“Your device has been blocked due to illegal activity” — sure it has. After fat-fingering github[.]com, we were redirected to a domain running a fake Microsoft tech support scams: pop-ups that lock your browser, shout scary messages, and push you to call a “support” number (aka the scammer who’ll walk you through installing remote access tools).

They're hosted on legit infra like Azure blobs or Cloudflare Pages. That one redirect led to uncovering 1,200+ other domains hosting identical fake support pages. Of course, whenever a redirect like this happens, there's a malicious traffic distribution system (TDS) involved.

Examples include:
- tenecitur.z1.web.core.windows[.]net

- neon-kleicha-36b137[.]netlify[.]app

- us6fixyourwindowsnow[.]pages[.]dev

- microsoft-coral-app-6xv89.ondigitalocean[.]app

Cool, Friday June 13th the women's peleton will ride through my training grounds (stage 2 of the Tour de Suisse from Gstaad to Oberkirch).

https://www.tourdesuisse.ch/en/women

Guess it would be an option to work from home and have a break to watch them shatter the KOMs.

Hydrogeologic Investigation, Framework, And Conceptual Flow Model Of The Antlers Aquifer, Southeastern Oklahoma, 1980–2022
--
https://doi.org/10.3133/sir20255013 <-- shared USGS publication
--
https://waterdata.usgs.gov/nwis <-- shared USGS National Water Information System (NWIS) database
--
https://doi.org/10.5066/P14C6QFS <-- shared associated USGS open data release
--
#GIS #spatial #mapping #fedscience #water #hydrology #wateresources #pump #pumping #groundwater #AntlersAquifer #aquifer #Oklahoma #model #flow #test #flowmodel #yield #wateruse #watersecurity #climate #weather #recharge #precipitation #rainfall #TDS #waterquality #ions #potentiometric #geology #monitoring #planning #regulatory #agriculture #farming #cropland #spatialanalysis #spatiotemporal #fedscience
@USGS

Is this a political party or a cult? It's impossible to tell with Republicans! From trying to put this living president's face on currency, making his birthday a national holiday, putting him on Mount Rushmore or... whatever the f--- THIS is, they have definitely jumped in the cult realm!

#TDS

https://www.usatoday.com/story/news/politics/2025/03/17/trump-derangement-syndrome-minnesota-bill/82487985007/

#usa #krank #krankgeschrieben #krankschreibung #notizzettel #krankmeldung #karikaturistin #karikatur #cartoon #tds #trumpkritik #zeichnerin #psyche #psychologie #republikaner #krankheitsdefinition #irre #diktatur #diktator

© https://pfohlmann.de/

If you'll gather 'round me, children
A story I will tell
'Bout pretty horny Justin Eichorn
Minnesota knew him well

Eichorn was a trumper
Deranged as a rabid squirrel
Got elected to Minnesota's Senate
To target liberals

Pretty Justin Eichorn
Solicited minors for romance
Sooner or later incels
Can't keep it in their pants

His fondness for this minor
It was strong and it was true
But instead of that purty girl
He got the Boys in Blue

https://bringmethenews.com/minnesota-news/state-sen-justin-eichorn-charged-in-child-prostitution-sting-operation

#TDS #TrumpDerangementSyndrome #maga #Eichorn #justin_eichorn #EichornArrested #MNastodon #minnesota #uspol
#TypicalTrumper #prostitution #sting #incel #johns #john #MAGAt

Guten Morgen, moin.
#Wir können #uns so etwas nicht ausdenken - in den #USA wird es immer verrückter - George Orwell - 1984 - ist ja noch #Kindergarten dagegen:

Ein #Gesetzentwurf des Senats von #Minnesota sieht vor, das „Trump-Derangement-Syndrom“ in die Definition der Geisteskrankheit aufzunehmen Ein Gesetzentwurf des Senats von Minnesota sieht vor, das Trump-Derangement-Syndrom, #TDS als #Geisteskrankheit ...

1/..

The hack that turned the US government website of the Center for Disease Control into a porn site turns out to be more interesting than I originally thought. And that's not just because the CDC has not done anything to fix the problem 24 hours later...
 
Yesterday we found that a number of universities, enterprises and other government sites have been hacked by the same actor. Visiting the specific URLs takes you into a malicious adtech traffic distribution system (TDS). Depending on your device and location, you might get the pornography. bud, you also might get other scams like scareware. From my sacrificial phone, I was able to trigger a bunch of push notification requests.
 
Bottom Line: malicious adtech pays, their TDS allow actors to hide, and hackers are quite happy to compromise well known websites to get that money. But it's not just about scams, these types of techniques are frequently used for delivering information stealers, which lead to breaches.
 
