ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "litepub": "http://litepub.social/ns#", "directMessage": "litepub:directMessage", "Hashtag": "as:Hashtag" } ], "id": "https://infosec.exchange/users/ErikvanStraten/statuses/112882465872869504", "type": "Note", "summary": "re: Detailed explanation (long)", "inReplyTo": "https://infosec.exchange/users/ErikvanStraten/statuses/112882463034102550", "published": "2024-07-31T18:15:35Z", "url": "https://infosec.exchange/@ErikvanStraten/112882465872869504", "attributedTo": "https://infosec.exchange/users/ErikvanStraten", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/ErikvanStraten/followers", "https://beta.mstdn.cf/users/billtoulas", "https://infosec.exchange/users/BleepingComputer" ], "sensitive": true, "atomUri": "https://infosec.exchange/users/ErikvanStraten/statuses/112882465872869504", "inReplyToAtomUri": "https://infosec.exchange/users/ErikvanStraten/statuses/112882463034102550", "conversation": "tag:infosec.exchange,2024-07-31:objectId=180890351:objectType=Conversation", "content": "<p>Detailed explanation (last part) of what I wrote in <a href=\"https://infosec.exchange/@ErikvanStraten/112882437562055760\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">infosec.exchange/@ErikvanStrat</span><span class=\"invisible\">en/112882437562055760</span></a></p><p>————————<br />(8) Impersonation of websites (phishing)<br />————————<br />A rapidly increasing problem on the internet is impersonation of real websites as part of phishing attacks.</p><p>Domain names are just (temporary) aliases to identities - like phone numbers. They may *seem* meaningful, but most often they are not.</p><p>Usually the identity-alias relation makes some sense, but only in one direction. Most people know that google.com belongs to Google. However, having seen aka.ms or goo.gl does make at least some people believe that the .ms TLD belongs to Microsoft and .gl to Google: they do not.</p><p>Typically (again) marketeers fail to understand this in general as well as the hierarchical nature of domain names. This lunacy leads to the fact that people are supposed to remember every domain name *precisely* that an organization may use (domain names have zero fault tolerance).</p><p>For example, we learned that microsoft.com belongs to Microsoft, Inc. from Redmond, USA.</p><p>However, why would (login.) microsoftonline.com also belong to that company? What idiot &quot;invents&quot; such a name? Are their other servers OFFLINE or what? Why didn&#39;t they use login.microsoft.com?</p><p>And why does live.com belong to them? And passport.com, outlook.com?</p><p>Okay, if that&#39;s the case, then why would microsofsignin.com, microsoft.login.com, lookout.com, microsoft.fail and microsoft.wtf *NOT* belong to Microsoft?</p><p>This makes no sense whatsoever.</p><p>It exactly describes the problem: perhaps with some exceptions (such as .gov domains), in general, domain names do NOT necessarily have anything to do with the person or organization responsible for a website.</p><p>And precisely such information would help internet users determine whether they are visiting the website of the INTENDED ORGANIZATION.</p><p>Like in offline life, knowledge of who owns a shop does not automatically mean that the owner is reliable and trustworthy.</p><p>However, knowing (with a specific reliability) who owns a website, has some important advantages, like the ones that follow:</p><p>• As said, being able to distinguish between fake and real websites in a more reliable way;</p><p>• Based on knowing who the owner is, users can try to find information regarding the *reputation* of the owner;</p><p>• By knowing where the owner lives, they have an indication of the success of suing the owner if he/she deceives them;</p><p>• The fact that persecution of criminal website owners is more likely if they cannot hide their real identity is very likely to deter at least part of the criminals from commiiting such crimes;</p><p>• Individuals who repeatedly commit crimes may be included in block lists.</p><p>There&#39;s a lot more to be said about this topic; I may write more about this at later time.