{"id":54665,"date":"2022-08-03T09:26:39","date_gmt":"2022-08-03T01:26:39","guid":{"rendered":"https:\/\/version-2.com\/?p=54665"},"modified":"2022-08-19T15:16:55","modified_gmt":"2022-08-19T07:16:55","slug":"gone-phishing-email-header-and-body-analysis","status":"publish","type":"post","link":"https:\/\/version-2.com\/en\/2022\/08\/gone-phishing-email-header-and-body-analysis\/","title":{"rendered":"Gone Phishing &#8211; Email Header and Body Analysis"},"content":{"rendered":"<div data-elementor-type=\"wp-post\" data-elementor-id=\"54665\" class=\"elementor elementor-54665\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4da8c5f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4da8c5f9\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;decf9c3&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-133ba185\" data-id=\"133ba185\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fc2da8d post-content elementor-widget elementor-widget-text-editor\" data-id=\"fc2da8d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p align=\"center\"><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txf1c91jot08s08nq72948.png\" alt=\"\" width=\"500\" height=\"auto\"><\/p>\n<h3>Intro<\/h3><p>In this article, I will investigate how you can analyse an email, and confirm if it\u2019s a phishing\/scam\/spam email. The idea here is to look at some tools that you might use for this, as well as how to open the attached file, that is most likely malicious, in a safe (sandboxed) way so you can learn what it does. Unfortunately, my example doesn\u2019t contain an attachment, but I will look into that anyway. &nbsp;<\/p><p>With that being said, let\u2019s dive into it!<\/p><h3>Email Headers<\/h3><p>Now that we know how an email travels, let\u2019s look more closely at the components that make up the said email. This is more of a manual approach, but my rationale behind is that we should first understand what we need to do here, before using any specific tooling. You should be able to analyze the suspicious email manually \u2013 I don\u2019t see how you would do so with a tool without understanding what\u2019s going on first.<\/p><p>So! We have:<\/p><p>The <strong>Header<\/strong> (which contains information about the email \u2013 for example, which servers relayed the email)<\/p><p>The <strong>Body<\/strong> (which is the email\u2019s text, usually HTML formatted but it can be in regular plaintext)<\/p><p>Let\u2019s look at email header fields:<\/p><ul><li>From \u2013 sender\u2019s address<\/li><li>Subject \u2013 subject line of the email<\/li><li>To \u2013 recipient\u2019s address<\/li><li>Date \u2013 when the email was sent<\/li><\/ul><p>These headers are what you can see in your email client easily.<\/p><p>(I will use a same email example for this article, keep in mind this was a real scam\/spam\/phishing email I\u2019ve received couple months back)<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5tw6rep28r008o77irrg7o9.png\"><p>Points 1, 2, 3, and 4 are what\u2019s explained above. Note that 3. (To header) says the email\u2019s been sent to recipients i.e., my email address is omitted. This can be done in a couple of ways, but the gist of it is that its due to the SMTP protocol and how it works; more precisely put, due to the Internet standards in regards to emails \u2013 <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc821\">RFC821<\/a>, <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc822\">RFC822<\/a>, and <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc2821\">RFC2821<\/a>. SMTP would deliver to the RCPT TO, while TO, CC, and BCC are what the email claims where the message is sent. They are in fact <em>optional<\/em> and can thus be altered.<\/p><p>Going back to our case, when viewing the message raw (even better if you extract the .eml file, like in the image below):<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5twfnsm1iyv08s07vge7ubr.png\"><p>When I check the headers through <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/mailheader.org\">https:\/\/mailheader.org<\/a><\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5twgjub28vw08o779k7g8ki.png\"><p>There\u2019s a couple of things to unpack here, and I\u2019ll circle back to it. Before going into any of that here\u2019s another useful link on headers \u2013 <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/mediatemple.net\/community\/products\/all\/204643950\/understanding-an-email-header\">Understanding an email header<\/a>. Of course, there&#8217;s many more headers to an email, and I&#8217;ve added some links to resources at the end of the article.