{"id":295,"date":"2015-05-25T22:44:42","date_gmt":"2015-05-25T15:44:42","guid":{"rendered":"http:\/\/josh.rootbrain.com\/blog\/?p=295"},"modified":"2015-05-25T23:12:45","modified_gmt":"2015-05-25T16:12:45","slug":"belajar-dari-kasus-pembajakan-domain-idsirtii-pemilik-situs-dan-domain-berikut-ini-diharapkan-berhati-hati","status":"publish","type":"post","link":"https:\/\/josh.rootbrain.com\/blog\/2015\/05\/25\/belajar-dari-kasus-pembajakan-domain-idsirtii-pemilik-situs-dan-domain-berikut-ini-diharapkan-berhati-hati\/","title":{"rendered":"Belajar dari kasus pembajakan domain IDSIRTII, pemilik situs dan domain berikut ini diharapkan berhati-hati."},"content":{"rendered":"<p>Hari ini cukup heboh berita tentang pembajakan domain IDSIRTII (idsirtii.or.id) yang dilakukan oleh attacker. Pembajakan domain IDSIRTII ini berakibat akses ke situs IDSIRTII diarahkan ke sebuah situs yang disiapkan attacker dengan pesan seperti layaknya &#8220;web defacing&#8221;. Banyak juga media yang terkecoh memberitakan bahwa situs IDSIRTII disusupi attacker tersebut.<br \/>\nDari hasil internet forensic, dari artifak artifak di internet serta history perubahan DNS IDSIRTII sangat mirip dengan kasus presidensby.info yang pernah saya bahas <a href=\"http:\/\/josh.rootbrain.com\/blog\/2013\/02\/18\/wawancara-saya-dengan-codenesia-terkait-kasus-situs-presidensby-info\/\">di sini<\/a> dan <a href=\"http:\/\/josh.rootbrain.com\/blog\/2013\/01\/12\/analisis-internet-forensic-kasus-website-presidensby-info\/\">di sini<\/a><\/p>\n<p>Berikut perubahan yang terjadi pada Administrative Domain idsirtii.or.id yang dilakukan oleh attacker.<br \/>\nAttacker melakukan perubahan DNS Server untuk domain idsirtii.or.id menjadi ke dua server dns yang dihosting pada Cloud Flare yakni IAN.NS.CLOUDFLARE.COM (173.245.59.118) dan SARA.NS.CLOUDFLARE.COM (173.245.58.144). Pada kedua DNS Cloud Flare tersebut, si attacker sudah menambahkan zone domain idsirtii.or.id sebelumnya dan dimapping ke IP 104.31.92.5 dan 104.31.93.5. Pada kedua IP webserver tersebut (104.31.92.5 dan 104.31.93.5) sudah disiapkan halaman layaknya &#8220;web defacing&#8221;, sehingga banyak pihak yang berfikir bahwa server idsirtii.or.id benar-benar disusupi. IP DNS Server yang seharusnya mengelola idsirtii.or.id adalah<br \/>\nidsirtii.or.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a03600\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns1.twisted4life.com.<br \/>\nidsirtii.or.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a03600\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0puck.nether.net.<br \/>\nidsirtii.or.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a03600\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns1.rollernet.us.<br \/>\nidsirtii.or.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a03600\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns2.rollernet.us.<br \/>\nidsirtii.or.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a03600\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0nsus.idsirtii.or.id.<\/p>\n<p>Dan IP Server (IN A) idsirtii.or.id harusnya adalah :<\/p>\n<p>idsirtii.or.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a03600\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.34.118.11<\/p>\n<p>Perubahan DNS tersebut dapat digambarkan sebagai berikut :<\/p>\n<div style=\"width: 746px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/josh.rootbrain.com\/blog\/wp-content\/idsirtii-dns-attack.png\" alt=\"\" width=\"736\" height=\"248\" \/><p class=\"wp-caption-text\">Perubahan DNS IDSIRTII<\/p><\/div>\n<p>Pertanyaannya, bagaimana mungkin attacker dapat merubah setting administrative domain idsirtii.or.id. Hingga saat ini masih dilakukan investigasi pihak pihak yang berkepentingan mulai dari Registrant (IDSIRTII), Registrar (IDWebHost?) dan PANDI (pengelola Domain ID). Beberapa kemungkinan antara lain bahwa attacker melakukan akses ilegal terhadap account pengelola domain tersebut, baik ditingkat registrar maupun account pengguna (registrant). Dari informasi di media, pengelola IDSIRTII menyebutkan bahwa adanya kemungkinan <a href=\"http:\/\/inet.detik.com\/read\/2015\/05\/25\/141147\/2924136\/323\/ketika-penjaga-internet-diusili?i991101105\">serangan social engineering pada registrar <\/a>, sehingga kemungkinan registrar terkecoh melakukan perubahan DNS tersebut.<\/p>\n<p>Baik, kasus tersebut harusnya menjadi pelajaran bagi pemilik &amp; pengelola domain serta pemilik situs di Indonesia. Karena pada dasarnya ancaman seperti ini sangat banyak terjadi di internet dan bisa menimpa siapa saja. Dan yang perlu saya tekankan adalah bahwa hingga saat inipun, beberapa situs berita maupun instansi utama milik indonesia juga dapat mengalami hal yang sama.