I just noticed Sup Forums pages starting to grab XML requests from this site

>Sup Forums IS BEING WATCHED
By the Crazy Ivans, no less.

Just went through everything and here are the only boards that have it
g
k
m
o
p
v
vg
vr
w
vip
cm
pol
tv

Cross site request are cancer and you should already be blocking this shit

So it's a faggot that likes different kinds of tech shit.

>Cross site request are cancer and you should already be blocking this shit
I'm lazy!

Probably not on a blue board, since there's no ads
I thought it may be a scrip-related issue, but even loading up without scripts the requests are still there. It's definitely Sup Forums.
you're missing sp and jp. This is a blue board thing that has to do with ads, and none of the yotsuba boards are affected, like gif, d, ic, i, aco

I feel like it's a portmanteau of snake backwards and the obvious sovi. I wonder if it's related to the fact that invisibro is working for Jared Kushner.

>This is a blue board thing that has to do with ads
Think it's another one of those "malicious ads fuck Sup Forums over" episodes?

>sp and jp

Not seeing it on either board here

uBlock origin shows it as a websocket. Put this in your filter.
||ekansovi.com$domain=Sup Forums.org

That's weird, because it's there for me
I'm not interested in how to block it desu, umatrix already got that done
I'm interested in knowing what it actually is doing, but I don't have a browser sandbox to fry for this

gist.github.com/anonymous/2817663df6d7eb8103d6c9936005fd88
This is dodgy as fuck.

>if they're an evil racist alt righter neo nazi force them to connect to us with a unique identifier

>ekans
>the poison snake pokemon

>I'v o snake
>I owe snakes
>I am indebted to poisonous snakes

window.document.location.href.indexOf("boards.Sup Forums.org/pol1aa/")
what did they mean by this?

SHEEEEEIIIIIITTTTTTT

the fuck does this mean. Still not on Sup Forums for me. Maybe tied to certain ads?

>ovi means egg
>ekans egg

So some /d/tard

>links to 1x1 pixel gifs

Fucking tracking shit

I've been wondering what the hell it was too, must be the NSA.

localstorage was a mistake

Bump.

just blocked it in uBlock thanks for the heads up

im not seeing it in my umatrix

do you see doubleclick?
If you don't, you're probably not on a blue board and you're not getting served ads

i can see doubleclick
this is on Sup Forums

im using ublock origin too if thats why

what the fuck is going on here

eh, it is possible
if you can, open the logger, refresh the page and see if it is blocked in there
if it isn't, what country are you from?

inb4 this thread magically disappears

thx mods

Not whom you're replying to, but I can't see it in the log either. Austria.

checked both umatrix and ublock logs, no mention of the domain

im in the uk

I see them and I'm in Italy
Can you guys see if you have cookies from the domain in your storage?

Like your dad?

Nothing. But I set my browser to block all 3rd party cookies.

PAY DENBTS MARIO

ah, there it is
a cookie with some kind of uid

No one cares
Sage goes in all fields

CIA nigger spotted

interesting

i don't actually see the domain in noscript or umatrix though

>CLOUDFLARE IS SPYWARE
kondisave.ag
evasionk.be
ivasenko.biz
kondisave.biz
nicksoave.ca
novakies.ch
aoknives.cn
aboveskin.com
aiksbevon.com
akioevans.com
aksivendo.com
aoknives.com
askocenvi.com
avdienkos.com
avionske.com
avonbikes.com
benisakov.com
bokavisen.com
bosinveka.com
bovineska.com
casinokev.com
danikoves.com
davesinko.com
denisakov.com
ekaenvios.com
eniskovac.com
enokidasv.com
eskinova.com
evandosik.com
evanisko.com
evanoski.com
evansiok.com
evasion2k.com
iaksenov.com
ianvoakes.com
iksenova.com
inovadesk.com
isaenkov.com
ivascenko.com
ivasenko.com
kainos-ev.com
kanvideos.com
kanvoices.com
kasieavon.com

It's just a targeted marketing company tracking redirects to other websites from particular boards.
Mostly to filter trolls from the chat and/or discussion sections.

