ActivityPub Viewer

A small tool to view real-world ActivityPub objects as JSON! Enter a URL or username from Mastodon or a similar service below, and we'll send a request with the right Accept header to the server to view the underlying object.

Open in browser →
{ "@context": [ "https://www.w3.org/ns/activitystreams", { "ostatus": "http://ostatus.org#", "atomUri": "ostatus:atomUri", "inReplyToAtomUri": "ostatus:inReplyToAtomUri", "conversation": "ostatus:conversation", "sensitive": "as:sensitive", "toot": "http://joinmastodon.org/ns#", "votersCount": "toot:votersCount", "blurhash": "toot:blurhash", "focalPoint": { "@container": "@list", "@id": "toot:focalPoint" }, "Hashtag": "as:Hashtag" } ], "id": "https://tastingtraffic.net/users/InternationalTechNews/statuses/109506750262382343", "type": "Note", "summary": null, "inReplyTo": null, "published": "2022-12-13T14:06:43Z", "url": "https://tastingtraffic.net/@InternationalTechNews/109506750262382343", "attributedTo": "https://tastingtraffic.net/users/InternationalTechNews", "to": [ "https://www.w3.org/ns/activitystreams#Public" ], "cc": [ "https://tastingtraffic.net/users/InternationalTechNews/followers" ], "sensitive": false, "atomUri": "https://tastingtraffic.net/users/InternationalTechNews/statuses/109506750262382343", "inReplyToAtomUri": null, "conversation": "tag:tastingtraffic.net,2022-12-13:objectId=116250:objectType=Conversation", "content": "<p><a href=\"https://tastingtraffic.net/tags/INTERNATIONAL_TECH_NEWS\" class=\"mention hashtag\" rel=\"tag\">#<span>INTERNATIONAL_TECH_NEWS</span></a> </p><p><a href=\"https://tastingtraffic.net/tags/HEADS_UP\" class=\"mention hashtag\" rel=\"tag\">#<span>HEADS_UP</span></a>!</p><p><a href=\"https://tastingtraffic.net/tags/WORDFENCE\" class=\"mention hashtag\" rel=\"tag\">#<span>WORDFENCE</span></a> UPDATE: <a href=\"https://tastingtraffic.net/tags/CAVEAT\" class=\"mention hashtag\" rel=\"tag\">#<span>CAVEAT</span></a> WEEKENDS AND HOLIDAYS</p><p>Spikes in Attacks Serve as a Reminder to Update Plugins</p><p>Cyber Observables<br />The following are the common observables we have logged in these exploit attempts. If any of these are observed on a website or in logs, it is an indication that one of these vulnerabilities has been exploited. The IP addresses listed are specifically from the spikes we have seen over the Thanksgiving holiday and the first weekend in December.</p><p>Kaswara<br />Top ten IPs<br />40.87.107.73<br />65.109.128.42<br />65.21.155.174<br />65.108.251.64<br />5.75.244.31<br />65.109.137.44<br />65.21.247.31<br />49.12.184.76<br />5.75.252.228<br />5.75.252.229</p><p>Common Uploaded Filenames<br />There were quite a few variations of randomly named six-letter filenames, two are referenced below, but each one observed used the .zip extension.</p><p>a57bze8931.zip<br />bala.zip<br />jwoqrj.zip<br />kity.zip<br />nkhnhf.zip</p><p>Top Ten User-Agent Strings</p><p>Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36<br />Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 X-Middleton/1<br />Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36<br />Amazon CloudFront<br />Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36<br />Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36<br />Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36<br />Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36<br />Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36<br />Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36</p><p>Adning<br />Top Ten IPs<br />65.109.128.42<br />65.108.251.64<br />65.21.155.174<br />5.75.244.31<br />65.109.137.44<br />65.21.247.31<br />5.75.252.229<br />65.109.138.122<br />40.87.107.73<br />49.12.184.76</p><p>Common Uploaded Filenames<br />Most observed exploit attempts against the Adning plugin appeared to be nothing more than probing for the vulnerability, but in one instance the following filename was observed as a payload.