<br \/>\nBerikut beberapa domain\/situs yang kemungkinan menjadi target berikutnya dengan metode yang sama. Mengapa saya informasikan demikian? Karena beberapa zone domain pada daftar dibawah ini juga sudah disiapkan pada DNS Server yang sama dengan DNS yang digunakan attacker diatas yakni pada server IAN.NS.CLOUDFLARE.COM (173.245.59.118) atau SARA.NS.CLOUDFLARE.COM (173.245.58.144).<\/p>\n<h3><strong>1. polri.go.id<\/strong><\/h3>\n<p><em>#dig @SARA.NS.CLOUDFLARE.COM polri.go.id<\/em><\/p>\n<p><em>; &lt;&lt;&gt;&gt; DiG 9.9.5-3ubuntu0.2-Ubuntu &lt;&lt;&gt;&gt; @173.245.58.144 polri.go.id<\/em><br \/>\n<em> ;; QUESTION SECTION:<\/em><br \/>\n<em> ;polri.go.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> polri.go.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.28.20.52<\/em><br \/>\n<em> polri.go.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.28.21.52<\/em><\/p>\n<p><em>;; Query time: 29 msec<\/em><br \/>\n<em> ;; SERVER: 173.245.58.144#53(173.245.58.144)<\/em><\/p>\n<p>Informasi yang benar harusnya:<\/p>\n<p><em>#dig polri.go.id<\/em><\/p>\n<p><em>; &lt;&lt;&gt;&gt; DiG 9.9.5-3ubuntu0.2-Ubuntu &lt;&lt;&gt;&gt; polri.go.id<\/em><\/p>\n<p><em>;polri.go.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> polri.go.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a04469\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.130.236.199<\/em><\/p>\n<p><em>;; AUTHORITY SECTION:<\/em><br \/>\n<em> polri.go.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a02757\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns1.polri.go.id.<\/em><\/p>\n<p><em>;; ADDITIONAL SECTION:<\/em><br \/>\n<em> ns1.polri.go.id.\u00a0\u00a0 \u00a036181\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.130.236.196<\/em><\/p>\n<p><em>;; Query time: 0 msec<\/em><br \/>\n<em> ;; SERVER: 175.111.88.2#53(175.111.88.2)<\/em><\/p>\n<h3>2. detik.com<\/h3>\n<p><em>#dig @SARA.NS.CLOUDFLARE.COM detik.com<\/em><\/p>\n<p><em>; &lt;&lt;&gt;&gt; DiG 9.9.5-3ubuntu0.2-Ubuntu &lt;&lt;&gt;&gt; @173.245.58.144 detik.com<\/em><\/p>\n<p><em>;; QUESTION SECTION:<\/em><br \/>\n<em> ;detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.31.71.138<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.31.70.138<\/em><\/p>\n<p><em>;; Query time: 29 msec<\/em><br \/>\n<em> ;; SERVER: 173.245.58.144#53(173.245.58.144)<\/em><\/p>\n<p>Informasi yang benar harusnya :<\/p>\n<p><em>#dig\u00a0 detik.com<\/em><\/p>\n<p><em>; &lt;&lt;&gt;&gt; DiG 9.9.5-3ubuntu0.2-Ubuntu &lt;&lt;&gt;&gt; detik.com<\/em><\/p>\n<p><em>;; QUESTION SECTION:<\/em><br \/>\n<em> ;detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a062\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.190.241.43<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a062\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.190.242.69<\/em><\/p>\n<p><em>;; AUTHORITY SECTION:<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a059274\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns.detik.net.id.<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a059274\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns1.detik.com.<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a059274\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns1.detik.net.id.<\/em><br \/>\n<em> detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a059274\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns.detik.com.<\/em><\/p>\n<p><em>;; ADDITIONAL SECTION:<\/em><br \/>\n<em> ns.detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a02096\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.190.242.2<\/em><br \/>\n<em> ns.detik.net.id.\u00a0\u00a0 \u00a066175\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.190.242.2<\/em><br \/>\n<em> ns1.detik.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a02096\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.190.240.131<\/em><br \/>\n<em> ns1.detik.net.id.\u00a0\u00a0 \u00a067936\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0203.190.240.131<\/em><\/p>\n<p><em>;; Query time: 0 msec<\/em><br \/>\n<em> ;; SERVER: 175.111.88.2#53(175.111.88.2)<\/em><\/p>\n<h3>3. kompas.com<\/h3>\n<p><em>dig @SARA.NS.CLOUDFLARE.COM kompas.com<\/em><\/p>\n<p><em>; &lt;&lt;&gt;&gt; DiG 9.9.5-3ubuntu0.2-Ubuntu &lt;&lt;&gt;&gt; @173.245.58.144 kompas.com<\/em><br \/>\n<em> ;; QUESTION SECTION:<\/em><br \/>\n<em> ;kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.28.9.90<\/em><br \/>\n<em> kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.28.8.90<\/em><\/p>\n<p><em>;; Query time: 27 msec<\/em><br \/>\n<em> ;; SERVER: 173.245.58.144#53(173.245.58.144)<\/em><br \/>\n<em> ;; WHEN: Mon May 25 22:30:11 WIB 2015<\/em><br \/>\n<em> ;; MSG SIZE\u00a0 rcvd: 71<\/em><\/p>\n<p>Informasi yang harusnya :<\/p>\n<p><em>dig\u00a0 kompas.com<\/em><\/p>\n<p><em>; &lt;&lt;&gt;&gt; DiG 9.9.5-3ubuntu0.2-Ubuntu &lt;&lt;&gt;&gt; kompas.com<\/em><\/p>\n<p><em>;; QUESTION SECTION:<\/em><br \/>\n<em> ;kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0360\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0202.61.113.35<\/em><br \/>\n<em> kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0360\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0202.146.4.100<\/em><\/p>\n<p><em>;; AUTHORITY SECTION:<\/em><br \/>\n<em> kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a069254\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns1.kidsklik.com.