{"id":8218,"date":"2022-11-01T16:29:26","date_gmt":"2022-11-01T23:29:26","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=8218"},"modified":"2024-04-26T13:20:00","modified_gmt":"2024-04-26T20:20:00","slug":"reliable-reputation-scoring","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/","title":{"rendered":"Reliable Reputation Scoring"},"content":{"rendered":"<h3>Authors: Brent Eskridge, Laura da Rocha, Ren\u00e9e Burton<\/h3>\n<p>Note: This article is intended to be a short digestible introduction to the whitepaper found <strong><a href=\"https:\/\/www.infoblox.com\/resources\/whitepaper\/reliable-reputation\" target=\"_blank\" rel=\"noopener\">here<\/a><\/strong>.<\/p>\n<p>The internet is home to funny pet videos, malware that steals your bank account information, and everything in between. Often, savvy internet users intuitively understand the risk of visiting a particular website or clicking on a link in an email announcing they have won a fantastic prize. Unfortunately, quantifying this intuitive process of identifying reputation or risk so it works at scale is challenging. If 30% of the domains found in a given top level domain (TLD) are malicious, is that bad? If so, how bad is it? It\u2019s hard to say without relative information about other TLDs. Similarly, what does it mean to say a TLD is of high risk?<\/p>\n<p>Today Infoblox is releasing a new algorithm for scoring reputation. Our approach is designed to reduce ambiguity, provide a single standard, and make meaningful comparisons between items straightforward. We are releasing a <strong><a href=\"https:\/\/www.infoblox.com\/resources\/whitepaper\/reliable-reputation\" target=\"_blank\" rel=\"noopener\">whitepaper<\/a><\/strong> that contains an in depth explanation of the algorithm and its theoretical foundations. The paper uses the process of determining the reputation score of top-level domains (TLDs) as a running example, but the algorithm can be applied to any data set and use case that meets the minimal data requirements. To help others apply this algorithm to their data and use cases, we are also publicly releasing a python implementation of the algorithm.<\/p>\n<h3>Algorithm Overview<\/h3>\n<p>The reputation scoring algorithm uses only two pieces of information: the total number of items and the number items meeting a specific criteria. For the TLD reputation use case, these values would be the total number of domains observed in the TLD and the number of observed malicious domains in the TLD. The algorithm uses these two values to ultimately produce an ordinal score from zero to ten; that is [0:10]. A score of five (5) is interpreted as the expected, moderate score, and represents the mean score over all the data. In the TLD reputation use case, the TLD com received a score of 5 for the month of August 2022, meaning it had close to the average number of observed malicious domains relative to the total number of domains in the TLD. While the com TLD may be home to a lot of threats, the score tells us that the level of threat is fairly average in comparison to all other TLDs. Scores below five had a lower-than-average percentage of malicious domains and scores above five had a higher-than-average percentage.<\/p>\n<p>The ordinal scores are calculated based on the number of standard deviations away from the mean that the data lies, which describes the spread of data about the mean, which, in this case, is assigned a score of five. In the algorithm, a score of four (4) indicates that the item is one standard deviation below the mean and a score of six (6) indicates that the item is one standard deviation above the mean. Scores of three (3) and seven (7) are two standard deviations away from the mean, and so on. To simplify scoring, the number of standard deviations is rounded to the nearest whole number, as is shown in the figure below.<\/p>\n<p><img decoding=\"async\" src=\"\/wp-content\/uploads\/reliable-reputation-scoring.jpg\" \/><\/p>\n<p>These ordinal scores are used to assign labels that simplify analysis. One would expect about 68% of all data to be within one standard deviation of the mean, so the scores of four, five, and six are all labeled as \u201cModerate Risk\u201d. Scores of two and three are labeled as \u201cLow Risk\u201d, since data with these scores are 2-3 standard deviations below the mean. In the TLD use case, the TLD .edu had a score of three (3) for the month of August 2022, meaning it had far fewer observed malicious domains relative to the total number of domains than other TLDs. On the other end, scores of seven and eight are labeled as \u201cHigh Risk\u201d since data with these scores are two to three standard deviations above the mean. For example, the TLD .click had a score of 7 for the month of August 2022 since it had a far higher percentage of malicious domains than most of the other TLDs.