whoami

The Mirror

// you haven't typed a thing.

You arrived a few seconds ago and told us nothing about yourself. Yet your connection already handed over the details below. This is the raw material of a social-engineering attack: an attacker collects exactly this before they ever contact you, then uses it to build a message that feels personal and safe.

scanning your connection...

approximate location from your IP — not your exact address, but close enough to be useful to an attacker. open in Google Maps ->

traceroute to threatlevelhuman.com

reconstructed from your IP metadata, not a live ICMP trace. A real attacker fingerprints the same path: your device, your provider, your region, then the open internet.

WHY THIS MATTERS

None of this required a hack. The browser offers it, the network reveals it, a public lookup fills in the rest. An attacker pairs your city, your employer's network, and your device into a pretext: a "delivery problem" in your town, an "IT notice" for your exact browser, a "colleague" who knows where you are. The familiarity is the whole game. The defense is to treat unsolicited messages that feel personal as more suspicious, not less.

get the weekly briefing watch how these attacks work

Privacy: nothing on this page is stored, logged, or sent to us. Everything is computed in your own browser. The network, location, and reverse-DNS lines use public lookups your browser calls directly; we never see them. Reload and it is gone. Practicing what we preach.