VOTING POWER0.00%
DOWNVOTE POWER0.00%
RESOURCE CREDITS100.00%
REPUTATION PROGRESS59.79%
Net Worth
0.017USD
STEEM
0.294STEEM
SBD
0.000SBD
Own SP
0.000SP
Detailed Balance
| STEEM | ||
| balance | 0.000STEEM | STEEM |
| market_balance | 0.000STEEM | STEEM |
| savings_balance | 0.000STEEM | STEEM |
| reward_steem_balance | 0.294STEEM | STEEM |
| STEEM POWER | ||
| Own SP | 0.000SP | SP |
| Delegated Out | 0.000SP | SP |
| Delegation In | 0.000SP | SP |
| Effective Power | 0.000SP | SP |
| Reward SP (pending) | 0.295SP | SP |
| SBD | ||
| sbd_balance | 0.000SBD | SBD |
| sbd_conversions | 0.000SBD | SBD |
| sbd_market_balance | 0.000SBD | SBD |
| savings_sbd_balance | 0.000SBD | SBD |
| reward_sbd_balance | 0.000SBD | SBD |
{
"balance": "0.000 STEEM",
"savings_balance": "0.000 STEEM",
"reward_steem_balance": "0.294 STEEM",
"vesting_shares": "0.000000 VESTS",
"delegated_vesting_shares": "0.000000 VESTS",
"received_vesting_shares": "0.000000 VESTS",
"sbd_balance": "0.000 SBD",
"savings_sbd_balance": "0.000 SBD",
"reward_sbd_balance": "0.000 SBD",
"conversions": []
}Account Info
| name | lufyta |
| id | 1941218 |
| rank | 1,701,213 |
| reputation | 25105609180 |
| created | 2025-09-24T16:06:51 |
| recovery_account | justyy |
| proxy | justyy |
| post_count | 5 |
| comment_count | 0 |
| lifetime_vote_count | 0 |
| witnesses_voted_for | 0 |
| last_post | 2025-12-18T13:13:03 |
| last_root_post | 2025-12-18T13:13:03 |
| last_vote_time | 2026-01-02T19:12:45 |
| proxied_vsf_votes | 0, 0, 0, 0 |
| can_vote | 1 |
| voting_power | 0 |
| delayed_votes | 0 |
| balance | 0.000 STEEM |
| savings_balance | 0.000 STEEM |
| sbd_balance | 0.000 SBD |
| savings_sbd_balance | 0.000 SBD |
| vesting_shares | 0.000000 VESTS |
| delegated_vesting_shares | 0.000000 VESTS |
| received_vesting_shares | 0.000000 VESTS |
| reward_vesting_balance | 488.373455 VESTS |
| vesting_balance | 0.000 STEEM |
| vesting_withdraw_rate | 0.000000 VESTS |
| next_vesting_withdrawal | 1969-12-31T23:59:59 |
| withdrawn | 0 |
| to_withdraw | 0 |
| withdraw_routes | 0 |
| savings_withdraw_requests | 0 |
| last_account_recovery | 1970-01-01T00:00:00 |
| reset_account | null |
| last_owner_update | 2025-09-24T16:14:18 |
| last_account_update | 2025-09-24T16:14:18 |
| mined | No |
| sbd_seconds | 0 |
| sbd_last_interest_payment | 1970-01-01T00:00:00 |
| savings_sbd_last_interest_payment | 1970-01-01T00:00:00 |
{
"active": {
"account_auths": [],
"key_auths": [
[
"STM5QsPeaBa3ThjWKsn3nXgzakcYEjAryYL6Q4uWPGUjL4xZKyjjc",
1
]
],
"weight_threshold": 1
},
"balance": "0.000 STEEM",
"can_vote": true,
"comment_count": 0,
"created": "2025-09-24T16:06:51",
"curation_rewards": 0,
"delegated_vesting_shares": "0.000000 VESTS",
"downvote_manabar": {
"current_mana": 0,
"last_update_time": 1767381165
},
"guest_bloggers": [],
"id": 1941218,
"json_metadata": "",
"last_account_recovery": "1970-01-01T00:00:00",
"last_account_update": "2025-09-24T16:14:18",
"last_owner_update": "2025-09-24T16:14:18",
"last_post": "2025-12-18T13:13:03",
"last_root_post": "2025-12-18T13:13:03",
"last_vote_time": "2026-01-02T19:12:45",
"lifetime_vote_count": 0,
"market_history": [],
"memo_key": "STM8SBQSgQmVT6pNyzRQcitCn87hZTB3AEvY3JBVnc9pCn2jzTBQP",
"mined": false,
"name": "lufyta",
"next_vesting_withdrawal": "1969-12-31T23:59:59",
"other_history": [],
"owner": {
"account_auths": [],
"key_auths": [
[
"STM6W8TMZFN9L7WtBdHh4i2HKrSu7vFd1Wy5XRSZpARfNf4fwA9Xv",
1
]
],
"weight_threshold": 1
},
"pending_claimed_accounts": 0,
"post_bandwidth": 0,
"post_count": 5,
"post_history": [],
"posting": {
"account_auths": [],
"key_auths": [
[
"STM5WBMeb2YBy6uqgrnYYAeuqSZLnRx3UbSxx8N6W3oCKn7z8mU2v",
1
]
],
"weight_threshold": 1
},
"posting_json_metadata": "",
"posting_rewards": 589,
"proxied_vsf_votes": [
0,
0,
0,
0
],
"proxy": "justyy",
"received_vesting_shares": "0.000000 VESTS",
"recovery_account": "justyy",
"reputation": "25105609180",
"reset_account": "null",
"reward_sbd_balance": "0.000 SBD",
"reward_steem_balance": "0.294 STEEM",
"reward_vesting_balance": "488.373455 VESTS",
"reward_vesting_steem": "0.295 STEEM",
"savings_balance": "0.000 STEEM",
"savings_sbd_balance": "0.000 SBD",
"savings_sbd_last_interest_payment": "1970-01-01T00:00:00",
"savings_sbd_seconds": "0",
"savings_sbd_seconds_last_update": "1970-01-01T00:00:00",
"savings_withdraw_requests": 0,
"sbd_balance": "0.000 SBD",
"sbd_last_interest_payment": "1970-01-01T00:00:00",
"sbd_seconds": "0",
"sbd_seconds_last_update": "1970-01-01T00:00:00",
"tags_usage": [],
"to_withdraw": 0,
"transfer_history": [],
"vesting_balance": "0.000 STEEM",
"vesting_shares": "0.000000 VESTS",
"vesting_withdraw_rate": "0.000000 VESTS",
"vote_history": [],
"voting_manabar": {
"current_mana": 0,
"last_update_time": 1767381165
},
"voting_power": 0,
"withdraw_routes": 0,
"withdrawn": 0,
"witness_votes": [],
"witnesses_voted_for": 0,
"rank": 1701213
}Withdraw Routes
| Incoming | Outgoing |
|---|---|
Empty | Empty |
{
"incoming": [],
"outgoing": []
}From Date
To Date
lufytaupvoted (100.00%) @nerythh / just-relaxing-in-my-own-anime-world2026/01/02 19:12:45
lufytaupvoted (100.00%) @nerythh / just-relaxing-in-my-own-anime-world
2026/01/02 19:12:45
| author | nerythh |
| permlink | just-relaxing-in-my-own-anime-world |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102262181/Trx bf1eed8e8fd8e065febeb08eb010033d694e48d4 |
View Raw JSON Data
{
"block": 102262181,
"op": [
"vote",
{
"author": "nerythh",
"permlink": "just-relaxing-in-my-own-anime-world",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-02T19:12:45",
"trx_id": "bf1eed8e8fd8e065febeb08eb010033d694e48d4",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @nerythh / can-t-sleep-mind-racing2026/01/01 21:16:36
lufytaupvoted (100.00%) @nerythh / can-t-sleep-mind-racing
2026/01/01 21:16:36
| author | nerythh |
| permlink | can-t-sleep-mind-racing |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235903/Trx 9800ab93e6e194d315f20bc2b0cf616f0820b8ef |
View Raw JSON Data
{
"block": 102235903,
"op": [
"vote",
{
"author": "nerythh",
"permlink": "can-t-sleep-mind-racing",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:16:36",
"trx_id": "9800ab93e6e194d315f20bc2b0cf616f0820b8ef",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @akdx / the-doctrine-of-karma-does-it-serve-its-purpose2026/01/01 21:14:33
lufytaupvoted (100.00%) @akdx / the-doctrine-of-karma-does-it-serve-its-purpose
2026/01/01 21:14:33
| author | akdx |
| permlink | the-doctrine-of-karma-does-it-serve-its-purpose |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235862/Trx 2c1d56dc371557e1bb5a1d9a39d296d15ceb5860 |
View Raw JSON Data
{
"block": 102235862,
"op": [
"vote",
{
"author": "akdx",
"permlink": "the-doctrine-of-karma-does-it-serve-its-purpose",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:14:33",
"trx_id": "2c1d56dc371557e1bb5a1d9a39d296d15ceb5860",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @mythsmaybe / twilight-s-embrace-over-the-city-lights2026/01/01 21:13:57
lufytaupvoted (100.00%) @mythsmaybe / twilight-s-embrace-over-the-city-lights
2026/01/01 21:13:57
| author | mythsmaybe |
| permlink | twilight-s-embrace-over-the-city-lights |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235850/Trx a28f6cbf6de46519fc5d4160c8a5803b9b7de9cb |
View Raw JSON Data
{
"block": 102235850,
"op": [
"vote",
{
"author": "mythsmaybe",
"permlink": "twilight-s-embrace-over-the-city-lights",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:13:57",
"trx_id": "a28f6cbf6de46519fc5d4160c8a5803b9b7de9cb",
"trx_in_block": 0,
"virtual_op": 0
}lufytafollowed @mythsmaybe2026/01/01 21:13:51
lufytafollowed @mythsmaybe
2026/01/01 21:13:51
| id | follow |
| json | ["follow",{"follower":"lufyta","following":"mythsmaybe","what":["blog",""]}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #102235848/Trx f59a00d244736fe742f9a30596d5d35163c21e35 |
View Raw JSON Data
{
"block": 102235848,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"lufyta\",\"following\":\"mythsmaybe\",\"what\":[\"blog\",\"\"]}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:13:51",
"trx_id": "f59a00d244736fe742f9a30596d5d35163c21e35",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @mythsmaybe / speeding-through-the-night-capturing-time-in-motion2026/01/01 21:13:45
lufytaupvoted (100.00%) @mythsmaybe / speeding-through-the-night-capturing-time-in-motion
2026/01/01 21:13:45
| author | mythsmaybe |
| permlink | speeding-through-the-night-capturing-time-in-motion |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235846/Trx fcd7b40b30f2ebe681c0eeaf8bf6865dfb201e02 |
View Raw JSON Data
{
"block": 102235846,
"op": [
"vote",
{
"author": "mythsmaybe",
"permlink": "speeding-through-the-night-capturing-time-in-motion",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:13:45",
"trx_id": "fcd7b40b30f2ebe681c0eeaf8bf6865dfb201e02",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @truspex / phone-call-anxiety-hits-harder-than-anything-else2026/01/01 21:13:24
lufytaupvoted (100.00%) @truspex / phone-call-anxiety-hits-harder-than-anything-else
2026/01/01 21:13:24
| author | truspex |
| permlink | phone-call-anxiety-hits-harder-than-anything-else |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235839/Trx 8cfd413e4863310ff481e2f74783468cbd399824 |
View Raw JSON Data
{
"block": 102235839,
"op": [
"vote",
{
"author": "truspex",
"permlink": "phone-call-anxiety-hits-harder-than-anything-else",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:13:24",
"trx_id": "8cfd413e4863310ff481e2f74783468cbd399824",
"trx_in_block": 2,
"virtual_op": 0
}lufytaupvoted (100.00%) @authlyn / lost-in-the-quiet-misty-woods2026/01/01 21:13:09
lufytaupvoted (100.00%) @authlyn / lost-in-the-quiet-misty-woods
2026/01/01 21:13:09
| author | authlyn |
| permlink | lost-in-the-quiet-misty-woods |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235834/Trx 21624d2bd12851c1529cd92d938f5c5f0bb31db7 |
View Raw JSON Data
{
"block": 102235834,
"op": [
"vote",
{
"author": "authlyn",
"permlink": "lost-in-the-quiet-misty-woods",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:13:09",
"trx_id": "21624d2bd12851c1529cd92d938f5c5f0bb31db7",
"trx_in_block": 4,
"virtual_op": 0
}lufytaupvoted (100.00%) @iseewhy / just-vibing-in-the-future-city2026/01/01 21:12:54
lufytaupvoted (100.00%) @iseewhy / just-vibing-in-the-future-city
2026/01/01 21:12:54
| author | iseewhy |
| permlink | just-vibing-in-the-future-city |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235829/Trx f1742acb2e157c9ab1d5c71a340402ccf6992da1 |
View Raw JSON Data
{
"block": 102235829,
"op": [
"vote",
{
"author": "iseewhy",
"permlink": "just-vibing-in-the-future-city",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:12:54",
"trx_id": "f1742acb2e157c9ab1d5c71a340402ccf6992da1",
"trx_in_block": 3,
"virtual_op": 0
}lufytaupvoted (100.00%) @ibpsrrb / new-year-same-awesome-me2026/01/01 21:12:45
lufytaupvoted (100.00%) @ibpsrrb / new-year-same-awesome-me
2026/01/01 21:12:45
| author | ibpsrrb |
| permlink | new-year-same-awesome-me |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102235826/Trx 9822d464eb83a25b0f56fa94dfa4124f8feaa3c0 |
View Raw JSON Data
{
"block": 102235826,
"op": [
"vote",
{
"author": "ibpsrrb",
"permlink": "new-year-same-awesome-me",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:12:45",
"trx_id": "9822d464eb83a25b0f56fa94dfa4124f8feaa3c0",