It's not worth discussing because it's obvious what it's meant for: keeping Sup Forums in Sup Forums

>CLOUDFLARE IS SPYWARE
keaviones.com
keenaviso.com
kenodavis.com
kenovias.com
kenovisa.com
keondavis.com
kesinova.com
kevasion.com
kevcasino.com
kevindaos.com
kevinsabo.com
kevinsao.com
kivonesa.com
knasvideo.com
koendavis.com
koinsave.com
konadives.com
konavibes.com
kondisave.com
konevisa.com
kosinevac.com
kseniavo.com
navisocke.com
nedisakov.com
nevadoski.com
nicksoave.com
nkavideos.com
nokiadevs.com
novabikes.com
oinksave.com
okavines.com
okeanvisa.com
osakenavi.com
sakevino.com
sankvideo.com
saveinok.com
savekoin.com
savenokia.com
saveoink.com
seikovan.com
sevanokai.com
skanvideo.com
skinabove.com
skinevado.com
snakvideo.com
socknaive.com
svainokea.com
svanekoia.com
vakciones.com
vanoeski.com
vasekino.com

wew hiro finally did it again, the absolute madman

SPYWARE
vinocakes.com
vinokase.com
vinoscake.com
viosenka.com
beniskova.cz
kondisave.de
von-seika.de
novabikes.dk
vaskeinfo.dk
bosinveka.eu
kondisave.eu
denisovka.info
enovickas.info
ivasenko.info
kevasion.info
konavibes.info
kondisave.info
ksvainoce.info
novabikes.it
denisovka.kz
aoknives.net
evanisko.net
ivasenko.net
konavibes.net
kondisave.net
vasekino.net
viaosken.net
bosinveka.nl
novabikes.nl
bokavisen.no
kinosave.org
konavibes.org
kondisave.org
voeasekni.org
ivasenko.pro
aksenov-i.ru
denisovka.ru
eivasenko.ru
esadovnik.ru
fisenkova.ru
iaksenov.ru
isaenkov.ru
isaenkova.ru
ivasenko.ru
kadenisov.ru
kinosave.ru
okeanvisa.ru
oki-vesna.ru
savekino.ru
videoskan.ru
vse-nokia.ru
vsenokia.ru
isaenkov.su
evanoski.top
seonkiva.blogspot.com
evanoski.gmail.com
isaenkov.iamroot.ru
saveonkia.co.uk
kasvideno.cc.vg

>tracking redirects
then why does it have to use localstorage?
This is shaping up to be some mobile-side adawre shit

So If I have it blocked, which uMatrix does by default, it should be harmless?

Isn't it obvious? Most of these retarded alt-right Sup Forums goers are too dumb to clear their cookies, making it easier to track their behaviors and unmask their anonymity even if they use a VPN or proxy. It's a persistent cookie for this reason.

Again, not worth discussing. Sage.

>tracking is okay if we do it to the people we don't like
haha wait until it sinks in that trump has control of the NSA

except it's not just on Sup Forums

if it's a third party tracking, none of the information go back to hiroshima, especially if it's cloudflare covert tracking
if it was just Sup Forums i'd be extremely concerned, but it's basically all blue board, and looking at it seem Sup Forums wasn't even intended to be tracked in the first place

He doesn't. This tracking isn't even ordered by the US government, but funded by a group of NGOs and corporations (mostly media companies which I shall not name).
Shared userbase. Also, Sup Forums and some other boards have done raid-lke activities on other sites before. This is to prevent the bad elements of Sup Forums from spilling out ever again. It is for the good of the internet. Sage.

>but funded by a group of NGOs and corporations (mostly media companies which I shall not name).
lol okay

>This is to prevent the bad elements of Sup Forums from spilling out ever again.
when did you arrive here, 2014?

>meanwhile, Sup Forums is not being tracked
wew lad, if you spin it any stronger it'll just fucking break

Interesting. are all of your filters for individual elements? why don't you just mass accept 4cdn.org and then block the cookies, frames and other, that way if new things are added then the site would still work.

