ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "litepub": "http://litepub.social/ns#", "directMessage": "litepub:directMessage", "blurhash": "toot:blurhash", "focalPoint": { "@container": "@list", "@id": "toot:focalPoint" }, "Hashtag": "as:Hashtag" } ], "id": "https://infosec.exchange/users/triciakickssaas/statuses/113906845473312988", "type": "Note", "summary": null, "inReplyTo": null, "published": "2025-01-28T16:08:47Z", "url": "https://infosec.exchange/@triciakickssaas/113906845473312988", "attributedTo": "https://infosec.exchange/users/triciakickssaas", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://infosec.exchange/users/triciakickssaas/followers" ], "sensitive": false, "atomUri": "https://infosec.exchange/users/triciakickssaas/statuses/113906845473312988", "inReplyToAtomUri": null, "conversation": "tag:infosec.exchange,2025-01-28:objectId=235352552:objectType=Conversation", "content": "<p>pls appreciate i wore an aqua colored sweater to talk about aquabot</p><p>🚨Active exploitation attempt🚨<br />Akamai Security Intelligence and Response Team (SIRT) has identified a new variant of the Mirai-based Aquabot, dubbed Aquabotv3 keeping in line with the naming conventions of the first two.</p><p>it is using CVE-2024-41710, a command injection vulnerability that affects Mitel SIP models. There was a POC made public in august 2024 but this is the first time it&#39;s been seen actively seeking exploitation ITW.</p><p>not only that! This malware exhibits a behavior we have never before seen with a Mirai variant: a function (report_kill) to report back to the C2 when a kill signal was caught on the infected device. </p><p>We (we = the SIRT) have not seen any response from the C2 as of the date this was originally posted (Jan. 28, 2024).</p><p>Incredible work Larry Cashdollar and Kyle Lefton 🎉 </p><p>Full technical analysis including IOCs:<br /><a href=\"https://www.akamai.com/blog/security-research/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">akamai.com/blog/security-resea</span><span class=\"invisible\">rch/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones</span></a></p><p><a href=\"https://infosec.exchange/tags/mirai\" class=\"mention hashtag\" rel=\"tag\">#<span>mirai</span></a> <a href=\"https://infosec.exchange/tags/malware\" class=\"mention hashtag\" rel=\"tag\">#<span>malware</span></a> <a href=\"https://infosec.exchange/tags/activeexploitation\" class=\"mention hashtag\" rel=\"tag\">#<span>activeexploitation</span></a> <a href=\"https://infosec.exchange/tags/security\" class=\"mention hashtag\" rel=\"tag\">#<span>security</span></a> <a href=\"https://infosec.exchange/tags/research\" class=\"mention hashtag\" rel=\"tag\">#<span>research</span></a> <a href=\"https://infosec.exchange/tags/botnet\" class=\"mention hashtag\" rel=\"tag\">#<span>botnet</span></a></p>", "contentMap": { "en": "<p>pls appreciate i wore an aqua colored sweater to talk about aquabot</p><p>🚨Active exploitation attempt🚨<br />Akamai Security Intelligence and Response Team (SIRT) has identified a new variant of the Mirai-based Aquabot, dubbed Aquabotv3 keeping in line with the naming conventions of the first two.</p><p>it is using CVE-2024-41710, a command injection vulnerability that affects Mitel SIP models. There was a POC made public in august 2024 but this is the first time it&#39;s been seen actively seeking exploitation ITW.</p><p>not only that! This malware exhibits a behavior we have never before seen with a Mirai variant: a function (report_kill) to report back to the C2 when a kill signal was caught on the infected device. </p><p>We (we = the SIRT) have not seen any response from the C2 as of the date this was originally posted (Jan. 28, 2024).</p><p>Incredible work Larry Cashdollar and Kyle Lefton 🎉 </p><p>Full technical analysis including IOCs:<br /><a href=\"https://www.akamai.com/blog/security-research/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones\" target=\"_blank\" rel=\"nofollow noopener\" translate=\"no\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">akamai.com/blog/security-resea</span><span class=\"invisible\">rch/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones</span></a></p><p><a href=\"https://infosec.exchange/tags/mirai\" class=\"mention hashtag\" rel=\"tag\">#<span>mirai</span></a> <a href=\"https://infosec.exchange/tags/malware\" class=\"mention hashtag\" rel=\"tag\">#<span>malware</span></a> <a href=\"https://infosec.exchange/tags/activeexploitation\" class=\"mention hashtag\" rel=\"tag\">#<span>activeexploitation</span></a> <a href=\"https://infosec.exchange/tags/security\" class=\"mention hashtag\" rel=\"tag\">#<span>security</span></a> <a href=\"https://infosec.exchange/tags/research\" class=\"mention hashtag\" rel=\"tag\">#<span>research</span></a> <a href=\"https://infosec.exchange/tags/botnet\" class=\"mention hashtag\" rel=\"tag\">#<span>botnet</span></a></p>" }, "attachment": [ { "type": "Document", "mediaType": "video/mp4", "url": "https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/906/843/563/224/179/original/f71ad266c5dcc247.mp4", "name": null, "blurhash": "UKHB#p$n1ETI8^sm%MV?PpXS#Dw~VHRkogt6", "width": 1080, "height": 1920 } ], "tag": [ { "type": "Hashtag", "href": "https://infosec.exchange/tags/mirai", "name": "#mirai" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/malware", "name": "#malware" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/activeexploitation", "name": "#activeexploitation" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/security", "name": "#security" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/research", "name": "#research" }, { "type": "Hashtag", "href": "https://infosec.exchange/tags/botnet", "name": "#botnet" } ], "replies": { "id": "https://infosec.exchange/users/triciakickssaas/statuses/113906845473312988/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://infosec.exchange/users/triciakickssaas/statuses/113906845473312988/replies?only_other_accounts=true&page=true", "partOf": "https://infosec.exchange/users/triciakickssaas/statuses/113906845473312988/replies", "items": [] } }, "likes": { "id": "https://infosec.exchange/users/triciakickssaas/statuses/113906845473312988/likes", "type": "Collection", "totalItems": 1 }, "shares": { "id": "https://infosec.exchange/users/triciakickssaas/statuses/113906845473312988/shares", "type": "Collection", "totalItems": 0 } }