ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "Hashtag": "as:Hashtag" } ], "id": "https://hear-me.social/users/admin/statuses/114359028686664784", "type": "Note", "summary": null, "inReplyTo": null, "published": "2025-04-18T12:44:56Z", "url": "https://hear-me.social/@admin/114359028686664784", "attributedTo": "https://hear-me.social/users/admin", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://hear-me.social/users/admin/followers", "https://mastodon.social/users/Gargron", "https://mastodon.online/users/ClearlyClaire" ], "sensitive": false, "atomUri": "https://hear-me.social/users/admin/statuses/114359028686664784", "inReplyToAtomUri": null, "conversation": "tag:hear-me.social,2025-04-18:objectId=65493626:objectType=Conversation", "content": "<p>Riddle me this. How can a spammer start their account creation from /auth/confirmation? He does this every week. He never accesses /auth/sign_up. He always first shows up in the logs accessing /auth/confirmation.</p><p>I have his ASN blocked by the Cloudflare firewall from accessing /auth/sign_up. I see in the Cloudflare logs that he tried to access /auth/sign_up but got a 403 from Cloudflare. The request is nowhere in my logs. It was truly blocked by the proxy server.</p><p>But, then suddenly he&#39;s using /auth/confirmation with the same blocked ASN seconds later and creates the account. Today I added the same ASN restriction to /auth/confirmation to try to stop future sign-ups, but this is beside the point.</p><p>It&#39;s like he tries to go to sign_up, gets a 403, and then uses some alternative means to begin the signup process.</p><p>He&#39;s not getting in with an invitation code, either.</p><p>Can he be using an existing account in some way to get an access token for an API call of some type to begin registration?</p><p>How does he do this?</p><p><a href=\"https://hear-me.social/tags/MastoAdmin\" class=\"mention hashtag\" rel=\"tag\">#<span>MastoAdmin</span></a> <a href=\"https://hear-me.social/tags/MastoDev\" class=\"mention hashtag\" rel=\"tag\">#<span>MastoDev</span></a> <span class=\"h-card\" translate=\"no\"><a href=\"https://mastodon.social/@Gargron\" class=\"u-url mention\">@<span>Gargron</span></a></span> <span class=\"h-card\" translate=\"no\"><a href=\"https://mastodon.online/@ClearlyClaire\" class=\"u-url mention\">@<span>ClearlyClaire</span></a></span></p>", "contentMap": { "en": "<p>Riddle me this. How can a spammer start their account creation from /auth/confirmation? He does this every week. He never accesses /auth/sign_up. He always first shows up in the logs accessing /auth/confirmation.</p><p>I have his ASN blocked by the Cloudflare firewall from accessing /auth/sign_up. I see in the Cloudflare logs that he tried to access /auth/sign_up but got a 403 from Cloudflare. The request is nowhere in my logs. It was truly blocked by the proxy server.</p><p>But, then suddenly he&#39;s using /auth/confirmation with the same blocked ASN seconds later and creates the account. Today I added the same ASN restriction to /auth/confirmation to try to stop future sign-ups, but this is beside the point.</p><p>It&#39;s like he tries to go to sign_up, gets a 403, and then uses some alternative means to begin the signup process.</p><p>He&#39;s not getting in with an invitation code, either.</p><p>Can he be using an existing account in some way to get an access token for an API call of some type to begin registration?</p><p>How does he do this?</p><p><a href=\"https://hear-me.social/tags/MastoAdmin\" class=\"mention hashtag\" rel=\"tag\">#<span>MastoAdmin</span></a> <a href=\"https://hear-me.social/tags/MastoDev\" class=\"mention hashtag\" rel=\"tag\">#<span>MastoDev</span></a> <span class=\"h-card\" translate=\"no\"><a href=\"https://mastodon.social/@Gargron\" class=\"u-url mention\">@<span>Gargron</span></a></span> <span class=\"h-card\" translate=\"no\"><a href=\"https://mastodon.online/@ClearlyClaire\" class=\"u-url mention\">@<span>ClearlyClaire</span></a></span></p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://mastodon.social/users/Gargron", "name": "@Gargron@mastodon.social" }, { "type": "Mention", "href": "https://mastodon.online/users/ClearlyClaire", "name": "@ClearlyClaire@mastodon.online" }, { "type": "Hashtag", "href": "https://hear-me.social/tags/mastoadmin", "name": "#mastoadmin" }, { "type": "Hashtag", "href": "https://hear-me.social/tags/mastodev", "name": "#mastodev" } ], "replies": { "id": "https://hear-me.social/users/admin/statuses/114359028686664784/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://hear-me.social/users/admin/statuses/114359028686664784/replies?only_other_accounts=true&page=true", "partOf": "https://hear-me.social/users/admin/statuses/114359028686664784/replies", "items": [] } }, "likes": { "id": "https://hear-me.social/users/admin/statuses/114359028686664784/likes", "type": "Collection", "totalItems": 4 }, "shares": { "id": "https://hear-me.social/users/admin/statuses/114359028686664784/shares", "type": "Collection", "totalItems": 1 } }