"trx_in_block": 0,
"virtual_op": 0
}2026/01/01 21:12:18
2026/01/01 21:12:18
| id | follow |
| json | ["follow",{"follower":"lufyta","following":"nerythh","what":["blog",""]}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #102235817/Trx 559a7e53317842a2419f92ce9e6f3e01c3b1d677 |
View Raw JSON Data
{
"block": 102235817,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"lufyta\",\"following\":\"nerythh\",\"what\":[\"blog\",\"\"]}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2026-01-01T21:12:18",
"trx_id": "559a7e53317842a2419f92ce9e6f3e01c3b1d677",
"trx_in_block": 0,
"virtual_op": 0
}lufytafollowed @chillwaslost2025/12/25 08:40:24
lufytafollowed @chillwaslost
2025/12/25 08:40:24
| id | follow |
| json | ["follow",{"follower":"lufyta","following":"chillwaslost","what":["blog",""]}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #102019624/Trx bf1473e6e781ab6b32b9c4f7973d69824b3b858c |
View Raw JSON Data
{
"block": 102019624,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"lufyta\",\"following\":\"chillwaslost\",\"what\":[\"blog\",\"\"]}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-25T08:40:24",
"trx_id": "bf1473e6e781ab6b32b9c4f7973d69824b3b858c",
"trx_in_block": 2,
"virtual_op": 0
}lufytafollowed @chillwaslost2025/12/25 08:39:57
lufytafollowed @chillwaslost
2025/12/25 08:39:57
| id | follow |
| json | ["follow",{"follower":"lufyta","following":"chillwaslost","what":["blog",""]}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #102019615/Trx 9f50c17af773de8ce1843513280a523f484c0d76 |
View Raw JSON Data
{
"block": 102019615,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"lufyta\",\"following\":\"chillwaslost\",\"what\":[\"blog\",\"\"]}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-25T08:39:57",
"trx_id": "9f50c17af773de8ce1843513280a523f484c0d76",
"trx_in_block": 0,
"virtual_op": 0
}2025/12/25 08:38:51
2025/12/25 08:38:51
| author | chillwaslost |
| permlink | vibes-on-world-off-every-song-tells-a-story-where-words-fail-music-speaks |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102019593/Trx 7251858f637b3ff8add827e7b9cbcb68d97f159e |
View Raw JSON Data
{
"block": 102019593,
"op": [
"vote",
{
"author": "chillwaslost",
"permlink": "vibes-on-world-off-every-song-tells-a-story-where-words-fail-music-speaks",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-25T08:38:51",
"trx_id": "7251858f637b3ff8add827e7b9cbcb68d97f159e",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @seenat11pm / 5kabwx2025/12/25 08:38:39
lufytaupvoted (100.00%) @seenat11pm / 5kabwx
2025/12/25 08:38:39
| author | seenat11pm |
| permlink | 5kabwx |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102019589/Trx 6b79a3c44537d0c16b0cd65d79aaaedeebb13421 |
View Raw JSON Data
{
"block": 102019589,
"op": [
"vote",
{
"author": "seenat11pm",
"permlink": "5kabwx",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-25T08:38:39",
"trx_id": "6b79a3c44537d0c16b0cd65d79aaaedeebb13421",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @seenat11pm / 5zhce22025/12/25 08:38:36
lufytaupvoted (100.00%) @seenat11pm / 5zhce2
2025/12/25 08:38:36
| author | seenat11pm |
| permlink | 5zhce2 |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #102019588/Trx 3cbc42378f583a26dcbf04dfd3e71fc1ccc26e2e |
View Raw JSON Data
{
"block": 102019588,
"op": [
"vote",
{
"author": "seenat11pm",
"permlink": "5zhce2",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-25T08:38:36",
"trx_id": "3cbc42378f583a26dcbf04dfd3e71fc1ccc26e2e",
"trx_in_block": 0,
"virtual_op": 0
}lufytafollowed @seenat11pm2025/12/25 08:38:12
lufytafollowed @seenat11pm
2025/12/25 08:38:12
| id | follow |
| json | ["follow",{"follower":"lufyta","following":"seenat11pm","what":["blog",""]}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #102019580/Trx a0619bd643f4ea9d55f406119592302662221416 |
View Raw JSON Data
{
"block": 102019580,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"lufyta\",\"following\":\"seenat11pm\",\"what\":[\"blog\",\"\"]}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-25T08:38:12",
"trx_id": "a0619bd643f4ea9d55f406119592302662221416",
"trx_in_block": 1,
"virtual_op": 0
}lufytadeleted a comment or post2025/12/20 20:20:27
lufytadeleted a comment or post
2025/12/20 20:20:27
| author | lufyta |
| permlink | zushdhdh |
| Transaction Info | Block #101890225/Trx 68817593e39b15ee5bdda0c2e537e3d3042ae215 |
View Raw JSON Data
{
"block": 101890225,
"op": [
"delete_comment",
{
"author": "lufyta",
"permlink": "zushdhdh"
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T20:20:27",
"trx_id": "68817593e39b15ee5bdda0c2e537e3d3042ae215",
"trx_in_block": 2,
"virtual_op": 0
}2025/12/20 20:19:18
2025/12/20 20:19:18
| author | nerythh |
| permlink | 32rqqd |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101890202/Trx fd75572bdd3dfd00b43a5dd302bafeab85a4dccd |
View Raw JSON Data
{
"block": 101890202,
"op": [
"vote",
{
"author": "nerythh",
"permlink": "32rqqd",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T20:19:18",
"trx_id": "fd75572bdd3dfd00b43a5dd302bafeab85a4dccd",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @psynonelan / agphu2025/12/20 20:19:06
lufytaupvoted (100.00%) @psynonelan / agphu
2025/12/20 20:19:06
| author | psynonelan |
| permlink | agphu |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101890198/Trx 50573b1252460ba41f563edb05b2da380a44fe81 |
View Raw JSON Data
{
"block": 101890198,
"op": [
"vote",
{
"author": "psynonelan",
"permlink": "agphu",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T20:19:06",
"trx_id": "50573b1252460ba41f563edb05b2da380a44fe81",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @chillwaslost / 3hsdfx2025/12/20 20:19:03
lufytaupvoted (100.00%) @chillwaslost / 3hsdfx
2025/12/20 20:19:03
| author | chillwaslost |
| permlink | 3hsdfx |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101890197/Trx d1adc6819307766863c27f61e0ba73221f8e703a |
View Raw JSON Data
{
"block": 101890197,
"op": [
"vote",
{
"author": "chillwaslost",
"permlink": "3hsdfx",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T20:19:03",
"trx_id": "d1adc6819307766863c27f61e0ba73221f8e703a",
"trx_in_block": 0,
"virtual_op": 0
}2025/12/20 13:22:06
2025/12/20 13:22:06
| id | follow |
| json | ["follow",{"follower":"lufyta","following":"lawnline","what":["blog",""]}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #101881882/Trx d7b0bcef080edc083f68e4da2c46d858dd1e369b |
View Raw JSON Data
{
"block": 101881882,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"lufyta\",\"following\":\"lawnline\",\"what\":[\"blog\",\"\"]}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:22:06",
"trx_id": "d7b0bcef080edc083f68e4da2c46d858dd1e369b",
"trx_in_block": 4,
"virtual_op": 0
}lufytaupvoted (100.00%) @lawnline / is-my-neighbor-hungry-or-just-plain-weird2025/12/20 13:21:54
lufytaupvoted (100.00%) @lawnline / is-my-neighbor-hungry-or-just-plain-weird
2025/12/20 13:21:54
| author | lawnline |
| permlink | is-my-neighbor-hungry-or-just-plain-weird |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101881878/Trx 677450e6d8a5132f61b10859adfa9b00c5b7cb32 |
View Raw JSON Data
{
"block": 101881878,
"op": [
"vote",
{
"author": "lawnline",
"permlink": "is-my-neighbor-hungry-or-just-plain-weird",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:21:54",
"trx_id": "677450e6d8a5132f61b10859adfa9b00c5b7cb32",
"trx_in_block": 5,
"virtual_op": 0
}lufytaupvoted (100.00%) @lawnline / feeling-a-little-shy-today-you2025/12/20 13:21:54
lufytaupvoted (100.00%) @lawnline / feeling-a-little-shy-today-you
2025/12/20 13:21:54
| author | lawnline |
| permlink | feeling-a-little-shy-today-you |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101881878/Trx 2c943fc8e96edef693966322296bdfab4bc162cc |
View Raw JSON Data
{
"block": 101881878,
"op": [
"vote",
{
"author": "lawnline",
"permlink": "feeling-a-little-shy-today-you",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:21:54",
"trx_id": "2c943fc8e96edef693966322296bdfab4bc162cc",
"trx_in_block": 1,
"virtual_op": 0
}lufytacustom json: follow2025/12/20 13:21:24
lufytacustom json: follow
2025/12/20 13:21:24
| id | follow |
| json | ["reblog",{"account":"lufyta","author":"steemit","permlink":"firstpost"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #101881868/Trx 5777e99f0ab4b348c08d76cd2f128630cdb3e56b |
View Raw JSON Data
{
"block": 101881868,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"reblog\",{\"account\":\"lufyta\",\"author\":\"steemit\",\"permlink\":\"firstpost\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:21:24",
"trx_id": "5777e99f0ab4b348c08d76cd2f128630cdb3e56b",
"trx_in_block": 5,
"virtual_op": 0
}lufytacustom json: follow2025/12/20 13:19:30
lufytacustom json: follow
2025/12/20 13:19:30
| id | follow |
| json | ["reblog",{"account":"lufyta","author":"abduhawab","permlink":"carpenter-bee-on-wild-flower"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #101881830/Trx 363ebd917e1919b964f81038b137b25fc5e2bae9 |
View Raw JSON Data
{
"block": 101881830,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"reblog\",{\"account\":\"lufyta\",\"author\":\"abduhawab\",\"permlink\":\"carpenter-bee-on-wild-flower\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:19:30",
"trx_id": "363ebd917e1919b964f81038b137b25fc5e2bae9",
"trx_in_block": 0,
"virtual_op": 0
}lufytacustom json: follow2025/12/20 13:18:27
lufytacustom json: follow
2025/12/20 13:18:27
| id | follow |
| json | ["reblog",{"account":"lufyta","author":"dodoim","permlink":"nocpr"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #101881809/Trx 7af8a39d6324a2552ff3c7a269a9f47c05c11c59 |
View Raw JSON Data
{
"block": 101881809,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"reblog\",{\"account\":\"lufyta\",\"author\":\"dodoim\",\"permlink\":\"nocpr\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:18:27",
"trx_id": "7af8a39d6324a2552ff3c7a269a9f47c05c11c59",
"trx_in_block": 2,
"virtual_op": 0
}lufytacustom json: follow2025/12/20 13:18:21
lufytacustom json: follow
2025/12/20 13:18:21
| id | follow |
| json | ["reblog",{"account":"lufyta","author":"dodoim","permlink":"nocpr"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #101881807/Trx 292b06c5d33e3b6a3078cfff919aaa78f3fcf076 |
View Raw JSON Data
{
"block": 101881807,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"reblog\",{\"account\":\"lufyta\",\"author\":\"dodoim\",\"permlink\":\"nocpr\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:18:21",
"trx_id": "292b06c5d33e3b6a3078cfff919aaa78f3fcf076",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @ibpsrrb / winter-vibes-and-chill-times-snow-day-cutie-in-a-green-coat2025/12/20 13:15:36
lufytaupvoted (100.00%) @ibpsrrb / winter-vibes-and-chill-times-snow-day-cutie-in-a-green-coat
2025/12/20 13:15:36
| author | ibpsrrb |
| permlink | winter-vibes-and-chill-times-snow-day-cutie-in-a-green-coat |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101881752/Trx 86d3f0efc1126e0422736df13b8ed56d837fd59a |
View Raw JSON Data
{
"block": 101881752,
"op": [
"vote",
{
"author": "ibpsrrb",
"permlink": "winter-vibes-and-chill-times-snow-day-cutie-in-a-green-coat",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:15:36",
"trx_id": "86d3f0efc1126e0422736df13b8ed56d837fd59a",
"trx_in_block": 0,
"virtual_op": 0
}2025/12/20 13:15:06
2025/12/20 13:15:06
| author | brokebutrying |