<\/p><p>&nbsp;&nbsp;<\/p><h3>Email Body<\/h3><p>The email body contains the text (either plaintext or HTML formatted). My example email in text only format:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5twhr2s28wn08o71nld265c.png\"><p>You can view source code as well as the rendered HTML. Header that will be associated with an attachment is usually <strong>Content-Type<\/strong> and <strong>Content-Disposition<\/strong>. The Content-Type header would say something like <em>pdf\/application<\/em>, and Content-Disposition would say <em>attachment.<\/em><\/p><p>I don\u2019t have an attachment, so for me it says Content-Type: text\/plain. Content-Transfer-Encoding is also an important one, as it will tell you if it is encoded, and with what encoding.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5twl8aq28yf08o7cd6h7yvg.png\"><p>Before we end this little detour and return to our case, I\u2019d like to emphasize that headers that relate to <em>content <\/em>can be found in different locations within an email message source. As we\u2019ve seen above, they are not only associated with attachments. They can be text\/html (Content-Type), and Content-Transfer-Encoding can be base64, 8bit, etc.<\/p><h3>Example Email \u2013 analysis<\/h3><p>Now that I\u2019ve covered some basics as to what you should be looking at, let\u2019s use some tools to do the same analysis more efficiently. Generally, you don\u2019t need tools (you can already analyze everything with your email\/web client) but sender\u2019s IP and reply-to information is only visible through the header.<\/p><p>First tool I wanted to look at is Google\u2019s <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/toolbox.googleapps.com\/apps\/messageheader\/analyzeheader\">Messageheader<\/a>:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5twqgb6291508o73n7bdb25.png\"><p>Which is great for some quick analysis (more results will be found in the fields below the output above)<\/p><p>However, I slightly prefer the <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/mha.azurewebsites.net\/\">https:\/\/mha.azurewebsites.net\/<\/a> personally:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5twrr5b292g08o7gty2hsch.png\"><p>*Ideally you would use different tools, as you might uncover some additional things that way, its good to mix it up a bit<\/p><p>In the first image (mail header analysis from the Email Headers section) you probably noticed the <em>Reply-to <\/em>address which you can see above as well.<\/p><p>The email that I received, that\u2019s from an email address <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"mailto:sesdep2@kemenpora.go.id\">sesdep2@kemenpora.go.id<\/a> actually routes back to <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"mailto:wetttttwwttrttr@yandex.com\"><strong>wetttttwwttrttr@yandex.com<\/strong><\/a><strong> <\/strong>(<strong>Reply-To <\/strong>header). Quick Googling has shown that <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"http:\/\/kemenpora.go.id\">kemenpora.go.id<\/a> is <em>\u2026<\/em><strong><em>The Ministry of Youth and Sports of the Republic of Indonesia<\/em><\/strong><em> (Kemenpora) is a ministry within the Government of Indonesia that is in charge of youth and sports affairs of Indonesia\u2026<\/em><\/p><p>Which our first image confirms (Mail server IP and Mail Country from), but the reply would go to an email at <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"http:\/\/Yandex.com\">Yandex.com<\/a>.<\/p><p>If I was to continue down this road, the next step would be to investigate the sender\u2019s IP. However, we noticed here that the email is spoofed, so it\u2019s sort of a moot point. The reason for this is because we don\u2019t have any X-Originating-IP or Original-IP headers in the email. However, even if we did, it might not mean all that much as the way threat actors usually go on about this is to utilize a botnet which will make the same email come from different IP addresses.<\/p><p>Concluding our case here, we\u2019ve confirmed the (in)authenticity of the email in question, and acted appropriately (they mentioned in the body to mail them at another address @<a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"http:\/\/kakao.com\">kakao.com<\/a> domain, but I didn\u2019t investigate that mailbox beside running it through the MX Toolbox \u2013 and a glance was enough to realize something\u2019s <em>phishy<\/em>)<\/p><h3>&nbsp;<\/h3><h3>IP Address, Body, and Sandbox<\/h3><p>The Email body is important because it\u2019s usually where the payload will reside (in a form of a link or attachment). You can right click and copy the link location, extract it from the raw header directly, or use something like <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.convertcsv.com\/url-extractor.htm\">this<\/a> \u2013 (this is an awesome tool, with much more functionalities, for our case scroll down to data and choose URL extractor).