think-they-are","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/","title":{"rendered":"Are You Sure Those Domains Are What You Think They Are?"},"content":{"rendered":"<p>Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually. But in the case of domain names, hackers can trick you.<\/p>\n<p>Let\u2019s take a look at the following domains:<\/p>\n<p>G00gle.com<\/p>\n<p>Goog1e.com<\/p>\n<p>Bankofthevvest.com<\/p>\n<p>rnicrosoft.com<\/p>\n<p>I am sure you, a reader of this blog, can tell that the above domains are not google.com,\u00a0 bankofthewest.com, and microsoft.com, because you are a professional in the security business, or because you have sharp eyes, or because you have a natural instinct to identify the minor differences. However, if those domains appeared in a very long URL with a tiny font, like the one below, will you still be able to tell the difference at first glance?<\/p>\n<p>https :\/\/docs.goog1e.com\/d\/11nlyrVIYHsadg5vdFGxBRgm-LUICEc5FBUc_wgz5R000ZU\/edit#slide=id.p2<\/p>\n<p>Or, if it was part of an email that got sent to a grandmother with the message, \u201cHappy Holidays from your grandson, click the following link to hear his first words.\u201d Do you think the grandmother would be able to tell? I have little confidence in my own mother.<\/p>\n<h2 id=\"toc-hId--1333225462\">Welcome to the World of Lookalike Domains<\/h2>\n<p>As the name suggests, lookalike domains look very similar to legitimate domains. And they are often used in something called homograph attacks in the security context. The examples above, which replaced \u201co\u201d with \u201c0\u201d, \u201cl\u201d with \u201c1\u201d, \u201cw\u201d with \u201cvv\u201d and \u201cm\u201d with \u201crn\u201d, were actually early instances of homograph attacks. There are more advanced forms of lookalike domains that are much harder to detect with the naked eye. (For security reasons, all links to lookalike domains in this blog are presented as images to ensure you don\u2019t mistakenly click on them.)<\/p>\n<p>For example, can you tell the difference between the following?<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1527\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/domains-wiki.png\" alt=\"Domains - Wikipedia\" width=\"600\" height=\"90\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/domains-wiki.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/domains-wiki-300x45.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>and<\/p>\n<p>wikipedia.org<\/p>\n<p>In the picture, the Latin letters &#8220;e&#8221; and &#8220;a&#8221; are replaced with the Cyrillic letters &#8220;\u0435&#8221; and &#8220;\u0430&#8221;. [1]<\/p>\n<p>Here is another example: [2]<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1526\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/domains-apple.png\" alt=\"Domains - Apple\" width=\"600\" height=\"226\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/domains-apple.png 600w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/domains-apple-300x113.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p>In this picture, the \u201ca\u201d in apple.com is the Cyrillic \u201ca\u201d, not English \u201ca\u201d.<\/p>\n<p>These two examples use an advanced form of homograph attack technique with lookalike domains. This technique uses a different alphabet (in this case Cyrillic) that has letters that look like English letters. But those letters are encoded differently in the computer, so while a human being may mistake them for a legitimate domain, computers wouldn\u2019t. As a result, when you click on those links in a browser or any other application like email, you will be taken to domains that you did not intend.\u00a0 Such visits open doors to a lot of possibilities not in your favor. For example, it may lead to a website where you are asked to download some software which turns out to be malicious or a website that asks you to enter your banking credentials. You might have already been to at least one of those sites.<\/p>\n<p>Not only can those malicious lookalike domains lead consumers into dangerous waters, they can also lead to significant financial losses for businesses.<\/p>\n<p>Businesses care about their customers; they also care about their brand. A lookalike domain can hurt brands because they can be used to redirect\/steal traffic to a different website, which might be sell competing goods. This is called URL hijacking and businesses take it seriously. They may report URL hijacking to law enforcement.<\/p>\n<h2 id=\"toc-hId--445721781\">How to Protect Yourself Against Lookalike Domains<\/h2>\n<p>Various defense mechanisms against lookalike domains are available. For simple tricks such as replacing \u201co\u201d with \u201c0\u201d, \u201cl\u201d with \u201c1\u201d, \u201cw\u201d with \u201cvv\u201d and \u201cm\u201d with \u201crn\u201d, a user should be able to tell if they are careful enough. For the advanced tricks like replacing English letters with Cyrillic, most modern browsers will give you warnings (with the exception of Mozilla\/Firefox [4]).<\/p>\n<p>To defend against any attack you first have to detect it. One effective way to identify lookalike domains is to use artificial intelligence and machine learning technology\u00a0 (AI\/ML) to scan through domains to find potential lookalike domains. You can then put those domains into a\u00a0<a class=\" bf_ungated_init\" href=\"https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-deployment-guide-infoblox-dns-firewall-with-activetrust-threat-feed.pdf?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DNS firewall<\/a>\u00a0and automatically filter out the DNS requests to those domains. When the DNS requests are denied, Internet traffic to those domains will not go through. Infoblox recently released a lookalike domain detection feature in the latest version of\u00a0<a href=\"https:\/\/www.infoblox.com\/products\/activetrust\/?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ActiveTrust\u00ae<\/a>\u00a0and is working to put those detected domains into an RPZ data feed so that your enterprise and your employees will be protected from those domains. For more details, please visit\u00a0<a href=\"https:\/\/www.infoblox.