{"id":2205,"date":"2015-11-12T19:14:45","date_gmt":"2015-11-12T19:14:45","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=2205"},"modified":"2020-05-06T10:30:07","modified_gmt":"2020-05-06T17:30:07","slug":"proxy-dns-registrars-enabling-malware","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/","title":{"rendered":"Proxy DNS Registrars: Enabling Malware?"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-2206\" src=\"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/proxy-dns-malware.jpg\" alt=\"\" width=\"660\" height=\"454\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware.jpg 660w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware-300x206.jpg 300w\" sizes=\"auto, (max-width: 660px) 100vw, 660px\" \/><\/p>\n<p class=\"p1\">Hello everyone, I\u2019m Les Smith, and I run the\u00a0<span class=\"s1\">threat research team\u00a0<\/span>here at Infoblox, in the Office of the CTO. \u00a0I\u2019m a long-time Bloxer (as Infoblox employees like to call ourselves) and veteran of the security wars.<\/p>\n<p class=\"p1\">Over the last 12 months<span class=\"s1\">, our team<\/span><span class=\"s2\">\u00a0<\/span>has seen a significant increase in the use of DNS Proxy Registrars and companies that have been setup to subvert the security controls around registering DNS domains. \u00a0These Proxy Registrars are essentially middle men who act on behalf of someone who does not have the proper certification to sell domains themselves, and a real ICANN accredited Domain Registrar. \u00a0They allow anyone to purchase a domain from them, and then register it on their behalf.<\/p>\n<p class=\"p1\">Whilst it is recognized that there are some legitimate uses for such services, there is an alarming increase in the frequency of these services being used for criminal activity. \u00a0The main concern here is that each of these proxy registrars have their own standards for accountability and legitimacy for the domains they register on behalf of their customers.<\/p>\n<p class=\"p3\">Another important trend we are watching is the increasing sophistication of commercial, off the shelf (COTS) malware toolkits. \u00a0Kits like GameOver Zeus now provide advanced obfuscation techniques, domain generation algorithms (DGA) and secured encrypted communication to command and control (C2) servers to anyone who can pay.<\/p>\n<p class=\"p1\">With the rise of these malware tool kits,\u00a0we are seeing proxy services being used to hide the identity of the malware author. One of the registration requirements for a domain is to provide contact details for the person registering the domain, and whilst these details were often falsified in the case of malware authors, it was relatively easy for security researchers to identify false registration details and detect domains that were registered for dubious reasons.<\/p>\n<p class=\"p4\"><span class=\"s3\">It is therefore not surprising that in the recent attack on Apple\u2019s app store, \u201c<\/span>XcodeGhost\u201d, the perpetrator of the attack used the company Domains By Proxy to register its command and control (C2) domain names that were hosted on Amazon Web Services (AWS).<\/p>\n<p class=\"p4\">By running an application infected with XcodeGhost it can be seen that XcodeGhost will gather information from various files on the iPhone and iPad devices, including passwords and system information, encrypt the information, and upload it to a C2 server through the HTTP protocol. From different versions of XcodeGhost we observed slightly different behavior using one of the 3 domains:<\/p>\n<p class=\"p5\"><span class=\"s4\">\u00b7<\/span><span class=\"s5\">\u00a0\u00a0\u00a0\u00a0\u00a0<a href=\"blank\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\u00a0<span class=\"s6\">http:\/\/init.crash-analytics[.]com<\/span><\/a><\/span><\/p>\n<p class=\"p5\"><span class=\"s4\">\u00b7<\/span><span class=\"s5\">\u00a0\u00a0\u00a0\u00a0\u00a0<a href=\"blank\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\u00a0<span class=\"s6\">http:\/\/init.icloud-diagnostics[.]com<\/span><\/a><\/span><\/p>\n<p class=\"p5\"><span class=\"s4\">\u00b7<\/span><span class=\"s5\">\u00a0\u00a0\u00a0\u00a0\u00a0<a href=\"blank\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\u00a0<span class=\"s6\">http:\/\/init.icloud-analysis[.]com<\/span><\/a><\/span><\/p>\n<p class=\"p1\">Queries for these domains began to appear around the same time the domains were registered. \u00a0The queries for \u2018icloud-analysis.com\u2019 escalated in April \u2013 two months after the domain registration on February 25th \u2013 and peaked at 1,402,831 queries on July 2nd 2015.\u00a0<span class=\"s7\">1<\/span><\/p>\n<p class=\"p1\">Queries for \u2018icloud-diagnostics.com\u2019 escalated in June \u2013 six weeks after the domain registration on May 7th \u2013 and peaked at 10,628 on September 18th when the infection was publicly disclosed.<\/p>\n<p class=\"p1\">Queries for \u2018crash-analytics.com\u2019 escalated in August \u2013 immediately after the domain was registered \u2013 and peaked at 908 on September 18th.<\/p>\n<p class=\"p1\">This is just one recent, high profile example. \u00a0In our own lab, Infoblox is seeing a worrying trend that more and more of the domains that are being registered through DNS proxy services are being associated with malware.<\/p>\n<p class=\"p1\">Coupling advanced malware toolkits with the new lack of transparency provided by proxy registrars means that it is easy for malware developers to not only create a new generation of malware, but to hide their identity. \u00a0We are watching these trends carefully.<\/p>\n<p class=\"p5\"><span class=\"s8\">1.\u00a0<\/span><span class=\"s3\">OpenDNS Security Labs &#8211;\u00a0<a href=\"https:\/\/labs.opendns.com\/2015\/09\/21\/xcodeghost-materializes\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">https:\/\/labs.opendns.com\/2015\/09\/21\/xcodeghost-materializes\/<\/a>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello everyone, I\u2019m Les Smith, and I run the\u00a0threat research team\u00a0here at Infoblox, in the Office of the CTO. \u00a0I\u2019m a long-time Bloxer (as Infoblox employees like to call ourselves) and veteran of the security wars. Over the last 12 months, our team\u00a0has seen a significant increase in the use of DNS Proxy Registrars and [&hellip;]<\/p>\n","protected":false},"author":232,"featured_media":2206,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[30,15],"class_list":{"0":"post-2205","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-dns","9":"tag-security","10":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Proxy DNS Registrars: Enabling Malware?