hiro added some new obfuscated javascript which gets around basic adblockers, but it is taking up a lot of CPU and goes to some third party eastern european source that has people thinking the worst. Maybe just data mining, at worst using your cpu to mine crypto or being a potential thread for a payload in the future.
Basically just sketchy as fuck so you should block it.
I'm more restrictive but still have full functionality.
Nicholas Gutierrez
waitwut?
It isn't making those http requests to those external third party servers in your image.
Daniel James
ITS CONFIRMED HE IS DATAMINING US
This comes from Lain chan
>It's not a miner. I don't care enough to change my IP to evade whatever reason this one is derezzed on Sup Forums so I'll reply here.
I stepped as far through it as I could this afternoon when someone noticed AdBlockers were breaking the Sup Forums CSS. I really doubt it was a security breach, so I guess g00km00t fulfilled his prophecy. Some of it seemed to be implemented poorly or incomplete. I don't feel like going through all of it again so I'll just dump some things from my clipboard of interest. There were no successful (coin)miners or ransomware implementations. Those are trolls. However, it seems g00km00t is datamining some things to be indexed for an advanced ad-distribution service (adglare,etc.) as well as likely selling data to this highest bidders at admixer. And a soykafty anti-adblock. Not going to include the stuff about argon.js as I didn't actually see anything about it when letting this ad stuff execute. It is very suspicious that it is reported from the same domain as one of the ones on Sup Forums, and "Argon" is referenced in the obfuscated js. But, yeah, there's old reports about it from previous things here: reverse.it/sample/b9a80ddbaf41d303b0ed9abb0f6aabf5f851dd39909aaead3cb3257474fd7dc4?environmentId=100
interesting bits from de-obfuscated js still in my clipboard:
>to some third party eastern european source that has people thinking the worst. Probably in my Country We always steal internetz that's why its so fast
Sebastian Morris
Ublock's lists were updated this morning. You'll want to update lists and purge cache in UBO (pic related), and, just to be safe, clear history/cache/cookies in your browser of choice.
Jayden Edwards
Yes, this site is behaving strangely Big lag happening when refreshing, for a start Shame, I quite enjoy popping in here Oh well, I need to master my internet addiction. Life flies by at ten times the speed thanks to internet. Lessens patience. Makes you fat. You quit reading and doing real life things it's a drug and now a shitty little site owner to fuck things up even more
Jeremiah Baker
so what does this actually mean?
Jack Robinson
He's silent. He knows we're onto him. Its a matter of trying to forceably remove him now. He must sell the site or he risks a war
Jonathan Sanders
FUCK ENGLAND!
Henry Hernandez
Whats hiro?
Aiden Reed
Triple sevens never lie.
Jordan Gray
Get your arse out of the UK then, you ingrate invader Not UK's fault you're brown. You got complaints, tell your parents. They're the fools who bred you into existence because they couldn't keep their pants on Then piss off back to brown-land and stay out of the West
Luke Phillips
Thing is, how do we force him? 2ch had the luck of him being overthrown by Jim Watkins.
Blake Gutierrez
It's not obfuscated, it's called minification, and everyone who makes professional websites does this because it lowers file size (lighter server load, faster page load times, you get the idea). Go to any major website, and you'll find the same thing happening. How it works is a parser takes the original file (s), bundles them all together, and removes every possible character that can be removed without breaking the script. They also do this with CSS.
Connor Adams
Except this is ten times more shady
Colton Sanchez
Your a boong, aren't you?
Ian Turner
How so? Literally everybody minifies their page assets, it's the same principle behind image compression. I do this at work, you just configure a parser (I use UglifyJS) and run it when you update your code. I'm willing to dig through the code, if that'll ease the collective worry.
Thomas Richardson
This is me, on my computer now (pretty sure the ID will be the same, but I can't recall if that's the case). Looking into it now.
David Gomez
Just go to Sup Forums
Joseph Nguyen
Sup Forums is cancerous. In either event, I'm not seeing the scripts mentioned here. Could you post a Pastebin link?
Christian Russell
>soykafty Wait, what is meant by this? I get the reference, but not the function
Nathaniel Evans
Why would that require a third party server?
Blake Johnson
its a lainchan term. Basically means shitty.
Daniel Kelly
Because it's a third-party script. Sup Forums's scripts are hosted on 4cdn.org, Google's analytics and reCaptcha are hosted on their CDN servers.
Juan Sanders
So why are these pages not cached and sent from the CDN?
Matthew Clark
Install a p2p guardian. Google if you don’t understand. Likely he just took shariablue $$$$ to datamine. He did he same to 2chan it was his plan all along
Christian Stewart
They are. The 3rd party scripts are sent from the third-party CDNs. For instance, AdGlare's scripts come from utraffic.engine.adglare.net. The less content you have to serve to your users, the less hardware/software requirements you have. That's why places like MaxCDN are so popular. Caching takes a lot of RAM, and if you do file-based caching, your disk R/W speeds are a bottleneck.
Dominic Bell
Gook m00t
Levi Robinson
What's a Gook m00t?
Jack James
The chink replacement for m00t.
Kevin Cox
So why do these external third party servers contain obfuscated scripts which ensure that your browsers DNS requests are returning defined IPs when queried?
Justin Hill
who the fuck is m000t is he like snacks?
Ian Brown
Jesus. You fucking newfag. You’re feeding shariablue. >lurk more faggot Is the only acceptable response, ever. Don’t ever reply to meme flags. Ever. You’re just giving the enemy information. Dumb dumb.
Jaxson Gray
Go home tourist.
Juan Flores
>ensure that your browsers DNS requests are returning defined IPs when queried I don't know about this, because I don't have access to the scripts (they're not being requested for me). If I could get my hands on a copy, I could look at it. All I know is the industry standards of practice, which is to cut as much weight as possible from all assets (images, css, scripts, ...), and make the delivery as quick as possible. Beyond that is individual cases, which I'd need to look at to make any more reasonable a judgement.
Jacob Baker
Normally that'd be my response, but this is all public knowledge (literally five seconds of google could tell you who m00t/g00km00t is), so I took it as a sign of extreme laziness, and yes, newfaggotry.
Ethan Cook
newfag
Justin Cook
You rule Thanks for making this thread
Grayson Cooper
...
Logan Taylor
>he doesn't know who w.t snacks is
Eli Brooks
i installed ublock on opera but then i couldnt post on adv. it said connection error. disabled and now i can post. they are trying to make it so you have to use it.
Christian Jenkins
Why is my flag there? I dindu naffin
Brody Hall
Pretty sure some autist here may have made a small fortune with memecoins and is willing to buy this cesspool
Aaron Robinson
>tfw too late to the party to lurk with snacks
Grayson Morgan
Problem is, 4ch makes zero money, it's actually losing money. So to whomever the responsibility lies would have to be very affluent to keep it afloat.
Julian Evans
>normally I wouldn’t take faggot cock in my ass. It’s all available knowledge, cocksucker. Doesn’t give you a pass for spoon feeding to memeflags, you ignorant Shiite.
Josiah Bell
>it was operated for decades with small banner ads >it now generates twice the traffic, the 5x the ads >hotwheels proved the $$$ is double, for the same $. Great non argument