| permlink | spooky-season-means-mild-curses-and-no-take-backsies-on-the-face-paint |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101881742/Trx a0f58b4a0b7504520778ff3d5d23e9d4adeb7a7e |
View Raw JSON Data
{
"block": 101881742,
"op": [
"vote",
{
"author": "brokebutrying",
"permlink": "spooky-season-means-mild-curses-and-no-take-backsies-on-the-face-paint",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-20T13:15:06",
"trx_id": "a0f58b4a0b7504520778ff3d5d23e9d4adeb7a7e",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @ventraa / main-character-energy-in-the-field-quiet-power-amidst-the-harvest2025/12/18 17:05:00
lufytaupvoted (100.00%) @ventraa / main-character-energy-in-the-field-quiet-power-amidst-the-harvest
2025/12/18 17:05:00
| author | ventraa |
| permlink | main-character-energy-in-the-field-quiet-power-amidst-the-harvest |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101828886/Trx d8ae2640a23dcf4a00c22ffae6976aa42667f84d |
View Raw JSON Data
{
"block": 101828886,
"op": [
"vote",
{
"author": "ventraa",
"permlink": "main-character-energy-in-the-field-quiet-power-amidst-the-harvest",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-18T17:05:00",
"trx_id": "d8ae2640a23dcf4a00c22ffae6976aa42667f84d",
"trx_in_block": 3,
"virtual_op": 0
}lufytaupvoted (100.00%) @authlyn / lost-in-the-view-main-character-energy-peace-is-an-inside-job2025/12/18 17:04:42
lufytaupvoted (100.00%) @authlyn / lost-in-the-view-main-character-energy-peace-is-an-inside-job
2025/12/18 17:04:42
| author | authlyn |
| permlink | lost-in-the-view-main-character-energy-peace-is-an-inside-job |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101828880/Trx 1f18d4b85a40c8154a6804bf1c090f91b35bc6dd |
View Raw JSON Data
{
"block": 101828880,
"op": [
"vote",
{
"author": "authlyn",
"permlink": "lost-in-the-view-main-character-energy-peace-is-an-inside-job",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-18T17:04:42",
"trx_id": "1f18d4b85a40c8154a6804bf1c090f91b35bc6dd",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @brokebutrying / brain-drain-moment-literally2025/12/18 13:43:06
lufytaupvoted (100.00%) @brokebutrying / brain-drain-moment-literally
2025/12/18 13:43:06
| author | brokebutrying |
| permlink | brain-drain-moment-literally |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101824861/Trx 8fb264f9e9c79a0546de03a2d865ab186e914326 |
View Raw JSON Data
{
"block": 101824861,
"op": [
"vote",
{
"author": "brokebutrying",
"permlink": "brain-drain-moment-literally",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-18T13:43:06",
"trx_id": "8fb264f9e9c79a0546de03a2d865ab186e914326",
"trx_in_block": 4,
"virtual_op": 0
}2025/12/18 13:13:03
2025/12/18 13:13:03
| author | lufyta |
| body | dhhxhdhdbdbdbsb |
| json metadata | {"app":"steemit/0.2","format":"markdown"} |
| parent author | |
| parent permlink | hive-183369 |
| permlink | zushdhdh |
| title | zushdhdh |
| Transaction Info | Block #101824260/Trx dc90e2443c2fd9afa5e0da5f99fa74b5e3d54078 |
View Raw JSON Data
{
"block": 101824260,
"op": [
"comment",
{
"author": "lufyta",
"body": "dhhxhdhdbdbdbsb",
"json_metadata": "{\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "hive-183369",
"permlink": "zushdhdh",
"title": "zushdhdh"
}
],
"op_in_trx": 0,
"timestamp": "2025-12-18T13:13:03",
"trx_id": "dc90e2443c2fd9afa5e0da5f99fa74b5e3d54078",
"trx_in_block": 4,
"virtual_op": 0
}lufytaupvoted (100.00%) @bccme / lost-in-the-glow-aesthetic-vibes-only-heading-somewhere-new2025/12/18 13:10:45
lufytaupvoted (100.00%) @bccme / lost-in-the-glow-aesthetic-vibes-only-heading-somewhere-new
2025/12/18 13:10:45
| author | bccme |
| permlink | lost-in-the-glow-aesthetic-vibes-only-heading-somewhere-new |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101824214/Trx 004505d0ad7c29a667a43d6ac40e2f22cf878110 |
View Raw JSON Data
{
"block": 101824214,
"op": [
"vote",
{
"author": "bccme",
"permlink": "lost-in-the-glow-aesthetic-vibes-only-heading-somewhere-new",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-18T13:10:45",
"trx_id": "004505d0ad7c29a667a43d6ac40e2f22cf878110",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @convoover / how-i-m-doing-vs-the-advice-i-give2025/12/18 13:10:03
lufytaupvoted (100.00%) @convoover / how-i-m-doing-vs-the-advice-i-give
2025/12/18 13:10:03
| author | convoover |
| permlink | how-i-m-doing-vs-the-advice-i-give |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #101824200/Trx 41018d15685ba752ad2fcaf28bf62b97054dd989 |
View Raw JSON Data
{
"block": 101824200,
"op": [
"vote",
{
"author": "convoover",
"permlink": "how-i-m-doing-vs-the-advice-i-give",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-12-18T13:10:03",
"trx_id": "41018d15685ba752ad2fcaf28bf62b97054dd989",
"trx_in_block": 8,
"virtual_op": 0
}lufytacustom json: follow2025/12/17 04:36:18
lufytacustom json: follow
2025/12/17 04:36:18
| id | follow |
| json | ["reblog",{"account":"lufyta","author":"happycapital","permlink":"take-a-look-at-deribit-s-oi-open-interest-table"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #101785206/Trx 54ec8c424d0a86b0d76789089badb99d6a34812c |
View Raw JSON Data
{
"block": 101785206,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"reblog\",{\"account\":\"lufyta\",\"author\":\"happycapital\",\"permlink\":\"take-a-look-at-deribit-s-oi-open-interest-table\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-12-17T04:36:18",
"trx_id": "54ec8c424d0a86b0d76789089badb99d6a34812c",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @absentgod / neet-life-finally-i-m-feeling-good2025/11/13 14:40:48
lufytaupvoted (100.00%) @absentgod / neet-life-finally-i-m-feeling-good
2025/11/13 14:40:48
| author | absentgod |
| permlink | neet-life-finally-i-m-feeling-good |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #100820304/Trx 8df04c54153872858b65ee6873782134a311d7a0 |
View Raw JSON Data
{
"block": 100820304,
"op": [
"vote",
{
"author": "absentgod",
"permlink": "neet-life-finally-i-m-feeling-good",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-11-13T14:40:48",
"trx_id": "8df04c54153872858b65ee6873782134a311d7a0",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @lufyta / the-art-of-phishing-old-trick-new-bait2025/11/07 13:42:39
lufytaupvoted (100.00%) @lufyta / the-art-of-phishing-old-trick-new-bait
2025/11/07 13:42:39
| author | lufyta |
| permlink | the-art-of-phishing-old-trick-new-bait |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #100646692/Trx d96ecb16f556df1c0c5fbec85b0afc8d18c35c14 |
View Raw JSON Data
{
"block": 100646692,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "the-art-of-phishing-old-trick-new-bait",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-11-07T13:42:39",
"trx_id": "d96ecb16f556df1c0c5fbec85b0afc8d18c35c14",
"trx_in_block": 0,
"virtual_op": 0
}lufytacustom json: notify2025/11/06 11:47:30
lufytacustom json: notify
2025/11/06 11:47:30
| id | notify |
| json | ["setLastRead",{"date":"2025-11-06T11:47:28"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #100615653/Trx c27f42f2eb36f20075c9cca26882061ecd3ce288 |
View Raw JSON Data
{
"block": 100615653,
"op": [
"custom_json",
{
"id": "notify",
"json": "[\"setLastRead\",{\"date\":\"2025-11-06T11:47:28\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-11-06T11:47:30",
"trx_id": "c27f42f2eb36f20075c9cca26882061ecd3ce288",
"trx_in_block": 0,
"virtual_op": 0
}lufytafollowed @issambashir2025/11/06 11:46:48
lufytafollowed @issambashir
2025/11/06 11:46:48
| id | follow |
| json | ["follow",{"follower":"lufyta","following":"issambashir","what":["blog",""]}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #100615639/Trx a5d5b6be5f7cdd0416b40b3883cbdde0f6497e89 |
View Raw JSON Data
{
"block": 100615639,
"op": [
"custom_json",
{
"id": "follow",
"json": "[\"follow\",{\"follower\":\"lufyta\",\"following\":\"issambashir\",\"what\":[\"blog\",\"\"]}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-11-06T11:46:48",
"trx_id": "a5d5b6be5f7cdd0416b40b3883cbdde0f6497e89",
"trx_in_block": 0,
"virtual_op": 0
}lufytapublished a new post: the-art-of-phishing-old-trick-new-bait2025/11/06 11:45:39
lufytapublished a new post: the-art-of-phishing-old-trick-new-bait
2025/11/06 11:45:39
| author | lufyta |
| body | <html> <p>Phishing isn’t new. It’s the oldest con in the digital book—hackers pretending to be someone you trust just to make you click, type, or panic. What’s wild is that it still works, even in 2025, when we have AI filters, browser warnings, and more training sessions than Netflix episodes.<br/><br/>## Why Phishing Still Works<br/><br/>Because it’s not about tech. It’s about people. <br/>Phishers don’t hack machines—they hack emotions. Fear, curiosity, greed, urgency. You get an email saying your account’s locked, and your brain hits panic mode before your logic even boots up.<br/><br/>## Common Phishing Tricks<br/><br/>1. **Email Phishing** – Fake emails from “banks,” “colleagues,” or “delivery services.” <br/>2. **Spear Phishing** – Personalized scams crafted just for you. <br/>3. **Vishing** – Voice phishing through phone calls pretending to be customer support. <br/>4. **Smishing** – Text messages with links that look too tempting. <br/>5. **Clone Phishing** – Real emails copied and slightly edited to insert malicious links.<br/><br/>Each version has one goal: get your data before you realize what happened.<br/><br/>## How to Spot the Hook<br/><br/>- Always check the sender’s email. “[email protected]” isn’t “[email protected].” <br/>- Hover over links before clicking. If it looks strange, it probably is. <br/>- Bad grammar, weird urgency, or requests for personal info? Classic red flags. <br/>- If something feels off, it probably is.<br/><br/>## Protecting Yourself<br/><br/>- Use **multi-factor authentication** wherever possible. <br/>- Don’t reuse passwords. A password manager can save you from yourself. <br/>- Keep software and browsers updated. <br/>- Report suspicious emails instead of deleting them—every report helps.<br/><br/>## The Final Thought<br/><br/>Phishing isn’t going away because human behavior isn’t changing. It’s cheaper for attackers to trick you than to hack you. The best cybersecurity tool is still a second of doubt before you click.<br/><br/></p> </html> |
| json metadata | {"tags":["phishing","cybersecurity","onlinesafety","socialengineering","awareness"],"app":"steemit/0.2","format":"html"} |
| parent author | |
| parent permlink | phishing |
| permlink | the-art-of-phishing-old-trick-new-bait |
| title | The Art of Phishing: Old Trick, New Bait |
| Transaction Info | Block #100615616/Trx 46705baf1462595778be5212a171009e5048894e |
View Raw JSON Data
{
"block": 100615616,
"op": [
"comment",
{
"author": "lufyta",