<\/title>\n<meta name=\"description\" content=\"Hello everyone, I\u2019m Les Smith, and I run the\u00a0threat research team\u00a0here at Infoblox, in the Office of the CTO.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Proxy DNS Registrars: Enabling Malware?\" \/>\n<meta property=\"og:description\" content=\"Hello everyone, I\u2019m Les Smith, and I run the\u00a0threat research team\u00a0here at Infoblox, in the Office of the CTO.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-11-12T19:14:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:30:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Les Smith\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Les Smith\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/\"},\"author\":{\"name\":\"Les Smith\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/c6fb2b069f4a5715484446657eec6e5e\"},\"headline\":\"Proxy DNS Registrars: Enabling Malware?\",\"datePublished\":\"2015-11-12T19:14:45+00:00\",\"dateModified\":\"2020-05-06T17:30:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/\"},\"wordCount\":595,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/proxy-dns-malware.jpg\",\"keywords\":[\"DNS\",\"Security\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/\",\"name\":\"Proxy DNS Registrars: Enabling Malware?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/proxy-dns-malware.jpg\",\"datePublished\":\"2015-11-12T19:14:45+00:00\",\"dateModified\":\"2020-05-06T17:30:07+00:00\",\"description\":\"Hello everyone, I\u2019m Les Smith, and I run the\u00a0threat research team\u00a0here at Infoblox, in the Office of the CTO.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/proxy-dns-malware.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/proxy-dns-malware.jpg\",\"width\":660,\"height\":454},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/proxy-dns-registrars-enabling-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Proxy DNS Registrars: Enabling Malware?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/c6fb2b069f4a5715484446657eec6e5e\",\"name\":\"Les Smith\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/68c376e8fa029571b468635429861c39fa4f7944f695baa155f08e7cb9aa426c?s=96&d=blank&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/68c376e8fa029571b468635429861c39fa4f7944f695baa155f08e7cb9aa426c?s=96&d=blank&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/68c376e8fa029571b468635429861c39fa4f7944f695baa155f08e7cb9aa426c?s=96&d=blank&r=g\",\"caption\":\"Les Smith\"},\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/les-smith\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Proxy DNS Registrars: Enabling Malware?","description":"Hello everyone, I\u2019m Les Smith, and I run the\u00a0threat research team\u00a0here at Infoblox, in the Office of the CTO.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/","og_locale":"en_US","og_type":"article","og_title":"Proxy DNS Registrars: Enabling Malware?","og_description":"Hello everyone, I\u2019m Les Smith, and I run the\u00a0threat research team\u00a0here at Infoblox, in the Office of the CTO.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/","og_site_name":"Infoblox Blog","article_published_time":"2015-11-12T19:14:45+00:00","article_modified_time":"2020-05-06T17:30:07+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware.jpg","type":"image\/jpeg"}],"author":"Les Smith","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Les Smith","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/"},"author":{"name":"Les Smith","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/c6fb2b069f4a5715484446657eec6e5e"},"headline":"Proxy DNS Registrars: Enabling Malware?","datePublished":"2015-11-12T19:14:45+00:00","dateModified":"2020-05-06T17:30:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/"},"wordCount":595,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware.jpg","keywords":["DNS","Security"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/","url":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/","name":"Proxy DNS Registrars: Enabling Malware?","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware.jpg","datePublished":"2015-11-12T19:14:45+00:00","dateModified":"2020-05-06T17:30:07+00:00","description":"Hello everyone, I\u2019m Les Smith, and I run the\u00a0threat research team\u00a0here at Infoblox, in the Office of the CTO.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/proxy-dns-malware.jpg","width":660,"height":454},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/proxy-dns-registrars-enabling-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"Proxy DNS Registrars: Enabling Malware?"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/c6fb2b069f4a5715484446657eec6e5e","name":"Les Smith","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/68c376e8fa029571b468635429861c39fa4f7944f695baa155f08e7cb9aa426c?s=96&d=blank&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/68c376e8fa029571b468635429861c39fa4f7944f695baa155f08e7cb9aa426c?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/68c376e8fa029571b468635429861c39fa4f7944f695baa155f08e7cb9aa426c?s=96&d=blank&r=g","caption":"Les Smith"},"url":"https:\/\/www.infoblox.com\/blog\/author\/les-smith\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/232"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=2205"}],"version-history":[{"count":2,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2205\/revisions"}],"predecessor-version":[{"id":5196,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/2205\/revisions\/5196"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2206"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=2205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=2205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=2205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}