Here's a few notes about the attack:
* The site is modified to add pages which attempt to load a specific image name. If that isn't there, then it redirects to the actor controlled malicious domain which funnels into the TDS
* The actor seems to be using blogspot for this now, but previously used a tiny URL. From here they will go to adtech TDS.
* There were what seemed possible to be dangling CNAME records in many cases, but in some of them didn't appear to be any issues with the DNS records. I suspect combo of accesses.
* In cases where there's no apparent DNS record issue, the legit site seems to be hosting in GitHub. Perhaps they have a credential compromised.
* I saw at least two adtech companies used, Adsterra and Roller Ads. these are checking for VPN and anonymous proxies before serving the final landing page.
* This image redirect actor seems to be riding off of a different actor who originally hacked the site, uses SEO poisoning techniques, and hacked universities to host porn content.
 
I put a bunch of images in imgur.
 
Thanks Krebs for the lead.
 
#dns #cybercrime #cybersecurity #infosec #adtech #malware #scam #threatintel #tds #InfobloxThreatIntel

https://imgur.com/a/cdc-website-hijack-leads-to-malicious-adtech-XfguIcN

Je dois refaire mon #introduction.
Pédale douce et #radicale

J'arrive du metamonde et je découvre avec émerveillement le fediverse. Je viens de #Toulouse et je vis à #bruxelles depuis 7 ans. J'ai toujours plein de réflexions et de projets en tête. Je m'organise dans les commu #queer #anarchistes #antiracistes #anticoloniales #antiimperialistes. Et je fais parti de l'équipe de @ladeviante Je suis #artiste #photographe et #tds. Ancien travailleur communautaire #santésexuelle #chemsex #rdr J'aime raconter ma vie, j'aime bien m'habiller, m'amuser, photographier ce qui m'entoure, partager des réflexions, échanger, suivre l'actu, m'informer... J'aime beaucoup les garçons , je déteste la police, les terfs, les fachos, les gens de droite, les call out...

Je suis très chill, un peu nerd et j'aime rencontrer des gens.

#Democrats #Harris #Harris2024 #HarrisWalz
#Trump #TDS
#Election2024 #Elections

This is a thoughtful, expansive response to #TaNehisiCoates being "interviewed" on #CBS Mornings on Monday.
https://newrepublic.com/article/186577/ta-nehisi-coates-media-antisemitism

My reaction to the same segment (my wife saw it live & insisted I had to see it) which I found later that day:
1) Tony Dokoupil revealed his ignorance & bias as soon as he opened his mouth
2) TD packed multiple lies and distortions into his first question (was it really even a q?)
#MediaBias #MSM

(In contrast, JonStewart's #TDS interview with TNC was excellent.)

Here is a traffic distribution system (TDS) in action. Fairly often when talking about TDS, I get the rebuttal: when i visited that domain, i only saw parking. Exactly. That's the point. :) A malicious TDS is like a router for malware -- the goal is to bring the best victims to the best malicious offering. And to play dead when it looks like they might be caught, aka look like parking or search ads.

What these images show is the difference between visiting the site tokclix[.]live from a scanner (urlscan) versus from a real Android phone. The former leads you to (sketchy) search arbitrage and the latter is classic scareware. This is what a TDS does.

Found this particular one while researching search arbitrage so it is fairly random. started with an old post on BlackHat World but the domains were all still live. On the screen capture you can see the redirects through the TDS.

The imgur video shows the original click to scareware -- watch the redirects.

#InfobloxThreatIntel #tds #dns #malware #threatintel #cybercrime #cybersecurity #infosec #scam #phishing

https://imgur.com/a/vzflfXb

The sun was out again, feint breeze and the wind chimes clanging quietly, I decided to spin a little. It was #bliss, my #happyplace @frogglin #spinning #TDS #dropspindle

This attack is unbelievably powerful, easy, and preventable. It’s the criminal’s best kept secret. Much stealthier and more effective than dangling CNAMEs. We found many Russian-nexus actors, but we suspect there are more to be found. Please boost for awareness and hope we aren’t rediscovering this attack in another 6 years. Thanks to everyone contributed to our understanding of the attack and the actors using it … including Proofpoint, @rmceoin Dave Safely, Mandatory, and @briankrebs @dnsoarc #sittingducks #dns #domainhijacking #cybercrime #cybersecurity #infosec #threatintel #malware #phishing #tds #vextrio #404tds #threatintelligence #infoblox @knitcode https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/

Retranscription d'une vidéo TikTok que je ne peux pas télécharger pour la partager ici.

Disponible ici https://vm.tiktok.com/ZGeWXxFJb/

"Je comprends pas ce que vous faites.

Ces derniers mois on était alignés sur le fait de pas défendre les #JOParis2024, quoi que #Macron nous présente. Et on était d'ailleurs très content d'apprendre que la pluie allait peut-être gâcher le spectacle.

Pour rappel, ces JO c'est avant toute chose des gens morts, des milliers de familles avec nourrissons mises à la rue sans #relogement, des #étudiants chassés de chez eux, des #SDF et des #TDS pourchassés par la #police, des aides financières supprimées à de nombreuses associations

1/