# I am the Watcher. I am your guide through this vast new twtiverse.
# 
# Usage:
#     https://watcher.sour.is/api/plain/users              View list of users and latest twt date.
#     https://watcher.sour.is/api/plain/twt                View all twts.
#     https://watcher.sour.is/api/plain/mentions?uri=:uri  View all mentions for uri.
#     https://watcher.sour.is/api/plain/conv/:hash         View all twts for a conversation subject.
# 
# Options:
#     uri     Filter to show a specific users twts.
#     offset  Start index for quey.
#     limit   Count of items to return (going back in time).
# 
# twt range = 1 6
# self = https://watcher.sour.is/conv/hgkqmjq
bender
twtxt.net
View Thread
This happened yesterday:

Screenshot of an email, allegedly from Sendgrid

The first give away is the sender, sendgrid@autovitalsinc.com. Not Sengrid. Now, check the URL on the link provided to check the account activity:


https://u906946.ct.sendgrid.net/ls/click?upn=u001.eXk7eIEvNT22LuyWQ0fseoc5VY1jItvxPoavh2wfNVs292YMzvTAPj5D6nek1U6K7UfW_AsM5Hq3TBeAGlZrT-2F3g23iWCcJRPGZ-2B58DJxpgMgOTjgWklNQiAdGiHqmR6FFVhfWZJhnu1PSRslMuKGg1XNZs5e1lGu8kmdKhv7otlghl6qLMXiiXYZcvaUB5NruWwSBFcLdvi31NY-2Fru5oyrcrugm2iLYA0u5TiufyvA7SNTo3sDHx6WtS-2FmfEyN2svb9k1S4QGRFhuDseidMiFm0f9Q-3D-3D


I was curious, so I follow it on my dedicated VM for these kind of things. It took me to a page looking exactly like a Sendgrid login, with a sendgrid.net URL. Upon entering yourmotherisahamster@gmail.com, as username, and yourfathersmellsofelderberries as password, it sent me to https://screenprank.com/gandalf/.

It was well done. This morning the same link renders a blank page with a "Not found" link that takes you to a 404. Hmm...
bender
twtxt.net
View Thread
Notice the detail on the IP address mentioned. It is one assigned to Australia: https://ipgeolocation.io/browse/ip/203.0.113.78
prologic
twtxt.net
View Thread
Interesting 🤔
prologic
twtxt.net
View Thread
Interesting 🤔
bender
twtxt.net
View Thread
@prologic it is the attention to detail. Evidently no one from Australia tried to login on my Sendgrid account, but the IP the used correlates to the GeoIP DB.
lyse
lyse.isobeef.org
View Thread
It would be even funnier if @bender didn't have a Sendgrid account in the first place. Good catch!