{"id":4490,"date":"2012-10-14T08:21:23","date_gmt":"2012-10-14T15:21:23","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=4490"},"modified":"2020-05-06T10:31:41","modified_gmt":"2020-05-06T17:31:41","slug":"turning-the-tables-on-malware","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/","title":{"rendered":"Turning the Tables on Malware"},"content":{"rendered":"<p>It&#8217;s an unfortunate fact of life that name servers are exploited by malware. \u00a0Malware queries name servers to map the domain names that identify their command and control channel to IP addresses. \u00a0Malware uses DNS as a channel over which to transmit new code. \u00a0And \u00a0some malware targets name servers with distributed denial of service attacks.<\/p>\n<p>The latest versions of BIND, however, enable DNS administrators to turn the tables on malware.<\/p>\n<p>BIND 9.8 introduced a new facility called a\u00a0<a href=\"http:\/\/www.isc.org\/community\/blog\/201007\/taking-back-dns-0\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Response Policy Zone, or RPZ<\/a>. \u00a0An RPZ looks like a regular zone and contains resource records that \u00a0a normal zone would contain, but it&#8217;s interpreted very differently by the name server. \u00a0Most zones, of course, contain records that determine how a name server answers queries\u00a0<em>in that zone<\/em>. \u00a0RPZs, on the other hand, contain records that determine how the name server answers queries\u00a0for domain names in any zones. \u00a0For example, a record in an RPZ&#8211;which is really more a\u00a0<em>rule<\/em>\u00a0than a record&#8211;may tell the name server to answer queries for\u00a0<em>c-and-c.malware.org<\/em>\u00a0with an NXDOMAIN response, claiming that that domain name doesn&#8217;t exist. \u00a0If resolution of\u00a0<em>c-and-c-malware.org<\/em>\u00a0is necessary for the malware to determine how to proceed, this might cripple the malware. \u00a0Moreover, if the name server with the RPZ loaded also logs the fact that a given client sent a query for\u00a0<em>c-and-c.malware.org<\/em>, that will help pinpoint the infection.<\/p>\n<p>The rules in RPZs are expressive enough to:<\/p>\n<ul>\n<li>Prevent the resolution of\u00a0specified domain names (e.g., the aforementioned\u00a0<em>c-and-c.malware.org<\/em>)<\/li>\n<li>Prevent the resolution of specified RRsets (e.g., just\u00a0<em>c-and-c.malware.org<\/em>&#8216;s\u00a0A records)<\/li>\n<li>Prevent specified addresses from being returned (e.g., any A record pointing to an address on 192.168.0\/24)<\/li>\n<\/ul>\n<p>What&#8217;s more, a cottage industry has sprung up in providing RPZ feeds. \u00a0Several organizations offer RPZs that you can configure your name servers as secondary for. \u00a0These provide real-time, dynamic information about domain names and IP addresses currently being used for malicious activity on the Internet. \u00a0A name server outfitted with one of these RPZ feeds can detect and prevent many types of malicious activity on your network.<\/p>\n<p>Obviously, RPZs are no substitute for a firewall, but on the other hand name servers with RPZs loaded can combat certain threats (i.e., those that are domain name-based) more easily&#8211;and earlier&#8211;than a firewall can. \u00a0I hope that they&#8217;ll become an important tool in our security toolbox.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s an unfortunate fact of life that name servers are exploited by malware. \u00a0Malware queries name servers to map the domain names that identify their command and control channel to IP addresses. \u00a0Malware uses DNS as a channel over which to transmit new code. \u00a0And \u00a0some malware targets name servers with distributed denial of service [&hellip;]<\/p>\n","protected":false},"author":178,"featured_media":2761,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[16,32,188,218,15],"class_list":{"0":"post-4490","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-infoblox","9":"tag-malware","10":"tag-response-policy-zones-rpz","11":"tag-rpz","12":"tag-security","13":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Turning the Tables on Malware<\/title>\n<meta name=\"description\" content=\"It&#039;s an unfortunate fact of life that name servers are exploited by malware. Malware queries name servers to map the domain names that identify their\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Turning the Tables on Malware\" \/>\n<meta property=\"og:description\" content=\"It&#039;s an unfortunate fact of life that name servers are exploited by malware. Malware queries name servers to map the domain names that identify their\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2012-10-14T15:21:23+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:31:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cricket Liu\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cricket Liu\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/\"},\"author\":{\"name\":\"Cricket Liu\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/bb6b62b1b99a7cbcd7c528d5763778d5\"},\"headline\":\"Turning the Tables on