DUDE I warned you about gook moot bro

i dont like the idea its still saving shit in my local storage. but killing all inline JS ruins Sup Forums

Is there any interest if I hosted my own Sup Forums proxy? It would look/behave exactly like Sup Forums but it would tell your client to fetch the json/media from 4chans server. I'd literally be a skeleton. No tracking scripts, nothing. Not even ads.

This is not new apparently:

go back there

All of these started appearing just days after J-list cancelled their sponsorship.

In my defense, outside the happenings thread i dont use /qa/ at all.

die retard

Why do you even have local storage enabled? firefox runs fine without it, if you're on chrome then you're fucked

>I just noticed Sup Forums pages starting to grab XML requests from this site
>XML

what do you think the X in XHR stands for?

xenomorph

What's the difference between 1st-party and Sup Forums.org in the Sup Forums.org scope?

eXtremely High Resolution

1-st party is generic for all 1st party sties you visit, Sup Forums.org is specific to Sup Forums.org
XMLHttpRequests

Yeah but we're in the Sup Forums.org scope, so what's the difference between -- assuming we have 1st-party blocked in the global scope -- enabling 1st-party vs Sup Forums.org in the Sup Forums.org scope?

What the fuck is 1st-party?

It's the default for every site you visit, but still reflects domain-specific allowed/forbidden content you set up for the domain, if any
the default is all css and image are allowed, all domains are blocked, all frames are blocked, 1st party frames are allowed. Then specific to domain, Sup Forums.org is forbidden from using cookies and boards.Sup Forums.org is forbidden from loading other stuff. doubleclick is in the umatrix blacklist by default i think

If I wanted to let 1st party not load media, I could disabled it for 1st party, and all sites I visit would be disallowed from loading media type streams and files. If I wanted to do the same, but only for Sup Forums, I'd disable it on the scope

I blame moot.

Wouldn't have the "Block third party cookies and site data" option be enough in chrome?

Nope.
afaik all that does is discard cookies at the end of the session and redirect all third party localstorage calls to sessionstorage, and only if that is not possible would it block it

HOW DO I BLOCK THIS I ONLY HAVE UBLOCK ORIGIN

see I would still recommend you get umatrix

Remember to delete it too once you block it.

>deleting it
Just clearing the cache?

If you are using chrome
Settings>Content Settings>All cookies and site data>Search it>Delete

Thankyou user, you're a life saver.

So basically I think they're stalking Sup Forumsshitters, hackers/doxxers and pedos.

So, you're telling me they're jews making a list for future assassinations?
Good to know.

Well look at the tracked boards:
>Sup Forums
>/r9k/
>/pol1aa/
The boards that spend the most time shitting up other boards, being a general nuisance and doing illegal things. (Although clearly Sup Forums has either been mispelled or something)
>/bant/
New honeypot for Sup Forums shitposters.
>/soc/
>/s4s/
>/r/
>/aco/
>/gif/
>/t/
>/e/
>/u/
>/hm/
>/y/
etc
Probably fishing for CP
>/hr/
Probably fishing for CP other than that one Star Wars cross section thread.

those are exclusion, which is why it appears on Sup Forums, but not on /bant/.
All those boards you see in the github file are excluded from this, the same goes for ads it seems

I have no idea why /pol1aa/ is even there, it's not an unlisted or secret board, maybe they didn't want to be active on Sup Forums but someone fucked up?

You are right when I visit boards not on the list it attempts to connect to the domain via umatrix. If I was to reverse that assumption perhaps it is new advertising.

come on Sup Forums, you can't be serious

it still uses localstoarge and opens websockets to transmit images
>keep until they expire
S E S S I O N

doesnt self destructing cookies fix this?

||ekansovi.com$important
boards.Sup Forums.org##script:contains(window.upManager)

test

Apparently the captcha wasn't bad enough. Absolutely disgusting.

>noscript
what?
i see it in ublock too

lel this shit has been here for over a month and you faggots just found out?
anyone who has websockets enabled and allows 3rd party XHR deserves it anyways

Here's the inline script that calls for ekansovi.com[/com], gist.github.com/anonymous/b9b1a4699bfc1039bd067fca78d7a6a5

Some autist is having a lot of fun with this it seems.

obfuscated javascript should be fucking illegal