<\/p><p>*You can use <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/cyberchef.io\/\">https:\/\/cyberchef.io\/<\/a> Extract URLs recipe too<\/p><p>You can also use Email extractor, to extract all the emails found in the raw message headers.<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5tx41z729d508o7en3bf61b.png\"><p><em>&nbsp;                Email extractor example<\/em><\/p><p><em>File Reputation and Sandbox<\/em><\/p><p>If you ever want to open\/validate those suspicious attachments\/files its quite important to know how to do so safely. One such tool can be <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/talosintelligence.com\/talos_file_reputation\">Talos File Reputation<\/a>.<\/p><p>On their site, its stated that \u201c<em>The Cisco Talos Intelligence Group maintains a reputation disposition on billions of files. This reputation system is fed into the Cisco Secure Firewall, ClamAV, and Open-Source Snort product lines. The tool below allows you to do casual lookups against the Talos File Reputation system. This system limits you to one lookup at a time, and is limited to only hash matching.\u201d<\/em><\/p><p>The other one is the ubiquitous <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.virustotal.com\/gui\/\">VirusTotal<\/a>, where you can \u201c<em>Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community.\u201d<\/em><\/p><p>I need to mention that you don\u2019t need leet skillz to understand the malware! There are online malware sandboxes that do that for you! Imagine having a malicious .pdf that you want to understand; well, by uploading to one of the platforms you can observe its behavior (URLs it tries to contact, IOCs, and a myriad of other nasty things).<\/p><p><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"http:\/\/Any.Run\">Any.Run<\/a> \u2013 \u201c<em>Analyze a network, file, module, and the registry activity. Interact with the OS directly from a browser. See the feedback from your actions immediately\u201d.<\/em><\/p><p><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.hybrid-analysis.com\/\">Hybrid Analysis<\/a> \u2013 \u201c<em>This is a free malware analysis service for the community that detects and nalyses unknown threats using a unique Hybrid Analysis technology.\u201d<\/em><\/p><p><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.joesecurity.org\/\">Joe Security<\/a> \u2013 \u201c<em>Deeply analyze URLs to detect phishing, drive by downloads, tech scam and more. Joe Sandbox uses an advanced AI based algorithm including template matching, perptual hashing, ORB feature detection and more to detect the malicious use of legit brands on websites. Add your own logos and templates to extend the detection capabilities.\u201d<\/em><\/p><p><em>&nbsp;<\/em><\/p><h4><em>IP Address<\/em><\/h4><p>As you saw, this one is quite tricky! And even if you were to find a related IP (which is tough) it would kinda block you when you would find it being an ec2 instance. This is a venue that\u2019s tough to pursue, and there\u2019s too many ways to bypass it. Its not impossible, though. I am leaving some further links at the end of the article.<\/p><h2>Conclusion<\/h2><p>Okay! That\u2019s been quite a ride, and there\u2019s a lot more to unpack there, as we saw \u2018simple\u2019 phishing has quite a bit going for it in the background. Some of the stuff mentioned might even be out of scope (a SOC analyst at an enterprise level might just need to check the email authenticity, given that it slipped through the filters, and they are not going to go on a further hunt), but I felt it was necessary to at least try and outline what goes into it. Think of this article as a teaser on the topic.<\/p><p>Also, my case here wasn&#8217;t a typical phishing email, it was more of a scam, but I picked it for the spoofed email address. You can really analyze just about any email, and I just hope I&#8217;ve managed to describe what was my intent.<\/p><p>Lastyl, stay safe, validate emails, check those headers, and hover! Also, never click immediately or react on anything without thinking on it \u2013 this is a basic human bias (we want to resolve stuff, and they deftly prompted us with a challenge, albeit a fake one), and exactly what threat actors abuse. Some would say think before you act.