Malware\",\"datePublished\":\"2012-10-14T15:21:23+00:00\",\"dateModified\":\"2020-05-06T17:31:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/\"},\"wordCount\":412,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg\",\"keywords\":[\"Infoblox\",\"Malware\",\"Response Policy Zones (RPZ)\",\"RPZ\",\"Security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/\",\"name\":\"Turning the Tables on Malware\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg\",\"datePublished\":\"2012-10-14T15:21:23+00:00\",\"dateModified\":\"2020-05-06T17:31:41+00:00\",\"description\":\"It's an unfortunate fact of life that name servers are exploited by malware. Malware queries name servers to map the domain names that identify their\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg\",\"width\":660,\"height\":454,\"caption\":\"Fighting Point-of-Sale (POS) Malware by Using DNS\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/turning-the-tables-on-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Turning the Tables on Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/bb6b62b1b99a7cbcd7c528d5763778d5\",\"name\":\"Cricket Liu\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/cricket-new-96x96.jpg\",\"caption\":\"Cricket Liu\"},\"description\":\"Cricket is one of the world\u2019s leading experts on the Domain Name System (DNS) and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an internet consulting and training company, Acme Byte &amp; Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including \u201cDNS and BIND,\u201d one of the most widely used references in the field, now in its fifth edition.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/cricket-liu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Turning the Tables on Malware","description":"It's an unfortunate fact of life that name servers are exploited by malware. Malware queries name servers to map the domain names that identify their","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/","og_locale":"en_US","og_type":"article","og_title":"Turning the Tables on Malware","og_description":"It's an unfortunate fact of life that name servers are exploited by malware. Malware queries name servers to map the domain names that identify their","og_url":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/","og_site_name":"Infoblox Blog","article_published_time":"2012-10-14T15:21:23+00:00","article_modified_time":"2020-05-06T17:31:41+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg","type":"image\/jpeg"}],"author":"Cricket Liu","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Cricket Liu","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/"},"author":{"name":"Cricket Liu","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/bb6b62b1b99a7cbcd7c528d5763778d5"},"headline":"Turning the Tables on Malware","datePublished":"2012-10-14T15:21:23+00:00","dateModified":"2020-05-06T17:31:41+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/"},"wordCount":412,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg","keywords":["Infoblox","Malware","Response Policy Zones (RPZ)","RPZ","Security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/","url":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/","name":"Turning the Tables on Malware","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg","datePublished":"2012-10-14T15:21:23+00:00","dateModified":"2020-05-06T17:31:41+00:00","description":"It's an unfortunate fact of life that name servers are exploited by malware. Malware queries name servers to map the domain names that identify their","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/Fighting-Point-of-Sale-POS-Malware-by-Using-DNS.jpg","width":660,"height":454,"caption":"Fighting Point-of-Sale (POS) Malware by Using DNS"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/turning-the-tables-on-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Turning the Tables on Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/bb6b62b1b99a7cbcd7c528d5763778d5","name":"Cricket Liu","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/cricket-new-96x96.jpg","caption":"Cricket Liu"},"description":"Cricket is one of the world\u2019s leading experts on the Domain Name System (DNS) and serves as the liaison between Infoblox and the DNS community. Before joining Infoblox, he founded an internet consulting and training company, Acme Byte &amp; Wire, after running the hp.com domain at Hewlett-Packard. Cricket is a prolific speaker and author, having written a number of books including \u201cDNS and BIND,\u201d one of the most widely used references in the field, now in its fifth edition.","url":"https:\/\/www.infoblox.com\/blog\/author\/cricket-liu\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/4490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/178"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=4490"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/4490\/revisions"}],"predecessor-version":[{"id":4508,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/4490\/revisions\/4508"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2761"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=4490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=4490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=4490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}