</p><p><span class=\"h-card\" translate=\"no\"><a href=\"https://beta.mstdn.cf/users/billtoulas\" class=\"u-url mention\">@<span>billtoulas</span></a></span> <br /><span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@BleepingComputer\" class=\"u-url mention\">@<span>BleepingComputer</span></a></span> </p><p><a href=\"https://infosec.exchange/tags/Certificates\" class=\"mention hashtag\" rel=\"tag\">#<span>Certificates</span></a> <a href=\"https://infosec.exchange/tags/https\" class=\"mention hashtag\" rel=\"tag\">#<span>https</span></a> <a href=\"https://infosec.exchange/tags/TLS\" class=\"mention hashtag\" rel=\"tag\">#<span>TLS</span></a> <a href=\"https://infosec.exchange/tags/Encryption\" class=\"mention hashtag\" rel=\"tag\">#<span>Encryption</span></a> <a href=\"https://infosec.exchange/tags/Signing\" class=\"mention hashtag\" rel=\"tag\">#<span>Signing</span></a> <a href=\"https://infosec.exchange/tags/DV\" class=\"mention hashtag\" rel=\"tag\">#<span>DV</span></a> <a href=\"https://infosec.exchange/tags/DomainValidation\" class=\"mention hashtag\" rel=\"tag\">#<span>DomainValidation</span></a> <a href=\"https://infosec.exchange/tags/AitM\" class=\"mention hashtag\" rel=\"tag\">#<span>AitM</span></a> <a href=\"https://infosec.exchange/tags/MitM\" class=\"mention hashtag\" rel=\"tag\">#<span>MitM</span></a> <a href=\"https://infosec.exchange/tags/Identification\" class=\"mention hashtag\" rel=\"tag\">#<span>Identification</span></a> <a href=\"https://infosec.exchange/tags/Authentication\" class=\"mention hashtag\" rel=\"tag\">#<span>Authentication</span></a> <a href=\"https://infosec.exchange/tags/Impersonation\" class=\"mention hashtag\" rel=\"tag\">#<span>Impersonation</span></a> <a href=\"https://infosec.exchange/tags/OV\" class=\"mention hashtag\" rel=\"tag\">#<span>OV</span></a> <a href=\"https://infosec.exchange/tags/EV\" class=\"mention hashtag\" rel=\"tag\">#<span>EV</span></a> <a href=\"https://infosec.exchange/tags/QWAC\" class=\"mention hashtag\" rel=\"tag\">#<span>QWAC</span></a> <a href=\"https://infosec.exchange/tags/LE\" class=\"mention hashtag\" rel=\"tag\">#<span>LE</span></a> <a href=\"https://infosec.exchange/tags/LetsEncrypt\" class=\"mention hashtag\" rel=\"tag\">#<span>LetsEncrypt</span></a> <a href=\"https://infosec.exchange/tags/MisIssuance\" class=\"mention hashtag\" rel=\"tag\">#<span>MisIssuance</span></a> <a href=\"https://infosec.exchange/tags/Revocation\" class=\"mention hashtag\" rel=\"tag\">#<span>Revocation</span></a> <a href=\"https://infosec.exchange/tags/Revoked\" class=\"mention hashtag\" rel=\"tag\">#<span>Revoked</span></a> <a href=\"https://infosec.exchange/tags/OCSP\" class=\"mention hashtag\" rel=\"tag\">#<span>OCSP</span></a> <a href=\"https://infosec.exchange/tags/OCSPStapling\" class=\"mention hashtag\" rel=\"tag\">#<span>OCSPStapling</span></a> <a href=\"https://infosec.exchange/tags/CRL\" class=\"mention hashtag\" rel=\"tag\">#<span>CRL</span></a> <a href=\"https://infosec.exchange/tags/CertificateMisIssuance\" class=\"mention hashtag\" rel=\"tag\">#<span>CertificateMisIssuance</span></a> <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> <a href=\"https://infosec.exchange/tags/DNSHijack\" class=\"mention hashtag\" rel=\"tag\">#<span>DNSHijack</span></a> <a href=\"https://infosec.exchange/tags/BGP\" class=\"mention hashtag\" rel=\"tag\">#<span>BGP</span></a> <a href=\"https://infosec.exchange/tags/BGPHijack\" class=\"mention hashtag\" rel=\"tag\">#<span>BGPHijack</span></a> <a href=\"https://infosec.exchange/tags/Trust\" class=\"mention hashtag\" rel=\"tag\">#<span>Trust</span></a> <a href=\"https://infosec.exchange/tags/Reliability\" class=\"mention hashtag\" rel=\"tag\">#<span>Reliability</span></a></p>", "contentMap": { "en": "<p>Detailed explanation (last part) of what I wrote in <a href=\"https://infosec.exchange/@ErikvanStraten/112882437562055760\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://</span><span class=\"ellipsis\">infosec.exchange/@ErikvanStrat</span><span class=\"invisible\">en/112882437562055760</span></a></p><p>————————<br />(8) Impersonation of websites (phishing)<br />————————<br />A rapidly increasing problem on the internet is impersonation of real websites as part of phishing attacks.</p><p>Domain names are just (temporary) aliases to identities - like phone numbers. They may *seem* meaningful, but most often they are not.</p><p>Usually the identity-alias relation makes some sense, but only in one direction. Most people know that google.com belongs to Google. However, having seen aka.ms or goo.gl does make at least some people believe that the .ms TLD belongs to Microsoft and .gl to Google: they do not.</p><p>Typically (again) marketeers fail to understand this in general as well as the hierarchical nature of domain names. This lunacy leads to the fact that people are supposed to remember every domain name *precisely* that an organization may use (domain names have zero fault tolerance).