"body": "<html>\n<p>Phishing isn’t new. It’s the oldest con in the digital book—hackers pretending to be someone you trust just to make you click, type, or panic. What’s wild is that it still works, even in 2025, when we have AI filters, browser warnings, and more training sessions than Netflix episodes.<br/><br/>## Why Phishing Still Works<br/><br/>Because it’s not about tech. It’s about people. <br/>Phishers don’t hack machines—they hack emotions. Fear, curiosity, greed, urgency. You get an email saying your account’s locked, and your brain hits panic mode before your logic even boots up.<br/><br/>## Common Phishing Tricks<br/><br/>1. **Email Phishing** – Fake emails from “banks,” “colleagues,” or “delivery services.” <br/>2. **Spear Phishing** – Personalized scams crafted just for you. <br/>3. **Vishing** – Voice phishing through phone calls pretending to be customer support. <br/>4. **Smishing** – Text messages with links that look too tempting. <br/>5. **Clone Phishing** – Real emails copied and slightly edited to insert malicious links.<br/><br/>Each version has one goal: get your data before you realize what happened.<br/><br/>## How to Spot the Hook<br/><br/>- Always check the sender’s email. “[email protected]” isn’t “[email protected].” <br/>- Hover over links before clicking. If it looks strange, it probably is. <br/>- Bad grammar, weird urgency, or requests for personal info? Classic red flags. <br/>- If something feels off, it probably is.<br/><br/>## Protecting Yourself<br/><br/>- Use **multi-factor authentication** wherever possible. <br/>- Don’t reuse passwords. A password manager can save you from yourself. <br/>- Keep software and browsers updated. <br/>- Report suspicious emails instead of deleting them—every report helps.<br/><br/>## The Final Thought<br/><br/>Phishing isn’t going away because human behavior isn’t changing. It’s cheaper for attackers to trick you than to hack you. The best cybersecurity tool is still a second of doubt before you click.<br/><br/></p>\n</html>",
"json_metadata": "{\"tags\":[\"phishing\",\"cybersecurity\",\"onlinesafety\",\"socialengineering\",\"awareness\"],\"app\":\"steemit/0.2\",\"format\":\"html\"}",
"parent_author": "",
"parent_permlink": "phishing",
"permlink": "the-art-of-phishing-old-trick-new-bait",
"title": "The Art of Phishing: Old Trick, New Bait"
}
],
"op_in_trx": 0,
"timestamp": "2025-11-06T11:45:39",
"trx_id": "46705baf1462595778be5212a171009e5048894e",
"trx_in_block": 0,
"virtual_op": 0
}lufytareceived 0.129 STEEM, 0.132 SP author reward for @lufyta / ai-powered-phishing-the-next-level-of-online-scams2025/10/06 18:14:27
lufytareceived 0.129 STEEM, 0.132 SP author reward for @lufyta / ai-powered-phishing-the-next-level-of-online-scams
2025/10/06 18:14:27
| author | lufyta |
| permlink | ai-powered-phishing-the-next-level-of-online-scams |
| sbd payout | 0.000 SBD |
| steem payout | 0.129 STEEM |
| vesting payout | 215.171356 VESTS |
| Transaction Info | Block #99732785/Virtual Operation #4 |
View Raw JSON Data
{
"block": 99732785,
"op": [
"author_reward",
{
"author": "lufyta",
"permlink": "ai-powered-phishing-the-next-level-of-online-scams",
"sbd_payout": "0.000 SBD",
"steem_payout": "0.129 STEEM",
"vesting_payout": "215.171356 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2025-10-06T18:14:27",
"trx_id": "0000000000000000000000000000000000000000",
"trx_in_block": 4294967295,
"virtual_op": 4
}lufytareceived 0.165 STEEM, 0.168 SP author reward for @lufyta / i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws2025/10/01 16:38:15
lufytareceived 0.165 STEEM, 0.168 SP author reward for @lufyta / i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws
2025/10/01 16:38:15
| author | lufyta |
| permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| sbd payout | 0.000 SBD |
| steem payout | 0.165 STEEM |
| vesting payout | 273.202099 VESTS |
| Transaction Info | Block #99587200/Virtual Operation #4 |
View Raw JSON Data
{
"block": 99587200,
"op": [
"author_reward",
{
"author": "lufyta",
"permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"sbd_payout": "0.000 SBD",
"steem_payout": "0.165 STEEM",
"vesting_payout": "273.202099 VESTS"
}
],
"op_in_trx": 0,
"timestamp": "2025-10-01T16:38:15",
"trx_id": "0000000000000000000000000000000000000000",
"trx_in_block": 4294967295,
"virtual_op": 4
}issambashirupvoted (1.00%) @lufyta / ai-powered-phishing-the-next-level-of-online-scams2025/09/29 18:36:27
issambashirupvoted (1.00%) @lufyta / ai-powered-phishing-the-next-level-of-online-scams
2025/09/29 18:36:27
| author | lufyta |
| permlink | ai-powered-phishing-the-next-level-of-online-scams |
| voter | issambashir |
| weight | 100 (1.00%) |
| Transaction Info | Block #99532110/Trx c0edec54338541f6e8f1f32ae93a69b28883dd3b |
View Raw JSON Data
{
"block": 99532110,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "ai-powered-phishing-the-next-level-of-online-scams",
"voter": "issambashir",
"weight": 100
}
],
"op_in_trx": 0,
"timestamp": "2025-09-29T18:36:27",
"trx_id": "c0edec54338541f6e8f1f32ae93a69b28883dd3b",
"trx_in_block": 1,
"virtual_op": 0
}mrosenquistupvoted (30.00%) @lufyta / browser-isolation-bypass-the-silent-backdoor-in-your-sandbox2025/09/29 18:30:45
mrosenquistupvoted (30.00%) @lufyta / browser-isolation-bypass-the-silent-backdoor-in-your-sandbox
2025/09/29 18:30:45
| author | lufyta |
| permlink | browser-isolation-bypass-the-silent-backdoor-in-your-sandbox |
| voter | mrosenquist |
| weight | 3000 (30.00%) |
| Transaction Info | Block #99531996/Trx 0c4628a729c87f92ac2533d57e350fe1a44a1517 |
View Raw JSON Data
{
"block": 99531996,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "browser-isolation-bypass-the-silent-backdoor-in-your-sandbox",
"voter": "mrosenquist",
"weight": 3000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-29T18:30:45",
"trx_id": "0c4628a729c87f92ac2533d57e350fe1a44a1517",
"trx_in_block": 3,
"virtual_op": 0
}mrosenquistupvoted (30.00%) @lufyta / ai-powered-phishing-the-next-level-of-online-scams2025/09/29 18:30:39
mrosenquistupvoted (30.00%) @lufyta / ai-powered-phishing-the-next-level-of-online-scams
2025/09/29 18:30:39
| author | lufyta |
| permlink | ai-powered-phishing-the-next-level-of-online-scams |
| voter | mrosenquist |
| weight | 3000 (30.00%) |
| Transaction Info | Block #99531994/Trx 3be4b3f38a18dc7147c33d4d300c2f09a084ff27 |
View Raw JSON Data
{
"block": 99531994,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "ai-powered-phishing-the-next-level-of-online-scams",
"voter": "mrosenquist",
"weight": 3000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-29T18:30:39",
"trx_id": "3be4b3f38a18dc7147c33d4d300c2f09a084ff27",
"trx_in_block": 0,
"virtual_op": 0
}lufytapublished a new post: ai-powered-phishing-the-next-level-of-online-scams2025/09/29 18:14:27
lufytapublished a new post: ai-powered-phishing-the-next-level-of-online-scams
2025/09/29 18:14:27
| author | lufyta |
| body | <p>Phishing used to mean badly written emails full of typos. Those days are over. With the rise of <b>AI-powered text and voice generation</b>, attackers now send perfect, convincing messages that can fool even experienced users.</p> <img src="https://cdn.pixabay.com/photo/2018/03/06/18/26/hacker-3202764_1280.jpg" alt="hacker with laptop" /> <p>Modern phishing attacks use <b>generative AI tools</b> to craft spear-phishing emails that sound like a real colleague or boss. Some even use <b>deepfake voices</b> to call employees and trick them into transferring money or sharing credentials.</p> <img src="https://cdn.pixabay.com/photo/2021/03/14/11/23/phishing-6093896_1280.jpg" alt="phishing concept" /> <p>One dangerous trend is <b>AI chatbots embedded in fake customer-support pages</b>. Unsuspecting users enter their banking or login details because the bot seems helpful and human-like.</p> <p>Organizations need to <b>train their staff</b> to spot suspicious behavior, adopt strong email filtering and authentication, and use <b>multi-factor authentication</b> wherever possible. Technical defenses help, but <b>awareness is still the first line of defense</b>.</p> <img src="https://cdn.pixabay.com/photo/2018/01/26/21/48/cyber-security-3112539_1280.jpg" alt="cybersecurity lock" /> <p>As AI gets smarter, phishing scams will only get more convincing. Staying informed and careful online is no longer optional — it’s essential.</p> |
| json metadata | {"tags":["cybersecurity"],"image":["https://cdn.pixabay.com/photo/2018/03/06/18/26/hacker-3202764_1280.jpg","https://cdn.pixabay.com/photo/2021/03/14/11/23/phishing-6093896_1280.jpg","https://cdn.pixabay.com/photo/2018/01/26/21/48/cyber-security-3112539_1280.jpg"],"app":"steemit/0.2","format":"markdown"} |
| parent author | |
| parent permlink | cybersecurity |
| permlink | ai-powered-phishing-the-next-level-of-online-scams |
| title | AI-Powered Phishing: The Next Level of Online Scams |
| Transaction Info | Block #99531670/Trx 9118f729cc0f1027b180bb9132af518ada1e9fc8 |
View Raw JSON Data
{
"block": 99531670,
"op": [
"comment",
{
"author": "lufyta",
"body": "<p>Phishing used to mean badly written emails full of typos. Those days are over. With the rise of <b>AI-powered text and voice generation</b>, attackers now send perfect, convincing messages that can fool even experienced users.</p>\n\n<img src=\"https://cdn.pixabay.com/photo/2018/03/06/18/26/hacker-3202764_1280.jpg\" alt=\"hacker with laptop\" />\n\n<p>Modern phishing attacks use <b>generative AI tools</b> to craft spear-phishing emails that sound like a real colleague or boss. Some even use <b>deepfake voices</b> to call employees and trick them into transferring money or sharing credentials.</p>\n\n<img src=\"https://cdn.pixabay.com/photo/2021/03/14/11/23/phishing-6093896_1280.jpg\" alt=\"phishing concept\" />\n\n<p>One dangerous trend is <b>AI chatbots embedded in fake customer-support pages</b>. Unsuspecting users enter their banking or login details because the bot seems helpful and human-like.</p>\n\n<p>Organizations need to <b>train their staff</b> to spot suspicious behavior, adopt strong email filtering and authentication, and use <b>multi-factor authentication</b> wherever possible. Technical defenses help, but <b>awareness is still the first line of defense</b>.</p>\n\n<img src=\"https://cdn.pixabay.com/photo/2018/01/26/21/48/cyber-security-3112539_1280.jpg\" alt=\"cybersecurity lock\" />\n\n<p>As AI gets smarter, phishing scams will only get more convincing. Staying informed and careful online is no longer optional — it’s essential.</p>",
"json_metadata": "{\"tags\":[\"cybersecurity\"],\"image\":[\"https://cdn.pixabay.com/photo/2018/03/06/18/26/hacker-3202764_1280.jpg\",\"https://cdn.pixabay.com/photo/2021/03/14/11/23/phishing-6093896_1280.jpg\",\"https://cdn.pixabay.com/photo/2018/01/26/21/48/cyber-security-3112539_1280.jpg\"],\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "cybersecurity",
"permlink": "ai-powered-phishing-the-next-level-of-online-scams",
"title": "AI-Powered Phishing: The Next Level of Online Scams"
}
],
"op_in_trx": 0,
"timestamp": "2025-09-29T18:14:27",
"trx_id": "9118f729cc0f1027b180bb9132af518ada1e9fc8",
"trx_in_block": 0,
"virtual_op": 0
}lufytapublished a new post: browser-isolation-bypass-the-silent-backdoor-in-your-sandbox2025/09/27 07:35:12
lufytapublished a new post: browser-isolation-bypass-the-silent-backdoor-in-your-sandbox
2025/09/27 07:35:12
| author | lufyta |