<\/p><h2>Additional Resources, Tools, Links<\/h2><ul><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.phishtool.com\/\">https:\/\/www.phishtool.com\/<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.reversinglabs.com\/\">https:\/\/www.reversinglabs.com\/<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/datatracker.ietf.org\/doc\/html\/rfc2821\">https:\/\/datatracker.ietf.org\/doc\/html\/rfc2821<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/help.returnpath.com\/hc\/en-us\/articles\/115000460632-How-to-interpret-SPF-authentication-verification-results\">https:\/\/help.returnpath.com\/hc\/en-us\/articles\/115000460632-How-to-interpret-SPF-authentication-verification-results<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/support.intermedia.com\/app\/articles\/detail\/a_id\/24929\/type\/KB\">https:\/\/support.intermedia.com\/app\/articles\/detail\/a_id\/24929\/type\/KB<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/ctemplar.com\/how-to-trace-email-ip-address-and-learn-who-sent-you-the-email\/\">https:\/\/ctemplar.com\/how-to-trace-email-ip-address-and-learn-who-sent-you-the-email\/<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.makeuseof.com\/tag\/how-to-trace-your-emails-back-to-the-source\/\">https:\/\/www.makeuseof.com\/tag\/how-to-trace-your-emails-back-to-the-source\/<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.theburningofrome.com\/trending\/can-you-fake-x-originating-ip\/\">https:\/\/www.theburningofrome.com\/trending\/can-you-fake-x-originating-ip\/<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/github.com\/edoardottt\/defangjs\">https:\/\/github.com\/edoardottt\/defangjs<\/a><\/li><li><a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/www.ibm.com\/docs\/en\/sqsp\/32.0?topic=SSBRUQ_32.0.0\/com.ibm.resilient.doc\/install\/resilient_install_defangURLs.htm\">https:\/\/www.ibm.com\/docs\/en\/sqsp\/32.0?topic=SSBRUQ_32.0.0\/com.ibm.resilient.doc\/install\/resilient_install_defangURLs.htm<\/a><\/li><\/ul><h2>Bonus \u2013 How to extract an .eml for viewing<\/h2><p>This is ridiculously simple, in fact! Let\u2019s look at an example mail (that I got from Coursera)<\/p><p>1. \u2013 Open your email client, and create a new message<\/p><p>2. \u2013 Drag the email you\u2019re interested into the body of the new email:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5tx66qj1jie08s05wgp985n.png\"><p>3. \u2013 You should see an attachment added to the email:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5tx7ghp1jjp08s033ae5xbf.png\"><p><em>Notice the name of the attachment<\/em><\/p><p>4. \u2013 Download the attachment to get the .eml file:<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txiafu29n708o7bdoz4mng.png\"><p>5. \u2013 Open the .eml to view raw headers, investigate, find bad guys, confirm stuff, and, most importantly, have some fun!<\/p><img decoding=\"async\" src=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txaphc29iw08o79d9ngnsw.png\"><p>You now have <em>all <\/em>the headers!<\/p><p>Cover by <a target=\"_blank\" rel=\"noopener noreferrer nofollow\" href=\"https:\/\/pixabay.com\/users\/mohamed_hassan-5229782\/\">Mohamed Hassan<\/a><\/p><p>#phish #eml #headers #body #malware #sandbox #pdf<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8085a61 post-content elementor-widget elementor-widget-shortcode\" data-id=\"8085a61\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"shortcode.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-shortcode\">\t\t<div data-elementor-type=\"page\" data-elementor-id=\"18103\" class=\"elementor elementor-18103\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a437045 elementor-widget elementor-widget-image-box\" data-id=\"a437045\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<div class=\"elementor-image-box-wrapper\"><div class=\"elementor-image-box-content\"><h3 class=\"elementor-image-box-title\">About Version 2 Digital<\/h3><p class=\"elementor-image-box-description\">Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.\n<br><br>\nThrough an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.<\/p><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t\n\t\t<div data-elementor-type=\"page\" data-elementor-id=\"39690\" class=\"elementor elementor-39690\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-748947f elementor-section-full_width elementor-section-height-default