</p><p>Top Ten User-Agent Strings</p><p>python-requests/2.28.1<br />Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36<br />Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0<br />Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36<br />python-requests/2.28.1 X-Middleton/1<br />python-requests/2.26.0<br />python-requests/2.27.1<br />Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; @longcat) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36<br />Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 X-Middleton/1<br />ALittle Client</p><p>Conclusion<br />In this post we discussed two vulnerabilities that have spiked over the past two weekends. Removing or updating vulnerable plugins is always the best solution, but a Web Application Firewall like the one provided by Wordfence is important to block exploit attempts and can even protect your site from attacks targeting unknown vulnerabilities. The Wordfence firewall protects all Wordfence users, including Wordfence Free, Wordfence Premium, Wordfence Care, and Wordfence Response, against these vulnerabilities. Even with this protection in place, these vulnerabilities are serious as they can lead to full site takeover, and the Kaswara Modern VC Addons should be immediately removed, and the Adning Advertising plugin should immediately be updated.</p><p><a href=\"https://www.wordfence.com/blog/2022/12/spikes-in-attacks-serve-as-a-reminder-to-update-plugins\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">wordfence.com/blog/2022/12/spi</span><span class=\"invisible\">kes-in-attacks-serve-as-a-reminder-to-update-plugins</span></a></p><p>TastingTraffic LLC</p><p>Founder of <a href=\"https://tastingtraffic.net/tags/SEO\" class=\"mention hashtag\" rel=\"tag\">#<span>SEO</span></a> (Search Engine Optimization)<br />Founder of <a href=\"https://tastingtraffic.net/tags/RTB\" class=\"mention hashtag\" rel=\"tag\">#<span>RTB</span></a> (Real Time Bidding)<br />Founder of <a href=\"https://tastingtraffic.net/tags/HFT\" class=\"mention hashtag\" rel=\"tag\">#<span>HFT</span></a> (High Frequency Trading)</p><p>Disclaimer: <a href=\"https://tastingtraffic.net\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">https://</span><span class=\"\">tastingtraffic.net</span><span class=\"invisible\"></span></a> and/or <a href=\"http://JustBlameWayne.com\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">http://</span><span class=\"\">JustBlameWayne.com</span><span class=\"invisible\"></span></a> (Decentralized SOCIAL Network) and/or its owners [<a href=\"http://tastingtraffic.com\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">http://</span><span class=\"\">tastingtraffic.com</span><span class=\"invisible\"></span></a>] are not affiliates of this provider or referenced image used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.</p>", "contentMap": { "en": "<p><a href=\"https://tastingtraffic.net/tags/INTERNATIONAL_TECH_NEWS\" class=\"mention hashtag\" rel=\"tag\">#<span>INTERNATIONAL_TECH_NEWS</span></a> </p><p><a href=\"https://tastingtraffic.net/tags/HEADS_UP\" class=\"mention hashtag\" rel=\"tag\">#<span>HEADS_UP</span></a>!</p><p><a href=\"https://tastingtraffic.net/tags/WORDFENCE\" class=\"mention hashtag\" rel=\"tag\">#<span>WORDFENCE</span></a> UPDATE: <a href=\"https://tastingtraffic.net/tags/CAVEAT\" class=\"mention hashtag\" rel=\"tag\">#<span>CAVEAT</span></a> WEEKENDS AND HOLIDAYS</p><p>Spikes in Attacks Serve as a Reminder to Update Plugins</p><p>Cyber Observables<br />The following are the common observables we have logged in these exploit attempts. If any of these are observed on a website or in logs, it is an indication that one of these vulnerabilities has been exploited. The IP addresses listed are specifically from the spikes we have seen over the Thanksgiving holiday and the first weekend in December.</p><p>Kaswara<br />Top ten IPs<br />40.87.107.73<br />65.109.128.42<br />65.21.155.174<br />65.108.251.64<br />5.75.244.31<br />65.109.137.44<br />65.21.247.31<br />49.12.184.76<br />5.75.252.228<br />5.75.252.229</p><p>Common Uploaded Filenames<br />There were quite a few variations of randomly named six-letter filenames, two are referenced below, but each one observed used the .zip extension.</p><p>a57bze8931.zip<br />bala.zip<br />jwoqrj.zip<br />kity.zip<br />nkhnhf.zip</p><p>Top Ten User-Agent Strings</p><p>Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36<br />Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 X-Middleton/1<br />Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36<br />Amazon CloudFront<br />Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36<br />Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36<br />Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36<br />Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36<br />Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36<br />Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36</p><p>Adning<br />Top Ten IPs<br />65.109.128.42<br />65.108.251.64<br />65.21.155.174<br />5.75.244.31<br />65.109.137.44<br />65.21.247.31<br />5.75.252.229<br />65.109.138.122<br />40.87.107.73<br />49.12.184.76</p><p>Common Uploaded Filenames<br />Most observed exploit attempts against the Adning plugin appeared to be nothing more than probing for the vulnerability, but in one instance the following filename was observed as a payload.