<\/em><br \/>\n<em> kompas.com.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a069254\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns2.kidsklik.com.<\/em><\/p>\n<p><em>;; ADDITIONAL SECTION:<\/em><br \/>\n<em> ns1.kidsklik.com.\u00a0\u00a0 \u00a03857\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0202.146.4.250<\/em><br \/>\n<em> ns2.kidsklik.com.\u00a0\u00a0 \u00a03857\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0202.61.112.10<\/em><\/p>\n<p><em>;; Query time: 13 msec<\/em><br \/>\n<em> ;; SERVER: 175.111.88.2#53(175.111.88.2)<\/em><br \/>\n<em> ;; WHEN: Mon May 25 22:30:53 WIB 2015<\/em><br \/>\n<em> ;; MSG SIZE\u00a0 rcvd: 148<\/em><\/p>\n<h3>4. kaskus.co.id<\/h3>\n<p><em>#dig @SARA.NS.CLOUDFLARE.COM kaskus.co.id<\/em><\/p>\n<p><em>; &lt;&lt;&gt;&gt; DiG 9.9.5-3ubuntu0.2-Ubuntu &lt;&lt;&gt;&gt; @173.245.58.144 kaskus.co.id<\/em><\/p>\n<p><em>;; QUESTION SECTION:<\/em><br \/>\n<em> ;kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.28.13.87<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0300\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0104.28.12.87<\/em><\/p>\n<p><em>;; Query time: 27 msec<\/em><br \/>\n<em> ;; SERVER: 173.245.58.144#53(173.245.58.144)<\/em><br \/>\n<em> ;; WHEN: Mon May 25 22:24:40 WIB 2015<\/em><br \/>\n<em> ;; MSG SIZE\u00a0 rcvd: 73<\/em><\/p>\n<p>Yang benar harusnya adalah:<br \/>\n<em>;; QUESTION SECTION:<\/em><br \/>\n<em> ;kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A<\/em><\/p>\n<p><em>;; ANSWER SECTION:<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a064963\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0103.6.117.2<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a064963\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0103.6.117.3<\/em><\/p>\n<p><em>;; AUTHORITY SECTION:<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a09971\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns1.lumanau.web.id.<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a09971\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns3.lumanau.web.id.<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a09971\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns4.lumanau.web.id.<\/em><br \/>\n<em> kaskus.co.id.\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a09971\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0NS\u00a0\u00a0 \u00a0ns2.lumanau.web.id.<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>Selain domain\/situs diatas, kemungkinan masih ada beberapa domain lainnya. Saya tidak ada waktu untuk mengecek, silahkan bagi yang mau menambahkan dengan memberi komentar pada pesan dibawah.\u00a0 Mudah mudahan para pemilik domain\/situs serta pengelola domain (registrar) semakin aware terhadap ancaman ancaman terkait DNS sejenis ini.<\/p>\n<p>Semoga bermanfaat.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hari ini cukup heboh berita tentang pembajakan domain IDSIRTII (idsirtii.or.id) yang dilakukan oleh attacker. Pembajakan domain IDSIRTII ini berakibat akses ke situs IDSIRTII diarahkan ke sebuah situs yang disiapkan attacker dengan pesan seperti layaknya &#8220;web defacing&#8221;. Banyak juga media yang terkecoh memberitakan bahwa situs IDSIRTII disusupi attacker tersebut. Dari hasil internet forensic, dari artifak artifak [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/posts\/295"}],"collection":[{"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/comments?post=295"}],"version-history":[{"count":3,"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/posts\/295\/revisions"}],"predecessor-version":[{"id":298,"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/posts\/295\/revisions\/298"}],"wp:attachment":[{"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/media?parent=295"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/categories?post=295"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/josh.rootbrain.com\/blog\/wp-json\/wp\/v2\/tags?post=295"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}