| body | <p>Web browsers were supposed to be our first line of defense, keeping suspicious sites locked inside a sandbox. But like any fence, if you find a weak spot, you can crawl right under it. That’s exactly what <b>browser isolation bypass</b> attacks do – they find cracks in the wall and slip through.</p> <img src="https://upload.wikimedia.org/wikipedia/commons/8/84/Cybersecurity_concept_art.jpg" alt="Cybersecurity concept" /> <p><b>What is Browser Isolation?</b><br/> Most modern security setups try to separate the risky stuff – like JavaScript and iframes from unknown websites – away from your main system. This is called isolation. Think of it as putting strangers in a glass room so they can’t touch your stuff.</p> <p>Enterprises often use cloud or local isolation tools so even if you visit a malicious website, the code runs in a separate container. Your real machine stays untouched… at least that’s the theory.</p> <img src="https://cdn.pixabay.com/photo/2017/05/31/16/30/cyber-security-2367693_1280.jpg" alt="Browser isolation concept" /> <p><b>How Bypasses Happen</b><br/> Attackers look for gaps – tiny misconfigurations, overlooked APIs, or clever ways to chain small bugs together. A classic move is abusing browser extensions or sandbox escape vulnerabilities that let code jump from the isolated space into the host machine.</p> <p>Another method is exploiting <b>cross-origin policies</b>. Isolation relies heavily on strict separation between different sites and resources. A bug that leaks data across those boundaries can be enough for attackers to steal sensitive information or execute commands.</p> <img src="https://images.unsplash.com/photo-1503676260728-1c00da094a0b" alt="Hacker working" /> <p><b>Real-World Impact</b><br/> When isolation is bypassed, the attacker can often interact directly with the user’s session – stealing cookies, tokens, or even escalating to install malware. This is especially dangerous for high-value targets like banks, healthcare portals, and government apps that rely heavily on browser security.</p> <p>One infamous example was chaining a browser zero-day with a sandbox escape to compromise cloud-based isolation platforms. Once inside, attackers harvested credentials and moved laterally through enterprise networks.</p> <img src="https://cdn.pixabay.com/photo/2017/08/30/07/54/security-2691295_1280.jpg" alt="Cyber attack concept" /> <p><b>How to Stay Safe</b><br/> The good news: isolation still works when done right. Here are a few tips:</p> <ul> <li>Keep browsers and isolation tools updated – most bypasses abuse outdated code.</li> <li>Use multi-layered defenses: endpoint security, strict policies, and strong authentication.</li> <li>Audit browser extensions and disable anything unnecessary.</li> <li>Enable advanced sandboxing modes and enforce cross-origin restrictions.</li> </ul> <p>Security isn’t about one magic barrier. It’s about layers. When one layer cracks, the others should still hold.</p> <img src="https://cdn.pixabay.com/photo/2020/04/08/08/16/internet-5010467_1280.jpg" alt="Cyber shield" /> <p><b>Conclusion</b><br/> Browser isolation bypasses remind us that no single defense is perfect. Attackers will keep probing, but a well-maintained, multi-layered setup forces them to work a lot harder. For now, patching fast and keeping isolation tight is the best shot at staying a few steps ahead.</p> |
| json metadata | {"tags":["cybersecurity","browser","hacking","websecurity"],"image":["https://upload.wikimedia.org/wikipedia/commons/8/84/Cybersecurity_concept_art.jpg","https://cdn.pixabay.com/photo/2017/05/31/16/30/cyber-security-2367693_1280.jpg","https://images.unsplash.com/photo-1503676260728-1c00da094a0b","https://cdn.pixabay.com/photo/2017/08/30/07/54/security-2691295_1280.jpg","https://cdn.pixabay.com/photo/2020/04/08/08/16/internet-5010467_1280.jpg"],"app":"steemit/0.2","format":"markdown"} |
| parent author | |
| parent permlink | cybersecurity |
| permlink | browser-isolation-bypass-the-silent-backdoor-in-your-sandbox |
| title | Browser Isolation Bypass: The Silent Backdoor in Your Sandbox |
| Transaction Info | Block #99461449/Trx 68abf58e7a10166dbb8ac68c3dd26804cf3af973 |
View Raw JSON Data
{
"block": 99461449,
"op": [
"comment",
{
"author": "lufyta",
"body": "<p>Web browsers were supposed to be our first line of defense, keeping suspicious sites locked inside a sandbox. But like any fence, if you find a weak spot, you can crawl right under it. That’s exactly what <b>browser isolation bypass</b> attacks do – they find cracks in the wall and slip through.</p>\n\n<img src=\"https://upload.wikimedia.org/wikipedia/commons/8/84/Cybersecurity_concept_art.jpg\" alt=\"Cybersecurity concept\" />\n\n<p><b>What is Browser Isolation?</b><br/>\nMost modern security setups try to separate the risky stuff – like JavaScript and iframes from unknown websites – away from your main system. This is called isolation. Think of it as putting strangers in a glass room so they can’t touch your stuff.</p>\n\n<p>Enterprises often use cloud or local isolation tools so even if you visit a malicious website, the code runs in a separate container. Your real machine stays untouched… at least that’s the theory.</p>\n\n<img src=\"https://cdn.pixabay.com/photo/2017/05/31/16/30/cyber-security-2367693_1280.jpg\" alt=\"Browser isolation concept\" />\n\n<p><b>How Bypasses Happen</b><br/>\nAttackers look for gaps – tiny misconfigurations, overlooked APIs, or clever ways to chain small bugs together. A classic move is abusing browser extensions or sandbox escape vulnerabilities that let code jump from the isolated space into the host machine.</p>\n\n<p>Another method is exploiting <b>cross-origin policies</b>. Isolation relies heavily on strict separation between different sites and resources. A bug that leaks data across those boundaries can be enough for attackers to steal sensitive information or execute commands.</p>\n\n<img src=\"https://images.unsplash.com/photo-1503676260728-1c00da094a0b\" alt=\"Hacker working\" />\n\n<p><b>Real-World Impact</b><br/>\nWhen isolation is bypassed, the attacker can often interact directly with the user’s session – stealing cookies, tokens, or even escalating to install malware. This is especially dangerous for high-value targets like banks, healthcare portals, and government apps that rely heavily on browser security.</p>\n\n<p>One infamous example was chaining a browser zero-day with a sandbox escape to compromise cloud-based isolation platforms. Once inside, attackers harvested credentials and moved laterally through enterprise networks.</p>\n\n<img src=\"https://cdn.pixabay.com/photo/2017/08/30/07/54/security-2691295_1280.jpg\" alt=\"Cyber attack concept\" />\n\n<p><b>How to Stay Safe</b><br/>\nThe good news: isolation still works when done right. Here are a few tips:</p>\n<ul>\n <li>Keep browsers and isolation tools updated – most bypasses abuse outdated code.</li>\n <li>Use multi-layered defenses: endpoint security, strict policies, and strong authentication.</li>\n <li>Audit browser extensions and disable anything unnecessary.</li>\n <li>Enable advanced sandboxing modes and enforce cross-origin restrictions.</li>\n</ul>\n\n<p>Security isn’t about one magic barrier. It’s about layers. When one layer cracks, the others should still hold.</p>\n\n<img src=\"https://cdn.pixabay.com/photo/2020/04/08/08/16/internet-5010467_1280.jpg\" alt=\"Cyber shield\" />\n\n<p><b>Conclusion</b><br/>\nBrowser isolation bypasses remind us that no single defense is perfect. Attackers will keep probing, but a well-maintained, multi-layered setup forces them to work a lot harder. For now, patching fast and keeping isolation tight is the best shot at staying a few steps ahead.</p>",
"json_metadata": "{\"tags\":[\"cybersecurity\",\"browser\",\"hacking\",\"websecurity\"],\"image\":[\"https://upload.wikimedia.org/wikipedia/commons/8/84/Cybersecurity_concept_art.jpg\",\"https://cdn.pixabay.com/photo/2017/05/31/16/30/cyber-security-2367693_1280.jpg\",\"https://images.unsplash.com/photo-1503676260728-1c00da094a0b\",\"https://cdn.pixabay.com/photo/2017/08/30/07/54/security-2691295_1280.jpg\",\"https://cdn.pixabay.com/photo/2020/04/08/08/16/internet-5010467_1280.jpg\"],\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "cybersecurity",
"permlink": "browser-isolation-bypass-the-silent-backdoor-in-your-sandbox",
"title": "Browser Isolation Bypass: The Silent Backdoor in Your Sandbox"
}
],
"op_in_trx": 0,
"timestamp": "2025-09-27T07:35:12",
"trx_id": "68abf58e7a10166dbb8ac68c3dd26804cf3af973",
"trx_in_block": 1,
"virtual_op": 0
}lufytaupvoted (100.00%) @steemitblog / steemit-update-september-16th-2025-community-curators-for-october2025/09/26 05:26:51
lufytaupvoted (100.00%) @steemitblog / steemit-update-september-16th-2025-community-curators-for-october
2025/09/26 05:26:51
| author | steemitblog |
| permlink | steemit-update-september-16th-2025-community-curators-for-october |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #99430152/Trx dd4ca26e2068a6c1fb5615234e9f318dad9f482e |
View Raw JSON Data
{
"block": 99430152,
"op": [
"vote",
{
"author": "steemitblog",
"permlink": "steemit-update-september-16th-2025-community-curators-for-october",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-26T05:26:51",
"trx_id": "dd4ca26e2068a6c1fb5615234e9f318dad9f482e",
"trx_in_block": 0,
"virtual_op": 0
}lufytaupvoted (100.00%) @steemitblog / steemit-update-september-16th-2025-community-curators-for-october2025/09/26 05:26:36
lufytaupvoted (100.00%) @steemitblog / steemit-update-september-16th-2025-community-curators-for-october
2025/09/26 05:26:36
| author | steemitblog |
| permlink | steemit-update-september-16th-2025-community-curators-for-october |
| voter | lufyta |
| weight | 10000 (100.00%) |
| Transaction Info | Block #99430147/Trx 26fdff7fb664766a14f334e156bb9f8e607dd556 |
View Raw JSON Data
{
"block": 99430147,
"op": [
"vote",
{
"author": "steemitblog",
"permlink": "steemit-update-september-16th-2025-community-curators-for-october",
"voter": "lufyta",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-26T05:26:36",
"trx_id": "26fdff7fb664766a14f334e156bb9f8e607dd556",
"trx_in_block": 6,
"virtual_op": 0
}2025/09/24 16:48:15
2025/09/24 16:48:15
| author | lufyta |
| permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| voter | inertia |
| weight | 10000 (100.00%) |
| Transaction Info | Block #99386548/Trx f984d61e40c49e1e2ee38ed0e765d47473b86d35 |
View Raw JSON Data
{
"block": 99386548,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"voter": "inertia",
"weight": 10000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:48:15",
"trx_id": "f984d61e40c49e1e2ee38ed0e765d47473b86d35",
"trx_in_block": 1,
"virtual_op": 0
}lufytacustom json: community2025/09/24 16:46:30
lufytacustom json: community
2025/09/24 16:46:30
| id | community |
| json | ["subscribe",{"community":"hive-111300"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #99386514/Trx 74d47b376f345a47d767e35864ad1ba3f873468b |
View Raw JSON Data
{
"block": 99386514,
"op": [
"custom_json",
{
"id": "community",
"json": "[\"subscribe\",{\"community\":\"hive-111300\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:46:30",
"trx_id": "74d47b376f345a47d767e35864ad1ba3f873468b",
"trx_in_block": 0,
"virtual_op": 0
}lufytacustom json: community2025/09/24 16:46:18
lufytacustom json: community
2025/09/24 16:46:18
| id | community |
| json | ["subscribe",{"community":"hive-161285"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #99386510/Trx 7cd1b7b1e172515dab8d09e1cfcedb48b59d5b62 |
View Raw JSON Data
{
"block": 99386510,
"op": [
"custom_json",
{
"id": "community",
"json": "[\"subscribe\",{\"community\":\"hive-161285\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:46:18",
"trx_id": "7cd1b7b1e172515dab8d09e1cfcedb48b59d5b62",
"trx_in_block": 0,
"virtual_op": 0
}lufytacustom json: community2025/09/24 16:46:03