</p><p>Top Ten User-Agent Strings</p><p>python-requests/2.28.1<br />Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36<br />Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0<br />Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36<br />python-requests/2.28.1 X-Middleton/1<br />python-requests/2.26.0<br />python-requests/2.27.1<br />Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; @longcat) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36<br />Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 X-Middleton/1<br />ALittle Client</p><p>Conclusion<br />In this post we discussed two vulnerabilities that have spiked over the past two weekends. Removing or updating vulnerable plugins is always the best solution, but a Web Application Firewall like the one provided by Wordfence is important to block exploit attempts and can even protect your site from attacks targeting unknown vulnerabilities. The Wordfence firewall protects all Wordfence users, including Wordfence Free, Wordfence Premium, Wordfence Care, and Wordfence Response, against these vulnerabilities. Even with this protection in place, these vulnerabilities are serious as they can lead to full site takeover, and the Kaswara Modern VC Addons should be immediately removed, and the Adning Advertising plugin should immediately be updated.</p><p><a href=\"https://www.wordfence.com/blog/2022/12/spikes-in-attacks-serve-as-a-reminder-to-update-plugins\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">https://www.</span><span class=\"ellipsis\">wordfence.com/blog/2022/12/spi</span><span class=\"invisible\">kes-in-attacks-serve-as-a-reminder-to-update-plugins</span></a></p><p>TastingTraffic LLC</p><p>Founder of <a href=\"https://tastingtraffic.net/tags/SEO\" class=\"mention hashtag\" rel=\"tag\">#<span>SEO</span></a> (Search Engine Optimization)<br />Founder of <a href=\"https://tastingtraffic.net/tags/RTB\" class=\"mention hashtag\" rel=\"tag\">#<span>RTB</span></a> (Real Time Bidding)<br />Founder of <a href=\"https://tastingtraffic.net/tags/HFT\" class=\"mention hashtag\" rel=\"tag\">#<span>HFT</span></a> (High Frequency Trading)</p><p>Disclaimer: <a href=\"https://tastingtraffic.net\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">https://</span><span class=\"\">tastingtraffic.net</span><span class=\"invisible\"></span></a> and/or <a href=\"http://JustBlameWayne.com\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">http://</span><span class=\"\">JustBlameWayne.com</span><span class=\"invisible\"></span></a> (Decentralized SOCIAL Network) and/or its owners [<a href=\"http://tastingtraffic.com\" target=\"_blank\" rel=\"nofollow noopener noreferrer\"><span class=\"invisible\">http://</span><span class=\"\">tastingtraffic.com</span><span class=\"invisible\"></span></a>] are not affiliates of this provider or referenced image used. This is NOT an endorsement OR Sponsored (Paid) Promotion/Reshare.</p>" }, "attachment": [ { "type": "Document", "mediaType": "image/png", "url": "https://tastingtraffic.net/system/media_attachments/files/109/502/505/711/263/758/original/040cedd0cc28291e.png", "name": "#INTERNATIONAL_TECH_NEWS \n\n#HEADS_UP!\n\n#WORDFENCE UPDATE: #CAVEAT WEEKENDS AND HOLIDAYS\n\nSpikes in Attacks Serve as a Reminder to Update Plugins\n\nCyber Observables\nThe following are the common observables we have logged in these exploit attempts. If any of these are observed on a website or in logs, it is an indication that one of these vulnerabilities has been exploited. The IP addresses listed are specifically from the spikes we have seen over the Thanksgiving holiday and the first weekend in December.\n\nKaswara\nTop ten IPs\n40.87.107.73\n65.109.128.42\n65.21.155.174\n65.108.251.64\n5.75.244.31\n65.109.137.44\n65.21.247.31\n49.12.184.76\n5.75.252.228\n5.75.252.229\n\nCommon Uploaded Filenames\nThere were quite a few variations of randomly named six-letter filenames, two are referenced below, but each one observed used the .zip extension.\n\na57bze8931.zip\nbala.zip\njwoqrj.zip\nkity.zip\nnkhnhf.zip\n\nAdning\nTop Ten IPs\n65.109.128.42\n65.108.251.64\n65.21.155.174\n5.75.244.31\n65.109.137.44\n65.21.247.31\n5.75.252.229\n65.109.138.122\n40.87.107.73\n49.12.184.76\n\nCommon Uploaded Filenames\nMost observed exploit attempts against the Adning plugin appeared to be nothing more than probing for the vulnerability, but in one instance the following filename was observed as a payload.