elementor-section-height-default\" data-id=\"748947f\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[{&quot;jet_parallax_layout_image&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;_id&quot;:&quot;c4f773e&quot;,&quot;jet_parallax_layout_image_tablet&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_image_mobile&quot;:{&quot;url&quot;:&quot;&quot;,&quot;id&quot;:&quot;&quot;,&quot;size&quot;:&quot;&quot;},&quot;jet_parallax_layout_speed&quot;:{&quot;unit&quot;:&quot;%&quot;,&quot;size&quot;:50,&quot;sizes&quot;:[]},&quot;jet_parallax_layout_type&quot;:&quot;scroll&quot;,&quot;jet_parallax_layout_direction&quot;:&quot;1&quot;,&quot;jet_parallax_layout_fx_direction&quot;:null,&quot;jet_parallax_layout_z_index&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x&quot;:50,&quot;jet_parallax_layout_bg_x_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_x_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y&quot;:50,&quot;jet_parallax_layout_bg_y_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_y_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size&quot;:&quot;auto&quot;,&quot;jet_parallax_layout_bg_size_tablet&quot;:&quot;&quot;,&quot;jet_parallax_layout_bg_size_mobile&quot;:&quot;&quot;,&quot;jet_parallax_layout_animation_prop&quot;:&quot;transform&quot;,&quot;jet_parallax_layout_on&quot;:[&quot;desktop&quot;,&quot;tablet&quot;]}]}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7995c19\" data-id=\"7995c19\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ff2a228 elementor-widget elementor-widget-text-editor\" data-id=\"ff2a228\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><\/p>\n<p><b>About VRX<\/b><br><b>VRX&nbsp;<\/b>is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"<p>Intro In this article, I will investigate how you can a [&hellip;]<\/p>","protected":false},"author":143524195,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[476,488,61],"tags":[477,489],"class_list":["post-54665","post","type-post","status-publish","format-standard","hentry","category-vrx","category-488","category-press-release","tag-vrx","tag-489"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Gone Phishing - Email Header and Body Analysis - Version 2<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Gone Phishing - Email Header and Body Analysis - Version 2\" \/>\n<meta property=\"og:description\" content=\"Intro In this article, I will investigate how you can a [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis\" \/>\n<meta property=\"og:site_name\" content=\"Version 2\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-03T01:26:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-19T07:16:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txf1c91jot08s08nq72948.png\" \/>\n<meta name=\"author\" content=\"version2hk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"version2hk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/gone-phishing-email-header-and-body-analysis\\\/\"},\"author\":{\"name\":\"version2hk\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\"},\"headline\":\"Gone Phishing &#8211; Email Header and Body Analysis\",\"datePublished\":\"2022-08-03T01:26:39+00:00\",\"dateModified\":\"2022-08-19T07:16:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/gone-phishing-email-header-and-body-analysis\\\/\"},\"wordCount\":1860,\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl5txf1c91jot08s08nq72948.png\",\"keywords\":[\"vRx\",\"2022\"],\"articleSection\":[\"vRx\",\"2022\",\"Press Release\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/version-2.com\\\/2022\\\/08\\\/gone-phishing-email-header-and-body-analysis\\\/\",\"url\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis\",\"name\":\"Gone Phishing - Email Header and Body Analysis - Version 2\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl5txf1c91jot08s08nq72948.png\",\"datePublished\":\"2022-08-03T01:26:39+00:00\",\"dateModified\":\"2022-08-19T07:16:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis#primaryimage\",\"url\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl5txf1c91jot08s08nq72948.png\",\"contentUrl\":\"https:\\\/\\\/ik.imagekit.io\\\/14sfaswy6hrz\\\/blog-posts\\\/images\\\/cl5txf1c91jot08s08nq72948.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vicarius.io\\\/blog\\\/gone-phishing-email-header-and-body-analysis#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9801\",\"item\":\"https:\\\/\\\/version-2.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Gone Phishing &#8211; Email Header and Body Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#website\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"name\":\"Version 2\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/version-2.com\\\/zh\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#organization\",\"name\":\"Version 2\",\"url\":\"https:\\\/\\\/version-2.com\\\/zh\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/version-2.com\\\/wp-content\\\/uploads\\\/2020\\\/08\\\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1\",\"width\":1795,\"height\":335,\"caption\":\"Version 2\"},\"image\":{\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/version-2.com\\\/zh\\\/#\\\/schema\\\/person\\\/d14d2d3cd77ffdb618b9f1330fe084db\",\"name\":\"version2hk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g\",\"caption\":\"version2hk\"},\"sameAs\":[\"http:\\\/\\\/version2xfortcom.wordpress.com\"],\"url\":\"https:\\\/\\\/version-2.com\\\/en\\\/author\\\/version2hk\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Gone