lufytacustom json: community
2025/09/24 16:46:03
| id | community |
| json | ["subscribe",{"community":"hive-144064"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #99386506/Trx 23dbc258f669e4b5827e31c83e17e5ba54e1d302 |
View Raw JSON Data
{
"block": 99386506,
"op": [
"custom_json",
{
"id": "community",
"json": "[\"subscribe\",{\"community\":\"hive-144064\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:46:03",
"trx_id": "23dbc258f669e4b5827e31c83e17e5ba54e1d302",
"trx_in_block": 3,
"virtual_op": 0
}lufytacustom json: community2025/09/24 16:46:00
lufytacustom json: community
2025/09/24 16:46:00
| id | community |
| json | ["subscribe",{"community":"hive-101145"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #99386505/Trx d7643c108824574f29e1c64f1b9523a28b3647d3 |
View Raw JSON Data
{
"block": 99386505,
"op": [
"custom_json",
{
"id": "community",
"json": "[\"subscribe\",{\"community\":\"hive-101145\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:46:00",
"trx_id": "d7643c108824574f29e1c64f1b9523a28b3647d3",
"trx_in_block": 0,
"virtual_op": 0
}lufytacustom json: community2025/09/24 16:45:57
lufytacustom json: community
2025/09/24 16:45:57
| id | community |
| json | ["subscribe",{"community":"hive-150122"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #99386504/Trx d9af103ad2c2f6512e43900dabbc7cbb36c6b4ac |
View Raw JSON Data
{
"block": 99386504,
"op": [
"custom_json",
{
"id": "community",
"json": "[\"subscribe\",{\"community\":\"hive-150122\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:45:57",
"trx_id": "d9af103ad2c2f6512e43900dabbc7cbb36c6b4ac",
"trx_in_block": 2,
"virtual_op": 0
}lufytacustom json: notify2025/09/24 16:44:15
lufytacustom json: notify
2025/09/24 16:44:15
| id | notify |
| json | ["setLastRead",{"date":"2025-09-24T16:44:12"}] |
| required auths | [] |
| required posting auths | ["lufyta"] |
| Transaction Info | Block #99386471/Trx 15ad08f317f4316c1a58fc146cd76aab1ee32cf9 |
View Raw JSON Data
{
"block": 99386471,
"op": [
"custom_json",
{
"id": "notify",
"json": "[\"setLastRead\",{\"date\":\"2025-09-24T16:44:12\"}]",
"required_auths": [],
"required_posting_auths": [
"lufyta"
]
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:44:15",
"trx_id": "15ad08f317f4316c1a58fc146cd76aab1ee32cf9",
"trx_in_block": 0,
"virtual_op": 0
}2025/09/24 16:40:42
2025/09/24 16:40:42
| author | lufyta |
| permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| voter | spam-filter |
| weight | 100 (1.00%) |
| Transaction Info | Block #99386404/Trx 9b13bb6fec054605b78d78e66f78e4049d1468c2 |
View Raw JSON Data
{
"block": 99386404,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"voter": "spam-filter",
"weight": 100
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:40:42",
"trx_id": "9b13bb6fec054605b78d78e66f78e4049d1468c2",
"trx_in_block": 0,
"virtual_op": 0
}2025/09/24 16:38:33
2025/09/24 16:38:33
| author | lufyta |
| permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| voter | sanaula |
| weight | 2000 (20.00%) |
| Transaction Info | Block #99386364/Trx edccfd6de76ba44e8b93ba0c06215ac3b65e376d |
View Raw JSON Data
{
"block": 99386364,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"voter": "sanaula",
"weight": 2000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:38:33",
"trx_id": "edccfd6de76ba44e8b93ba0c06215ac3b65e376d",
"trx_in_block": 14,
"virtual_op": 0
}2025/09/24 16:38:30
2025/09/24 16:38:30
| author | lufyta |
| permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| voter | famillycooking1 |
| weight | 2000 (20.00%) |
| Transaction Info | Block #99386363/Trx 6d26df927bf8851929b13fa8a6ed6e39de9cf7c4 |
View Raw JSON Data
{
"block": 99386363,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"voter": "famillycooking1",
"weight": 2000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:38:30",
"trx_id": "6d26df927bf8851929b13fa8a6ed6e39de9cf7c4",
"trx_in_block": 3,
"virtual_op": 0
}2025/09/24 16:38:24
2025/09/24 16:38:24
| author | lufyta |
| permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| voter | steem.history |
| weight | 2000 (20.00%) |
| Transaction Info | Block #99386361/Trx 7bf0970ef661c5e4d493c9cff880c597cf50df29 |
View Raw JSON Data
{
"block": 99386361,
"op": [
"vote",
{
"author": "lufyta",
"permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"voter": "steem.history",
"weight": 2000
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:38:24",
"trx_id": "7bf0970ef661c5e4d493c9cff880c597cf50df29",
"trx_in_block": 0,
"virtual_op": 0
}2025/09/24 16:38:21
2025/09/24 16:38:21
| author | steem.history |
| body | Hello welcome to Steemit world! I'm @steem.history, who is steem witness. This is a recommended post for you.[Newcomers Guide](https://steemitdev.com/guide/@steemitblog/steemit-a-guide-for-newcomers) and [The Complete Steemit Etiquette Guide (Revision 2.0)](https://steemit.com/steem/@steem.history/the-complete-steemit-etiquette-guide-revision-20-homage-1598425779) and, recommended community [Newcomers Community](https://steemit.com/trending/hive-172186) I wish you luck to your steemit activities.<center> https://cdn.steemitimages.com/DQmXHwdcNs5VPcBft1iSosPdHLpBNBfjuG84g3ffWhMw5JQ/image.png <sub>(The bots avatar has been created using https://robohash.org/)</sub> @steem.history ### My witness activity - [My aspiration for STEEM witness](https://steemit.com/hive-185836/@steem.history/my-aspiration-for-steem-witness-1601280729) - Provides information on Steem. [Reference](https://steemit.com/trending/hive-130095) - Supporting the Steem project. [SPUD4STEEM project](https://steemit.com/trending/spud4steem) - Supporting the community. ### My featured posts - [The Complete Steemit Etiquette Guide (Revision 2.0) -Homage](https://steemit.com/steem/@steem.history/the-complete-steemit-etiquette-guide-revision-20-homage-1598425779) [](https://steemlogin.com/sign/account-witness-vote?witness=steem.history&approve=1) <sub>please click it!</sub>  <sub>(Go to https://steemit.com/~witnesses and type fbslo at the bottom of the page)</sub> </center> |
| json metadata | {"tsgs":["hello"]} |
| parent author | lufyta |
| parent permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| permlink | re-lufyta-i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws-20250924t163821076z |
| title | |
| Transaction Info | Block #99386360/Trx bbcb384f969eec56fc01d1a8e23599f345af00ba |
View Raw JSON Data
{
"block": 99386360,
"op": [
"comment",
{
"author": "steem.history",
"body": "Hello welcome to Steemit world! \n I'm @steem.history, who is steem witness. \n This is a recommended post for you.[Newcomers Guide](https://steemitdev.com/guide/@steemitblog/steemit-a-guide-for-newcomers) and [The Complete Steemit Etiquette Guide (Revision 2.0)](https://steemit.com/steem/@steem.history/the-complete-steemit-etiquette-guide-revision-20-homage-1598425779) and, recommended community [Newcomers Community](https://steemit.com/trending/hive-172186) \n I wish you luck to your steemit activities.<center> \n \n \n https://cdn.steemitimages.com/DQmXHwdcNs5VPcBft1iSosPdHLpBNBfjuG84g3ffWhMw5JQ/image.png \n <sub>(The bots avatar has been created using https://robohash.org/)</sub> \n @steem.history \n \n ### My witness activity \n - [My aspiration for STEEM witness](https://steemit.com/hive-185836/@steem.history/my-aspiration-for-steem-witness-1601280729) \n - Provides information on Steem. \n [Reference](https://steemit.com/trending/hive-130095) \n - Supporting the Steem project. \n [SPUD4STEEM project](https://steemit.com/trending/spud4steem) \n - Supporting the community. \n ### My featured posts \n - [The Complete Steemit Etiquette Guide (Revision 2.0) -Homage](https://steemit.com/steem/@steem.history/the-complete-steemit-etiquette-guide-revision-20-homage-1598425779) \n \n [](https://steemlogin.com/sign/account-witness-vote?witness=steem.history&approve=1) \n <sub>please click it!</sub> \n \n  \n <sub>(Go to https://steemit.com/~witnesses and type fbslo at the bottom of the page)</sub> \n \n </center>",
"json_metadata": "{\"tsgs\":[\"hello\"]}",
"parent_author": "lufyta",
"parent_permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"permlink": "re-lufyta-i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws-20250924t163821076z",
"title": ""
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:38:21",
"trx_id": "bbcb384f969eec56fc01d1a8e23599f345af00ba",
"trx_in_block": 2,
"virtual_op": 0
}2025/09/24 16:38:15
2025/09/24 16:38:15
| author | lufyta |
| body | As a cybersecurity beginner, I was just exploring a web application to learn. I never expected my curiosity would lead me to uncover critical vulnerabilities like Server-Side Request Forgery (SSRF) and Broken Access Control. This is my story of what I found. Quick Disclaimer Before I get into the technical details, let’s get something straight. I’m not a professional pentester — at least, not yet. I’m just someone with a massive passion for cybersecurity, trying to get my hands dirty and learn how things work in the real world. The findings I’m about to share were discovered by pure chance while I was exploring a web application. This was not an official, authorized penetration test. Most importantly, no malicious activity was performed. I didn’t access, modify, or delete any data I wasn’t supposed to. My only goal was to learn. As soon as I realized the severity of the issues, I compiled a report and sent it to the website’s owner to help them fix things. This is the core of being an ethical hacker: you find things to help, not to harm. Now, let’s get to the fun part. First Domino It all started with a simple API endpoint: /api/videoGens. In web apps, an endpoint like this is usually responsible for fetching things a user has created—in this case, videos. When you're looking at network traffic, you often see requests with parameters like page=1 and limit=10. These just help the app show you a small chunk of data at a time instead of everything at once. My curiosity kicked in. I thought to myself, “What happens if I tweak these numbers? What if I ask for a limit of 100 instead of 10?" Honestly, I expected to see an error or just my own test videos. But what I got back was… everything. <img src= "https://miro.medium.com/v2/resize:fit:750/format:webp/1*Z8OMRCJe_bVDJ-CDbVsmLw.png" /> 0x62616B61 I Wasn’t Trying to Hack Them, But I Did: A Beginner’s Story of Finding Major Security Flaws 0x62616B61 0x62616B61 5 min read · Sep 13, 2025 Listen Share More As a cybersecurity beginner, I was just exploring a web application to learn. I never expected my curiosity would lead me to uncover critical vulnerabilities like Server-Side Request Forgery (SSRF) and Broken Access Control. This is my story of what I found. Quick Disclaimer Before I get into the technical details, let’s get something straight. I’m not a professional pentester — at least, not yet. I’m just someone with a massive passion for cybersecurity, trying to get my hands dirty and learn how things work in the real world. The findings I’m about to share were discovered by pure chance while I was exploring a web application. This was not an official, authorized penetration test. Most importantly, no malicious activity was performed. I didn’t access, modify, or delete any data I wasn’t supposed to. My only goal was to learn. As soon as I realized the severity of the issues, I compiled a report and