<\/p>\n<p>At the extremes lie the \u201cVery Low Risk\u201d and \u201cVery High Risk\u201d labels. By the statistical nature of this algorithm, only a small number of data types (such as TLDs) will have these extreme risk scores. However, the particular use case or biases in the ways data is gathered can have a profound impact on the assignment of these labels. For example, in the TLD use case, we simply may not observe any malicious domains in a given TLD. The TLD may have malicious domains, but they simply aren\u2019t present in the data. This won\u2019t be the case for larger TLDs such as .com or .net, but with the rapid increase in recent years of TLDs with relatively few domains, it happens more often than one would expect. In these cases, the TLD is assigned a risk score of zero (0). Conversely, there may be TLDs in which every observed domain is malicious. While this situation occurs far less frequently, we have encountered it. In these situations, the TLD is assigned a risk score of ten (10).<\/p>\n<p>The algorithm can be used in situations where the number of values for a given piece of data varies considerably within the data set (e.g., the number of observed domains in a TLD). This does not mean, however, that the algorithm assigns equal confidence to all scores. If a piece of data has too few values, such as the total number of observed domains in the TLD use case, the algorithm still assigns a score, but labels the resulting score as low confidence, giving users the option of including the data in further analysis if they want.<\/p>\n<h3>Future Opportunities<\/h3>\n<p>While assigning risk scores to TLDs was used as a case study, the reputation scoring algorithm can be applied to a wide variety of problems and use cases. Infoblox customers can find TLD and nameserver reputation in Dossier today, while domain registrar and other reputation scores will be added in the future.<\/p>\n<p>The Threat Intelligence Group\u2019s <strong><a href=\"https:\/\/www.infoblox.com\/resources\/whitepaper\/reliable-reputation\" target=\"_blank\" rel=\"noopener\">whitepaper<\/a><\/strong> on the algorithm includes a detailed explanation of the algorithm and an explanation of how it was used to identify high-risk, high-confidence TLDs. By sharing this algorithm publicly, it is our hope that others can apply it to their data and use cases in cybersecurity and beyond. To download the whitepaper, click <strong><a href=\"https:\/\/www.infoblox.com\/resources\/whitepaper\/reliable-reputation\" target=\"_blank\" rel=\"noopener\">here<\/a><\/strong>. A minimum working example of the algorithm can be found in our public GitHub repository <strong><a href=\"https:\/\/github.com\/infobloxopen\/threat-intelligence\" target=\"_blank\" rel=\"noopener\">here<\/a><\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Authors: Brent Eskridge, Laura da Rocha, Ren\u00e9e Burton Note: This article is intended to be a short digestible introduction to the whitepaper found here. The internet is home to funny pet videos, malware that steals your bank account information, and everything in between. Often, savvy internet users intuitively understand the risk of visiting a particular [&hellip;]<\/p>\n","protected":false},"author":397,"featured_media":8224,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[254],"tags":[768,657,770,230,40,223],"class_list":{"0":"post-8218","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threat-intelligence","8":"tag-cyber-intelligence","9":"tag-cyber-threat-intelligence","10":"tag-domain-reputation-scoring","11":"tag-domains","12":"tag-threat-intelligence","13":"tag-tld","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Reputation Scoring Made Easy | Infoblox<\/title>\n<meta name=\"description\" content=\"Our new reputation scoring algorithm calculates the relative risk of items in a wide range of data sets, providing valuable insights and meaningful comparisons.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Reliable Reputation Scoring\" \/>\n<meta property=\"og:description\" content=\"Our new reputation scoring algorithm calculates the relative risk of items in a wide range of data sets, providing valuable insights and meaningful comparisons.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-01T23:29:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T20:20:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cti-image-04.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"612\" \/>\n\t<meta property=\"og:image:height\" content=\"408\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Infoblox Threat Intel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Infoblox Threat Intel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/\"},\"author\":{\"name\":\"Infoblox Threat Intel\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\"},\"headline\":\"Reliable Reputation Scoring\",\"datePublished\":\"2022-11-01T23:29:26+00:00\",\"dateModified\":\"2024-04-26T20:20:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/\"},\"wordCount\":1097,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cti-image-04.jpg\",\"keywords\":[\"Cyber Intelligence\",\"Cyber Threat Intelligence\",\"Domain Reputation Scoring\",\"Domains\",\"Threat Intelligence\",\"TLD\"],\"articleSection\":[\"Infoblox Threat Intel\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/\",\"name\":\"Reputation Scoring Made Easy | Infoblox\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cti-image-04.jpg\",\"datePublished\":\"2022-11-01T23:29:26+00:00\",\"dateModified\":\"2024-04-26T20:20:00+00:00\",\"description\":\"Our new reputation scoring algorithm calculates the relative risk of items in a wide range of data sets, providing valuable insights and meaningful comparisons.