\n\n\nTop Ten User-Agent Strings", "blurhash": "U79tAZs,=|t8Riofj[jt~CW?Rjae%NV@RkbI", "focalPoint": [ 0.33, 0.5 ], "width": 1102, "height": 832 }, { "type": "Document", "mediaType": "image/png", "url": "https://tastingtraffic.net/system/media_attachments/files/109/502/505/793/452/953/original/a13564fe755fb947.png", "name": "#INTERNATIONAL_TECH_NEWS \n\n#HEADS_UP!\n\n#WORDFENCE UPDATE: #CAVEAT WEEKENDS AND HOLIDAYS\n\nSpikes in Attacks Serve as a Reminder to Update Plugins\n\nCyber Observables\nThe following are the common observables we have logged in these exploit attempts. If any of these are observed on a website or in logs, it is an indication that one of these vulnerabilities has been exploited. The IP addresses listed are specifically from the spikes we have seen over the Thanksgiving holiday and the first weekend in December.\n\nKaswara\nTop ten IPs\n40.87.107.73\n65.109.128.42\n65.21.155.174\n65.108.251.64\n5.75.244.31\n65.109.137.44\n65.21.247.31\n49.12.184.76\n5.75.252.228\n5.75.252.229\n\nCommon Uploaded Filenames\nThere were quite a few variations of randomly named six-letter filenames, two are referenced below, but each one observed used the .zip extension.\n\na57bze8931.zip\nbala.zip\njwoqrj.zip\nkity.zip\nnkhnhf.zip\n\nAdning\nTop Ten IPs\n65.109.128.42\n65.108.251.64\n65.21.155.174\n5.75.244.31\n65.109.137.44\n65.21.247.31\n5.75.252.229\n65.109.138.122\n40.87.107.73\n49.12.184.76\n\nCommon Uploaded Filenames\nMost observed exploit attempts against the Adning plugin appeared to be nothing more than probing for the vulnerability, but in one instance the following filename was observed as a payload.\n\n\nTop Ten User-Agent Strings", "blurhash": "UA9*12sm=arqRjkCV@jF}qbvS$bwRnaKbcbc", "focalPoint": [ -0.13, 0.58 ], "width": 1105, "height": 839 }, { "type": "Document", "mediaType": "image/png", "url": "https://tastingtraffic.net/system/media_attachments/files/109/502/506/044/724/383/original/e8004732c656a094.png", "name": "#INTERNATIONAL_TECH_NEWS \n\n#HEADS_UP!\n\n#WORDFENCE UPDATE: #CAVEAT WEEKENDS AND HOLIDAYS\n\nSpikes in Attacks Serve as a Reminder to Update Plugins\n\nCyber Observables\nThe following are the common observables we have logged in these exploit attempts. If any of these are observed on a website or in logs, it is an indication that one of these vulnerabilities has been exploited. The IP addresses listed are specifically from the spikes we have seen over the Thanksgiving holiday and the first weekend in December.\n\nKaswara\nTop ten IPs\n40.87.107.73\n65.109.128.42\n65.21.155.174\n65.108.251.64\n5.75.244.31\n65.109.137.44\n65.21.247.31\n49.12.184.76\n5.75.252.228\n5.75.252.229\n\nCommon Uploaded Filenames\nThere were quite a few variations of randomly named six-letter filenames, two are referenced below, but each one observed used the .zip extension.\n\na57bze8931.zip\nbala.zip\njwoqrj.zip\nkity.zip\nnkhnhf.zip\n\nAdning\nTop Ten IPs\n65.109.128.42\n65.108.251.64\n65.21.155.174\n5.75.244.31\n65.109.137.44\n65.21.247.31\n5.75.252.229\n65.109.138.122\n40.87.107.73\n49.12.184.76\n\nCommon Uploaded Filenames\nMost observed exploit attempts against the Adning plugin appeared to be nothing more than probing for the vulnerability, but in one instance the following filename was observed as a payload.\n\n\nTop Ten User-Agent Strings", "blurhash": "UwM7.Rt7_3of0LofxufQ-=WBIUaySiWCRkj[", "focalPoint": [ 0.16, 0.94 ], "width": 1639, "height": 1109 } ], "tag": [ { "type": "Hashtag", "href": "https://tastingtraffic.net/tags/INTERNATIONAL_TECH_NEWS", "name": "#INTERNATIONAL_TECH_NEWS" }, { "type": "Hashtag", "href": "https://tastingtraffic.net/tags/HEADS_UP", "name": "#HEADS_UP" }, { "type": "Hashtag", "href": "https://tastingtraffic.net/tags/wordfence", "name": "#wordfence" }, { "type": "Hashtag", "href": "https://tastingtraffic.net/tags/CAVEAT", "name": "#CAVEAT" }, { "type": "Hashtag", "href": "https://tastingtraffic.net/tags/SEO", "name": "#SEO" }, { "type": "Hashtag", "href": "https://tastingtraffic.net/tags/RTB", "name": "#RTB" }, { "type": "Hashtag", "href": "https://tastingtraffic.net/tags/HFT", "name": "#HFT" } ], "replies": { "id": "https://tastingtraffic.net/users/InternationalTechNews/statuses/109506750262382343/replies", "type": "Collection", "first": { "type": "CollectionPage", "next": "https://tastingtraffic.net/users/InternationalTechNews/statuses/109506750262382343/replies?only_other_accounts=true&page=true", "partOf": "https://tastingtraffic.net/users/InternationalTechNews/statuses/109506750262382343/replies", "items": [] } } }