sent it to the website’s owner to help them fix things. This is the core of being an ethical hacker: you find things to help, not to harm. Now, let’s get to the fun part. First Domino It all started with a simple API endpoint: /api/videoGens. In web apps, an endpoint like this is usually responsible for fetching things a user has created—in this case, videos. When you're looking at network traffic, you often see requests with parameters like page=1 and limit=10. These just help the app show you a small chunk of data at a time instead of everything at once. My curiosity kicked in. I thought to myself, “What happens if I tweak these numbers? What if I ask for a limit of 100 instead of 10?" Honestly, I expected to see an error or just my own test videos. But what I got back was… everything. Press enter or click to view image in full size My screen filled with data belonging to other users. I could see userIDs that weren't mine, along with links to the videos they had generated. My heart skipped a beat. This is a classic case of Broken Access Control. This was a serious flaw. It meant anyone with an account could potentially snoop on content created by other users just by changing a few numbers in an API call. It was a sobering reminder of how a seemingly small oversight can have big privacy implications. Down the Rabbit Hole Finding that first bug made me look at the application with new eyes. I started wondering what else might be hiding under the surface. I noticed another interesting feature — a tool that could render text over a video. The API call for this was to /api/video/renderTextOverFace. The request it sent looked something like this: <code> { "text": "Preview Text", "videoUrl": "https://some-video-url.com/video.mp4", "fontSize": 0.059 } </code> Open in app Sidebar menu 0x62616B61 I Wasn’t Trying to Hack Them, But I Did: A Beginner’s Story of Finding Major Security Flaws 0x62616B61 0x62616B61 5 min read · Sep 13, 2025 Listen Share More As a cybersecurity beginner, I was just exploring a web application to learn. I never expected my curiosity would lead me to uncover critical vulnerabilities like Server-Side Request Forgery (SSRF) and Broken Access Control. This is my story of what I found. Quick Disclaimer Before I get into the technical details, let’s get something straight. I’m not a professional pentester — at least, not yet. I’m just someone with a massive passion for cybersecurity, trying to get my hands dirty and learn how things work in the real world. The findings I’m about to share were discovered by pure chance while I was exploring a web application. This was not an official, authorized penetration test. Most importantly, no malicious activity was performed. I didn’t access, modify, or delete any data I wasn’t supposed to. My only goal was to learn. As soon as I realized the severity of the issues, I compiled a report and sent it to the website’s owner to help them fix things. This is the core of being an ethical hacker: you find things to help, not to harm. Now, let’s get to the fun part. First Domino It all started with a simple API endpoint: /api/videoGens. In web apps, an endpoint like this is usually responsible for fetching things a user has created—in this case, videos. When you're looking at network traffic, you often see requests with parameters like page=1 and limit=10. These just help the app show you a small chunk of data at a time instead of everything at once. My curiosity kicked in. I thought to myself, “What happens if I tweak these numbers? What if I ask for a limit of 100 instead of 10?" Honestly, I expected to see an error or just my own test videos. But what I got back was… everything. Press enter or click to view image in full size My screen filled with data belonging to other users. I could see userIDs that weren't mine, along with links to the videos they had generated. My heart skipped a beat. This is a classic case of Broken Access Control. This was a serious flaw. It meant anyone with an account could potentially snoop on content created by other users just by changing a few numbers in an API call. It was a sobering reminder of how a seemingly small oversight can have big privacy implications. Down the Rabbit Hole Finding that first bug made me look at the application with new eyes. I started wondering what else might be hiding under the surface. I noticed another interesting feature — a tool that could render text over a video. The API call for this was to /api/video/renderTextOverFace. The request it sent looked something like this: { "text": "Preview Text", "videoUrl": "https://some-video-url.com/video.mp4", "fontSize": 0.059 } The videoUrl parameter immediately caught my eye. To put text on a video, the server has to download that video first. This is where a little red flag went up in my head. What if, instead of a real video URL, I gave it something else? Something on an internal network, or even better, a URL that I control? This is the setup for a very dangerous vulnerability called Server-Side Request Forgery (SSRF). In simple terms, SSRF is like tricking a company’s internal mail service. You give a mail clerk a letter and an address. They’re supposed to deliver it outside the company. But instead, you give them the address of the CEO’s office inside the building. The mail clerk, just following instructions, goes there and delivers your message. You, the attacker, have just made the server do something it was never intended to do — access its own private network. To test this theory, I did the following: I set up a listener. I used a free online tool that creates a unique URL and shows me any web requests that come to it. This was my “trap.” I crafted a special request. I targeted the /api/video/renderTextOverFace endpoint, but for the videoUrl, I put in the unique URL of my listener. I sent the request and held my breath. A few seconds later… BINGO! A new request appeared on my listener. <img src="https://miro.medium.com/v2/resize:fit:750/format:webp/1*0_lkXTyN3VR5CEQ40MzVfw.png" /> between a security researcher and a criminal is thin, and it’s defined by intent and action. Always have permission or, if you find something accidentally, report it responsibly and never, ever cause damage. This journey from a curious beginner to someone who found and reported real-world vulnerabilities was thrilling. It solidified my passion for cybersecurity and reminded me that there’s always something new to learn, and that sometimes, the best way to learn is to just dive in. <b> Stay Curious, Stay Secure…</b> |
| json metadata | {"tags":["cybersecurity","websecurity","ethicalhacker","bugbountry"],"image":["https://miro.medium.com/v2/resize:fit:750/format:webp/1*Z8OMRCJe_bVDJ-CDbVsmLw.png","https://miro.medium.com/v2/resize:fit:750/format:webp/1*0_lkXTyN3VR5CEQ40MzVfw.png"],"links":["https://some-video-url.com/video.mp4"],"app":"steemit/0.2","format":"markdown"} |
| parent author | |
| parent permlink | cybersecurity |
| permlink | i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws |
| title | I Wasn’t Trying to Hack Them, But I Did: A Beginner’s Story of Finding Major Security Flaws |
| Transaction Info | Block #99386358/Trx 143c316cae379c00ced9d827d4fcb81d0edbdc89 |
View Raw JSON Data
{
"block": 99386358,
"op": [
"comment",
{
"author": "lufyta",
"body": "As a cybersecurity beginner, I was just exploring a web application to learn. I never expected my curiosity would lead me to uncover critical vulnerabilities like Server-Side Request Forgery (SSRF) and Broken Access Control. This is my story of what I found.\n\nQuick Disclaimer\nBefore I get into the technical details, let’s get something straight. I’m not a professional pentester — at least, not yet. I’m just someone with a massive passion for cybersecurity, trying to get my hands dirty and learn how things work in the real world.\n\nThe findings I’m about to share were discovered by pure chance while I was exploring a web application. This was not an official, authorized penetration test. Most importantly, no malicious activity was performed. I didn’t access, modify, or delete any data I wasn’t supposed to. My only goal was to learn. As soon as I realized the severity of the issues, I compiled a report and sent it to the website’s owner to help them fix things.\n\nThis is the core of being an ethical hacker: you find things to help, not to harm. Now, let’s get to the fun part.\n\nFirst Domino\nIt all started with a simple API endpoint: /api/videoGens. In web apps, an endpoint like this is usually responsible for fetching things a user has created—in this case, videos. When you're looking at network traffic, you often see requests with parameters like page=1 and limit=10. These just help the app show you a small chunk of data at a time instead of everything at once.\n\nMy curiosity kicked in. I thought to myself, “What happens if I tweak these numbers? What if I ask for a limit of 100 instead of 10?\"\n\nHonestly, I expected to see an error or just my own test videos. But what I got back was… everything.\n\n<img src= \"https://miro.medium.com/v2/resize:fit:750/format:webp/1*Z8OMRCJe_bVDJ-CDbVsmLw.png\" />\n\n\n\n0x62616B61\nI Wasn’t Trying to Hack Them, But I Did: A Beginner’s Story of Finding Major Security Flaws\n0x62616B61\n0x62616B61\n\n5 min read\n·\nSep 13, 2025\n\nListen\n\n\nShare\n\n\nMore\n\nAs a cybersecurity beginner, I was just exploring a web application to learn. I never expected my curiosity would lead me to uncover critical vulnerabilities like Server-Side Request Forgery (SSRF) and Broken Access Control. This is my story of what I found.\n\nQuick Disclaimer\nBefore I get into the technical details, let’s get something straight. I’m not a professional pentester — at least, not yet. I’m just someone with a massive passion for cybersecurity, trying to get my hands dirty and learn how things work in the real world.\n\nThe findings I’m about to share were discovered by pure chance while I was exploring a web application. This was not an official, authorized penetration test. Most importantly, no malicious activity was performed. I didn’t access, modify, or delete any data I wasn’t supposed to. My only goal was to learn. As soon as I realized the severity of the issues, I compiled a report and sent it to the website’s owner to help them fix things.\n\nThis is the core of being an ethical hacker: you find things to help, not to harm. Now, let’s get to the fun part.\n\nFirst Domino\nIt all started with a simple API endpoint: /api/videoGens. In web apps, an endpoint like this is usually responsible for fetching things a user has created—in this case, videos. When you're looking at network traffic, you often see requests with parameters like page=1 and limit=10. These just help the app show you a small chunk of data at a time instead of everything at once.\n\nMy curiosity kicked in. I thought to myself, “What happens if I tweak these numbers? What if I ask for a limit of 100 instead of 10?\"\n\nHonestly, I expected to see an error or just my own test videos. But what I got back was… everything.\n\nPress enter or click to view image in full size\n\nMy screen filled with data belonging to other users. I could see userIDs that weren't mine, along with links to the videos they had generated. My heart skipped a beat. This is a classic case of Broken Access Control.