</p><p>For example, we learned that microsoft.com belongs to Microsoft, Inc. from Redmond, USA.</p><p>However, why would (login.) microsoftonline.com also belong to that company? What idiot &quot;invents&quot; such a name? Are their other servers OFFLINE or what? Why didn&#39;t they use login.microsoft.com?</p><p>And why does live.com belong to them? And passport.com, outlook.com?</p><p>Okay, if that&#39;s the case, then why would microsofsignin.com, microsoft.login.com, lookout.com, microsoft.fail and microsoft.wtf *NOT* belong to Microsoft?</p><p>This makes no sense whatsoever.</p><p>It exactly describes the problem: perhaps with some exceptions (such as .gov domains), in general, domain names do NOT necessarily have anything to do with the person or organization responsible for a website.</p><p>And precisely such information would help internet users determine whether they are visiting the website of the INTENDED ORGANIZATION.</p><p>Like in offline life, knowledge of who owns a shop does not automatically mean that the owner is reliable and trustworthy.</p><p>However, knowing (with a specific reliability) who owns a website, has some important advantages, like the ones that follow:</p><p>• As said, being able to distinguish between fake and real websites in a more reliable way;</p><p>• Based on knowing who the owner is, users can try to find information regarding the *reputation* of the owner;</p><p>• By knowing where the owner lives, they have an indication of the success of suing the owner if he/she deceives them;</p><p>• The fact that persecution of criminal website owners is more likely if they cannot hide their real identity is very likely to deter at least part of the criminals from commiiting such crimes;</p><p>• Individuals who repeatedly commit crimes may be included in block lists.</p><p>There&#39;s a lot more to be said about this topic; I may write more about this at later time.</p><p><span class=\"h-card\" translate=\"no\"><a href=\"https://beta.mstdn.cf/users/billtoulas\" class=\"u-url mention\">@<span>billtoulas</span></a></span> <br /><span class=\"h-card\" translate=\"no\"><a href=\"https://infosec.exchange/@BleepingComputer\" class=\"u-url mention\">@<span>BleepingComputer</span></a></span> </p><p><a href=\"https://infosec.exchange/tags/Certificates\" class=\"mention hashtag\" rel=\"tag\">#<span>Certificates</span></a> <a href=\"https://infosec.exchange/tags/https\" class=\"mention hashtag\" rel=\"tag\">#<span>https</span></a> <a href=\"https://infosec.exchange/tags/TLS\" class=\"mention hashtag\" rel=\"tag\">#<span>TLS</span></a> <a href=\"https://infosec.exchange/tags/Encryption\" class=\"mention hashtag\" rel=\"tag\">#<span>Encryption</span></a> <a href=\"https://infosec.exchange/tags/Signing\" class=\"mention hashtag\" rel=\"tag\">#<span>Signing</span></a> <a href=\"https://infosec.exchange/tags/DV\" class=\"mention hashtag\" rel=\"tag\">#<span>DV</span></a> <a href=\"https://infosec.exchange/tags/DomainValidation\" class=\"mention hashtag\" rel=\"tag\">#<span>DomainValidation</span></a> <a href=\"https://infosec.exchange/tags/AitM\" class=\"mention hashtag\" rel=\"tag\">#<span>AitM</span></a> <a href=\"https://infosec.exchange/tags/MitM\" class=\"mention hashtag\" rel=\"tag\">#<span>MitM</span></a> <a href=\"https://infosec.exchange/tags/Identification\" class=\"mention hashtag\" rel=\"tag\">#<span>Identification</span></a> <a href=\"https://infosec.exchange/tags/Authentication\" class=\"mention hashtag\" rel=\"tag\">#<span>Authentication</span></a> <a href=\"https://infosec.exchange/tags/Impersonation\" class=\"mention hashtag\" rel=\"tag\">#<span>Impersonation</span></a> <a href=\"https://infosec.exchange/tags/OV\" class=\"mention hashtag\" rel=\"tag\">#<span>OV</span></a> <a href=\"https://infosec.exchange/tags/EV\" class=\"mention hashtag\" rel=\"tag\">#<span>EV</span></a> <a href=\"https://infosec.exchange/tags/QWAC\" class=\"mention hashtag\" rel=\"tag\">#<span>QWAC</span></a> <a href=\"https://infosec.exchange/tags/LE\" class=\"mention hashtag\" rel=\"tag\">#<span>LE</span></a> <a href=\"https://infosec.exchange/tags/LetsEncrypt\" class=\"mention hashtag\" rel=\"tag\">#<span>LetsEncrypt</span></a> <a href=\"https://infosec.exchange/tags/MisIssuance\" class=\"mention hashtag\" rel=\"tag\">#<span>MisIssuance</span></a> <a href=\"https://infosec.exchange/tags/Revocation\" class=\"mention hashtag\" rel=\"tag\">#<span>Revocation</span></a> <a href=\"https://infosec.exchange/tags/Revoked\" class=\"mention