Phishing - Email Header and Body Analysis - Version 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis","og_locale":"en_US","og_type":"article","og_title":"Gone Phishing - Email Header and Body Analysis - Version 2","og_description":"Intro In this article, I will investigate how you can a [&hellip;]","og_url":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis","og_site_name":"Version 2","article_published_time":"2022-08-03T01:26:39+00:00","article_modified_time":"2022-08-19T07:16:55+00:00","og_image":[{"url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txf1c91jot08s08nq72948.png","type":"","width":"","height":""}],"author":"version2hk","twitter_card":"summary_large_image","twitter_misc":{"Written by":"version2hk","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis#article","isPartOf":{"@id":"https:\/\/version-2.com\/2022\/08\/gone-phishing-email-header-and-body-analysis\/"},"author":{"name":"version2hk","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db"},"headline":"Gone Phishing &#8211; Email Header and Body Analysis","datePublished":"2022-08-03T01:26:39+00:00","dateModified":"2022-08-19T07:16:55+00:00","mainEntityOfPage":{"@id":"https:\/\/version-2.com\/2022\/08\/gone-phishing-email-header-and-body-analysis\/"},"wordCount":1860,"publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txf1c91jot08s08nq72948.png","keywords":["vRx","2022"],"articleSection":["vRx","2022","Press Release"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/version-2.com\/2022\/08\/gone-phishing-email-header-and-body-analysis\/","url":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis","name":"Gone Phishing - Email Header and Body Analysis - Version 2","isPartOf":{"@id":"https:\/\/version-2.com\/zh\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis#primaryimage"},"image":{"@id":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis#primaryimage"},"thumbnailUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txf1c91jot08s08nq72948.png","datePublished":"2022-08-03T01:26:39+00:00","dateModified":"2022-08-19T07:16:55+00:00","breadcrumb":{"@id":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis#primaryimage","url":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txf1c91jot08s08nq72948.png","contentUrl":"https:\/\/ik.imagekit.io\/14sfaswy6hrz\/blog-posts\/images\/cl5txf1c91jot08s08nq72948.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vicarius.io\/blog\/gone-phishing-email-header-and-body-analysis#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9801","item":"https:\/\/version-2.com\/"},{"@type":"ListItem","position":2,"name":"Gone Phishing &#8211; Email Header and Body Analysis"}]},{"@type":"WebSite","@id":"https:\/\/version-2.com\/zh\/#website","url":"https:\/\/version-2.com\/zh\/","name":"Version 2","description":"","publisher":{"@id":"https:\/\/version-2.com\/zh\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/version-2.com\/zh\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/version-2.com\/zh\/#organization","name":"Version 2","url":"https:\/\/version-2.com\/zh\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","contentUrl":"https:\/\/i0.wp.com\/version-2.com\/wp-content\/uploads\/2020\/08\/v2-hk-hor-4.png?fit=1795%2C335&ssl=1","width":1795,"height":335,"caption":"Version 2"},"image":{"@id":"https:\/\/version-2.com\/zh\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/version-2.com\/zh\/#\/schema\/person\/d14d2d3cd77ffdb618b9f1330fe084db","name":"version2hk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d280627252b42d7489de74dd88aa04043a495f25e258575000dc767e287bf94c?s=96&d=identicon&r=g","caption":"version2hk"},"sameAs":["http:\/\/version2xfortcom.wordpress.com"],"url":"https:\/\/version-2.com\/en\/author\/version2hk\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbQRKm-edH","post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/54665","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/users\/143524195"}],"replies":[{"embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/comments?post=54665"}],"version-history":[{"count":10,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/54665\/revisions"}],"predecessor-version":[{"id":54686,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/posts\/54665\/revisions\/54686"}],"wp:attachment":[{"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/media?parent=54665"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/categories?post=54665"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/version-2.com\/en\/wp-json\/wp\/v2\/tags?post=54665"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}