\n\nThis was a serious flaw. It meant anyone with an account could potentially snoop on content created by other users just by changing a few numbers in an API call. It was a sobering reminder of how a seemingly small oversight can have big privacy implications.\n\nDown the Rabbit Hole\nFinding that first bug made me look at the application with new eyes. I started wondering what else might be hiding under the surface. I noticed another interesting feature — a tool that could render text over a video. The API call for this was to /api/video/renderTextOverFace.\n\nThe request it sent looked something like this:\n\n\n<code>\n{\n \"text\": \"Preview Text\",\n \"videoUrl\": \"https://some-video-url.com/video.mp4\",\n \"fontSize\": 0.059\n}\n</code>\n\nOpen in app\nSidebar menu\n\n0x62616B61\nI Wasn’t Trying to Hack Them, But I Did: A Beginner’s Story of Finding Major Security Flaws\n0x62616B61\n0x62616B61\n\n5 min read\n·\nSep 13, 2025\n\nListen\n\n\nShare\n\n\nMore\n\nAs a cybersecurity beginner, I was just exploring a web application to learn. I never expected my curiosity would lead me to uncover critical vulnerabilities like Server-Side Request Forgery (SSRF) and Broken Access Control. This is my story of what I found.\n\nQuick Disclaimer\nBefore I get into the technical details, let’s get something straight. I’m not a professional pentester — at least, not yet. I’m just someone with a massive passion for cybersecurity, trying to get my hands dirty and learn how things work in the real world.\n\nThe findings I’m about to share were discovered by pure chance while I was exploring a web application. This was not an official, authorized penetration test. Most importantly, no malicious activity was performed. I didn’t access, modify, or delete any data I wasn’t supposed to. My only goal was to learn. As soon as I realized the severity of the issues, I compiled a report and sent it to the website’s owner to help them fix things.\n\nThis is the core of being an ethical hacker: you find things to help, not to harm. Now, let’s get to the fun part.\n\nFirst Domino\nIt all started with a simple API endpoint: /api/videoGens. In web apps, an endpoint like this is usually responsible for fetching things a user has created—in this case, videos. When you're looking at network traffic, you often see requests with parameters like page=1 and limit=10. These just help the app show you a small chunk of data at a time instead of everything at once.\n\nMy curiosity kicked in. I thought to myself, “What happens if I tweak these numbers? What if I ask for a limit of 100 instead of 10?\"\n\nHonestly, I expected to see an error or just my own test videos. But what I got back was… everything.\n\nPress enter or click to view image in full size\n\nMy screen filled with data belonging to other users. I could see userIDs that weren't mine, along with links to the videos they had generated. My heart skipped a beat. This is a classic case of Broken Access Control.\n\nThis was a serious flaw. It meant anyone with an account could potentially snoop on content created by other users just by changing a few numbers in an API call. It was a sobering reminder of how a seemingly small oversight can have big privacy implications.\n\nDown the Rabbit Hole\nFinding that first bug made me look at the application with new eyes. I started wondering what else might be hiding under the surface. I noticed another interesting feature — a tool that could render text over a video. The API call for this was to /api/video/renderTextOverFace.\n\nThe request it sent looked something like this:\n\n{\n \"text\": \"Preview Text\",\n \"videoUrl\": \"https://some-video-url.com/video.mp4\",\n \"fontSize\": 0.059\n}\nThe videoUrl parameter immediately caught my eye. To put text on a video, the server has to download that video first. This is where a little red flag went up in my head. What if, instead of a real video URL, I gave it something else? Something on an internal network, or even better, a URL that I control?\n\nThis is the setup for a very dangerous vulnerability called Server-Side Request Forgery (SSRF).\n\nIn simple terms, SSRF is like tricking a company’s internal mail service. You give a mail clerk a letter and an address. They’re supposed to deliver it outside the company. But instead, you give them the address of the CEO’s office inside the building. The mail clerk, just following instructions, goes there and delivers your message. You, the attacker, have just made the server do something it was never intended to do — access its own private network.\n\nTo test this theory, I did the following:\n\nI set up a listener. I used a free online tool that creates a unique URL and shows me any web requests that come to it. This was my “trap.”\nI crafted a special request. I targeted the /api/video/renderTextOverFace endpoint, but for the videoUrl, I put in the unique URL of my listener.\nI sent the request and held my breath.\nA few seconds later… BINGO! A new request appeared on my listener.\n\n<img src=\"https://miro.medium.com/v2/resize:fit:750/format:webp/1*0_lkXTyN3VR5CEQ40MzVfw.png\" />\n\nbetween a security researcher and a criminal is thin, and it’s defined by intent and action. Always have permission or, if you find something accidentally, report it responsibly and never, ever cause damage.\nThis journey from a curious beginner to someone who found and reported real-world vulnerabilities was thrilling. It solidified my passion for cybersecurity and reminded me that there’s always something new to learn, and that sometimes, the best way to learn is to just dive in.\n\n<b> Stay Curious, Stay Secure…</b>",
"json_metadata": "{\"tags\":[\"cybersecurity\",\"websecurity\",\"ethicalhacker\",\"bugbountry\"],\"image\":[\"https://miro.medium.com/v2/resize:fit:750/format:webp/1*Z8OMRCJe_bVDJ-CDbVsmLw.png\",\"https://miro.medium.com/v2/resize:fit:750/format:webp/1*0_lkXTyN3VR5CEQ40MzVfw.png\"],\"links\":[\"https://some-video-url.com/video.mp4\"],\"app\":\"steemit/0.2\",\"format\":\"markdown\"}",
"parent_author": "",
"parent_permlink": "cybersecurity",
"permlink": "i-wasn-t-trying-to-hack-them-but-i-did-a-beginner-s-story-of-finding-major-security-flaws",
"title": "I Wasn’t Trying to Hack Them, But I Did: A Beginner’s Story of Finding Major Security Flaws"
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:38:15",
"trx_id": "143c316cae379c00ced9d827d4fcb81d0edbdc89",
"trx_in_block": 5,
"virtual_op": 0
}lufytaupdated their account properties2025/09/24 16:14:18
lufytaupdated their account properties
2025/09/24 16:14:18
| account | lufyta |
| active | {"account_auths":[],"key_auths":[["STM5QsPeaBa3ThjWKsn3nXgzakcYEjAryYL6Q4uWPGUjL4xZKyjjc",1]],"weight_threshold":1} |
| json metadata | |
| memo key | STM8SBQSgQmVT6pNyzRQcitCn87hZTB3AEvY3JBVnc9pCn2jzTBQP |
| owner | {"account_auths":[],"key_auths":[["STM6W8TMZFN9L7WtBdHh4i2HKrSu7vFd1Wy5XRSZpARfNf4fwA9Xv",1]],"weight_threshold":1} |
| posting | {"account_auths":[],"key_auths":[["STM5WBMeb2YBy6uqgrnYYAeuqSZLnRx3UbSxx8N6W3oCKn7z8mU2v",1]],"weight_threshold":1} |
| Transaction Info | Block #99385901/Trx 27f381700f3e27b8e92f255dd710af0b6f86c528 |
View Raw JSON Data
{
"block": 99385901,
"op": [
"account_update",
{
"account": "lufyta",
"active": {
"account_auths": [],
"key_auths": [
[
"STM5QsPeaBa3ThjWKsn3nXgzakcYEjAryYL6Q4uWPGUjL4xZKyjjc",
1
]
],
"weight_threshold": 1
},
"json_metadata": "",
"memo_key": "STM8SBQSgQmVT6pNyzRQcitCn87hZTB3AEvY3JBVnc9pCn2jzTBQP",
"owner": {
"account_auths": [],
"key_auths": [
[
"STM6W8TMZFN9L7WtBdHh4i2HKrSu7vFd1Wy5XRSZpARfNf4fwA9Xv",
1
]
],
"weight_threshold": 1
},
"posting": {
"account_auths": [],
"key_auths": [
[
"STM5WBMeb2YBy6uqgrnYYAeuqSZLnRx3UbSxx8N6W3oCKn7z8mU2v",
1
]
],
"weight_threshold": 1
}
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:14:18",
"trx_id": "27f381700f3e27b8e92f255dd710af0b6f86c528",
"trx_in_block": 0,
"virtual_op": 0
}2025/09/24 16:06:57
2025/09/24 16:06:57
| account | lufyta |
| proxy | justyy |
| Transaction Info | Block #99385760/Trx 760e2dbcb755e198a614c9c86ed387ab28824da2 |
View Raw JSON Data
{
"block": 99385760,
"op": [
"account_witness_proxy",
{
"account": "lufyta",
"proxy": "justyy"
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:06:57",
"trx_id": "760e2dbcb755e198a614c9c86ed387ab28824da2",
"trx_in_block": 0,
"virtual_op": 0
}2025/09/24 16:06:51
2025/09/24 16:06:51
| active | {"account_auths":[],"key_auths":[["STM6yUXvUnzsPrpQRQietu23NZB8MDYhTRmA7oELMdPdiJMDrBTdz",1]],"weight_threshold":1} |
| creator | justyy |
| extensions | [] |
| json metadata | |
| memo key | STM5BDHaQCJaS8sphLQqk9KEuFX2mKhGBuACLaJtA6Yd5nx9mbHjM |
| new account name | lufyta |
| owner | {"account_auths":[],"key_auths":[["STM6ESz9V3z49Zp7eaNoVLVNhxsQqoRXXcVPdPUmRFDdU6gGqGhjV",1]],"weight_threshold":1} |
| posting | {"account_auths":[],"key_auths":[["STM4wnEnLeG1A4Nx3GkKoFvAMLVwxJRizAgwr84GRmNqaAmbAd3mD",1]],"weight_threshold":1} |
| Transaction Info | Block #99385758/Trx cc0c10202b7c600b13747553d4b3508879e2ca7d |
View Raw JSON Data
{
"block": 99385758,
"op": [
"create_claimed_account",
{
"active": {
"account_auths": [],
"key_auths": [
[
"STM6yUXvUnzsPrpQRQietu23NZB8MDYhTRmA7oELMdPdiJMDrBTdz",
1
]
],
"weight_threshold": 1
},
"creator": "justyy",
"extensions": [],
"json_metadata": "",
"memo_key": "STM5BDHaQCJaS8sphLQqk9KEuFX2mKhGBuACLaJtA6Yd5nx9mbHjM",
"new_account_name": "lufyta",
"owner": {
"account_auths": [],
"key_auths": [
[
"STM6ESz9V3z49Zp7eaNoVLVNhxsQqoRXXcVPdPUmRFDdU6gGqGhjV",
1
]
],
"weight_threshold": 1
},
"posting": {
"account_auths": [],
"key_auths": [
[
"STM4wnEnLeG1A4Nx3GkKoFvAMLVwxJRizAgwr84GRmNqaAmbAd3mD",
1
]
],
"weight_threshold": 1
}
}
],
"op_in_trx": 0,
"timestamp": "2025-09-24T16:06:51",
"trx_id": "cc0c10202b7c600b13747553d4b3508879e2ca7d",
"trx_in_block": 1,
"virtual_op": 0
}Manabar
Voting Power0.00%
Downvote Power0.00%
Resource Credits100.00%
Reputation Progress59.79%
{
"voting_manabar": {
"current_mana": 0,
"last_update_time": 1767381165
},
"downvote_manabar": {
"current_mana": 0,
"last_update_time": 1767381165
},
"rc_account": {
"account": "lufyta",
"max_rc": "4968498688",
"max_rc_creation_adjustment": {
"amount": "4968498688",
"nai": "@@000000037",
"precision": 6
},
"rc_manabar": {
"current_mana": "4554672858",
"last_update_time": 1767381165
}
}
}Account Metadata
| POSTING JSON METADATA | |
| None | |
| JSON METADATA | |
| None |
{
"posting_json_metadata": {},
"json_metadata": {}
}Auth Keys
Owner
Single Signature
Public Keys
STM6W8TMZFN9L7WtBdHh4i2HKrSu7vFd1Wy5XRSZpARfNf4fwA9Xv1/1
Active
Single Signature
Public Keys
STM5QsPeaBa3ThjWKsn3nXgzakcYEjAryYL6Q4uWPGUjL4xZKyjjc1/1
Posting
Single Signature
Public Keys
STM5WBMeb2YBy6uqgrnYYAeuqSZLnRx3UbSxx8N6W3oCKn7z8mU2v1/1
Memo
STM8SBQSgQmVT6pNyzRQcitCn87hZTB3AEvY3JBVnc9pCn2jzTBQP
{
"owner": {
"account_auths": [],
"key_auths": [
[
"STM6W8TMZFN9L7WtBdHh4i2HKrSu7vFd1Wy5XRSZpARfNf4fwA9Xv",
1
]
],
"weight_threshold": 1
},
"active": {
"account_auths": [],
"key_auths": [
[
"STM5QsPeaBa3ThjWKsn3nXgzakcYEjAryYL6Q4uWPGUjL4xZKyjjc",
1
]
],
"weight_threshold": 1
},
"posting": {
"account_auths": [],
"key_auths": [
[
"STM5WBMeb2YBy6uqgrnYYAeuqSZLnRx3UbSxx8N6W3oCKn7z8mU2v",
1
]
],
"weight_threshold": 1
},
"memo": "STM8SBQSgQmVT6pNyzRQcitCn87hZTB3AEvY3JBVnc9pCn2jzTBQP"
}Witness Votes
0 / 30
No active witness votes (Proxied to @justyy).
[]