hashtag\" rel=\"tag\">#<span>Revoked</span></a> <a href=\"https://infosec.exchange/tags/OCSP\" class=\"mention hashtag\" rel=\"tag\">#<span>OCSP</span></a> <a href=\"https://infosec.exchange/tags/OCSPStapling\" class=\"mention hashtag\" rel=\"tag\">#<span>OCSPStapling</span></a> <a href=\"https://infosec.exchange/tags/CRL\" class=\"mention hashtag\" rel=\"tag\">#<span>CRL</span></a> <a href=\"https://infosec.exchange/tags/CertificateMisIssuance\" class=\"mention hashtag\" rel=\"tag\">#<span>CertificateMisIssuance</span></a> <a href=\"https://infosec.exchange/tags/DNS\" class=\"mention hashtag\" rel=\"tag\">#<span>DNS</span></a> <a href=\"https://infosec.exchange/tags/DNSHijack\" class=\"mention hashtag\" rel=\"tag\">#<span>DNSHijack</span></a> <a href=\"https://infosec.exchange/tags/BGP\" class=\"mention hashtag\" rel=\"tag\">#<span>BGP</span></a> <a href=\"https://infosec.exchange/tags/BGPHijack\" class=\"mention hashtag\" rel=\"tag\">#<span>BGPHijack</span></a> <a href=\"https://infosec.exchange/tags/Trust\" class=\"mention hashtag\" rel=\"tag\">#<span>Trust</span></a> <a href=\"https://infosec.exchange/tags/Reliability\" class=\"mention hashtag\" rel=\"tag\">#<span>Reliability</span></a></p>" }, "attachment": [], "tag": [ { "type": "Mention", "href": "https://beta.mstdn.cf/users/billtoulas", "name": "@billtoulas@beta.mstdn.cf" }, { "type": "Mention", "href": "https://infosec.exchange/users/BleepingComputer", "name": "@BleepingComputer" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/certificates", "name": "#certificates" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/https", "name": "#https" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/tls", "name": "#tls" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/encryption", "name": "#encryption" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/signing", "name": "#signing" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dv", "name": "#dv" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/domainvalidation", "name": "#domainvalidation" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/AiTM", "name": "#AiTM" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/mitm", "name": "#mitm" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/identification", "name": "#identification" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/authentication", "name": "#authentication" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/impersonation", "name": "#impersonation" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ov", "name": "#ov" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ev", "name": "#ev" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/QWAC", "name": "#QWAC" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/le", "name": "#le" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/letsencrypt", "name": "#letsencrypt" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/misissuance", "name": "#misissuance" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/revocation", "name": "#revocation" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/revoked", "name": "#revoked" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ocsp", "name": "#ocsp" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/ocspstapling", "name": "#ocspstapling" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/crl", "name": "#crl" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/certificatemisissuance", "name": "#certificatemisissuance" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dns", "name": "#dns" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/dnshijack", "name": "#dnshijack" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/bgp", "name": "#bgp" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/bgphijack", "name": "#bgphijack" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/trust", "name": "#trust" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/reliability", "name": "#reliability" } ], "replies": { "id": "https://infosec.exchange/users/ErikvanStraten/statuses/112882465872869504/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/ErikvanStraten/statuses/112882465872869504/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/ErikvanStraten/statuses/112882465872869504/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/ErikvanStraten/statuses/112882465872869504/likes", "type": "Collection", "totalItems": 1 }, "shares": { "id": "https://infosec.exchange/users/ErikvanStraten/statuses/112882465872869504/shares", "type": "Collection", "totalItems": 0 } }