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cti-image-04.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/cti-image-04.jpg\",\"width\":612,\"height\":408},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/threat-intelligence\\\/reliable-reputation-scoring\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Infoblox Threat Intel\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/threat-intelligence\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Reliable Reputation Scoring\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/b6aed8965e3298a0817c16d32c0a67ae\",\"name\":\"Infoblox Threat Intel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_397_1714162589-96x96.png\",\"caption\":\"Infoblox Threat Intel\"},\"description\":\"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/infoblox-threat-intel\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Reputation Scoring Made Easy | Infoblox","description":"Our new reputation scoring algorithm calculates the relative risk of items in a wide range of data sets, providing valuable insights and meaningful comparisons.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/","og_locale":"en_US","og_type":"article","og_title":"Reliable Reputation Scoring","og_description":"Our new reputation scoring algorithm calculates the relative risk of items in a wide range of data sets, providing valuable insights and meaningful comparisons.","og_url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/","og_site_name":"Infoblox Blog","article_published_time":"2022-11-01T23:29:26+00:00","article_modified_time":"2024-04-26T20:20:00+00:00","og_image":[{"width":612,"height":408,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cti-image-04.jpg","type":"image\/jpeg"}],"author":"Infoblox Threat Intel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Infoblox Threat Intel","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/"},"author":{"name":"Infoblox Threat Intel","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae"},"headline":"Reliable Reputation Scoring","datePublished":"2022-11-01T23:29:26+00:00","dateModified":"2024-04-26T20:20:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/"},"wordCount":1097,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cti-image-04.jpg","keywords":["Cyber Intelligence","Cyber Threat Intelligence","Domain Reputation Scoring","Domains","Threat Intelligence","TLD"],"articleSection":["Infoblox Threat Intel"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/","url":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/","name":"Reputation Scoring Made Easy | Infoblox","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cti-image-04.jpg","datePublished":"2022-11-01T23:29:26+00:00","dateModified":"2024-04-26T20:20:00+00:00","description":"Our new reputation scoring algorithm calculates the relative risk of items in a wide range of data sets, providing valuable insights and meaningful comparisons.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cti-image-04.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/cti-image-04.jpg","width":612,"height":408},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/threat-intelligence\/reliable-reputation-scoring\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Infoblox Threat Intel","item":"https:\/\/www.infoblox.com\/blog\/category\/threat-intelligence\/"},{"@type":"ListItem","position":3,"name":"Reliable Reputation Scoring"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/b6aed8965e3298a0817c16d32c0a67ae","name":"Infoblox Threat Intel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_397_1714162589-96x96.png","caption":"Infoblox Threat Intel"},"description":"Infoblox Threat Intel is the leading creator of original DNS threat intelligence, distinguishing itself in a sea of aggregators. What sets us apart? Two things: mad DNS skills and unparalleled visibility. DNS is notoriously tricky to interpret and hunt from, but our deep understanding and unique access to the internet's inner workings allow us to track down threat actors that others can't see. We're proactive, not just defensive, using our insights to disrupt cybercrime where it begins. We also believe in sharing knowledge to support the broader security community by publishing detailed research and releasing indicators on GitHub. In addition, our intel is seamlessly integrated into our Infoblox Protective DNS solutions, so customers automatically get its benefits, along with ridiculously low false positive rates.","url":"https:\/\/www.infoblox.com\/blog\/author\/infoblox-threat-intel\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/8218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/397"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=8218"}],"version-history":[{"count":6,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/8218\/revisions"}],"predecessor-version":[{"id":8235,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/8218\/revisions\/8235"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/8224"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=8218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=8218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=8218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}