diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php
index b1cd2909e..8154a6ca6 100644
--- a/app/Util/ActivityPub/Helpers.php
+++ b/app/Util/ActivityPub/Helpers.php
@@ -210,6 +210,18 @@ class Helpers {
 				$activity = ['object' => $res];
 			}
 
+			$idDomain = parse_url($activity['id'], PHP_URL_HOST);
+			$urlDomain = parse_url($url, PHP_URL_HOST);
+			$actorDomain = parse_url($activity['object']['attributedTo'], PHP_URL_HOST);
+
+			if(
+				$idDomain !== $urlDomain || 
+				$actorDomain !== $urlDomain || 
+				$idDomain !== $actorDomain
+			) {
+				abort(400, 'Invalid object');
+			}
+
 			$profile = self::profileFirstOrNew($activity['object']['attributedTo']);
 			if(isset($activity['object']['inReplyTo']) && !empty($activity['object']['inReplyTo']) && $replyTo == true) {
 				$reply_to = self::statusFirstOrFetch($activity['object']['inReplyTo'], false);