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Infoblox.com<\/a><\/p>\n<h3 id=\"toc-hId--1365672563\">References<\/h3>\n<ol>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/IDN_homograph_attack\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">https:\/\/en.wikipedia.org\/wiki\/IDN_homograph_attack<\/a><\/li>\n<li><a href=\"https:\/\/www.xudongz.com\/blog\/2017\/idn-phishing\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">https:\/\/www.xudongz.com\/blog\/2017\/idn-phishing\/<\/a><\/li>\n<li><a href=\"https:\/\/en.wikipedia.org\/wiki\/Typosquatting\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">https:\/\/en.wikipedia.org\/wiki\/Typosquatting<\/a><\/li>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2018\/03\/look-alike-domains-and-visual-confusion\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">https:\/\/krebsonsecurity.com\/2018\/03\/look-alike-domains-and-visual-confusion\/<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually. But in the case of domain names, hackers can trick you. Let\u2019s take a look at the following domains: G00gle.com Goog1e.com Bankofthevvest.com rnicrosoft.com I am sure you, a reader of this blog, can [&hellip;]<\/p>\n","protected":false},"author":249,"featured_media":659,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[49,15],"class_list":{"0":"post-1499","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-mitigate-threats","9":"tag-security","10":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Are You Sure Those Domains Are What You Think They Are?<\/title>\n<meta name=\"description\" content=\"Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Are You Sure Those Domains Are What You Think They Are?\" \/>\n<meta property=\"og:description\" content=\"Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-07T23:13:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:27:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ransomware-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Philip Quian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Philip Quian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/\"},\"author\":{\"name\":\"Philip Quian\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/6a924a7ce4c0b4614b9b69fdeaea7cab\"},\"headline\":\"Are You Sure Those Domains Are What You Think They Are?\",\"datePublished\":\"2018-08-07T23:13:21+00:00\",\"dateModified\":\"2020-05-06T17:27:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/\"},\"wordCount\":788,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ransomware-featured-image.jpg\",\"keywords\":[\"mitigate threats\",\"Security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/\",\"name\":\"Are You Sure Those Domains Are What You Think They Are?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ransomware-featured-image.jpg\",\"datePublished\":\"2018-08-07T23:13:21+00:00\",\"dateModified\":\"2020-05-06T17:27:04+00:00\",\"description\":\"Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ransomware-featured-image.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ransomware-featured-image.jpg\",\"width\":660,\"height\":454,\"caption\":\"ransomware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/are-you-sure-those-domains-are-what-you-think-they-are\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Are You Sure Those Domains Are What You Think They Are?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/6a924a7ce4c0b4614b9b69fdeaea7cab\",\"name\":\"Philip Quian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_249_1571768621-96x96.jpg\",\"url\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_249_1571768621-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_249_1571768621-96x96.jpg\",\"caption\":\"Philip Quian\"},\"description\":\"Philip Qian is currently a senior product manager in security at Infoblox, Inc. where he manages analytics-based threat detection products. He has more than 15 years of experience in the network security industry, having worked at McAfee and HP ArcSight. He earned a Master of Science degree in Computer Science from University of North Carolina at Chapel Hill.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/philip-quian\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Are You Sure Those Domains Are What You Think They Are?","description":"Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/","og_locale":"en_US","og_type":"article","og_title":"Are You Sure Those Domains Are What You Think They Are?","og_description":"Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/","og_site_name":"Infoblox Blog","article_published_time":"2018-08-07T23:13:21+00:00","article_modified_time":"2020-05-06T17:27:04+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ransomware-featured-image.jpg","type":"image\/jpeg"}],"author":"Philip Quian","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Philip Quian","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/"},"author":{"name":"Philip Quian","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/6a924a7ce4c0b4614b9b69fdeaea7cab"},"headline":"Are You Sure Those Domains Are What You Think They Are?","datePublished":"2018-08-07T23:13:21+00:00","dateModified":"2020-05-06T17:27:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/"},"wordCount":788,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ransomware-featured-image.jpg","keywords":["mitigate threats","Security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/","url":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/","name":"Are You Sure Those Domains Are What You Think They Are?","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ransomware-featured-image.jpg","datePublished":"2018-08-07T23:13:21+00:00","dateModified":"2020-05-06T17:27:04+00:00","description":"Seeing is believing. While that is generally the case, it only applies when other people are not trying to trick you visually.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ransomware-featured-image.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ransomware-featured-image.jpg","width":660,"height":454,"caption":"ransomware"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/are-you-sure-those-domains-are-what-you-think-they-are\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Are You Sure Those Domains Are What You Think They Are?"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/6a924a7ce4c0b4614b9b69fdeaea7cab","name":"Philip Quian","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_249_1571768621-96x96.jpg","url":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_249_1571768621-96x96.jpg","contentUrl":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_249_1571768621-96x96.jpg","caption":"Philip Quian"},"description":"Philip Qian is currently a senior product manager in security at Infoblox, Inc. where he manages analytics-based threat detection products. He has more than 15 years of experience in the network security industry, having worked at McAfee and HP ArcSight. He earned a Master of Science degree in Computer Science from University of North Carolina at Chapel Hill.","url":"https:\/\/www.infoblox.com\/blog\/author\/philip-quian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/249"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=1499"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1499\/revisions"}],"predecessor-version":[{"id":3641,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/1499\/revisions\/3641"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/659"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=1499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=1499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=1499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}