What is Ekansovi?

>t.Hiro

...are you going to elaborate?

>non-free javascript

Possibly testing attack vectors. Not necessarily an attack.

>gorhill apparently pushed an update that blocks them
wut

Any girls have an opinion on this?

No need to block it. It'll make Sup Forums better.

uBlock Origin filter update

...

shill

Its not listed under by umatrix.

Haven't seen it here. Maybe you're infected?

who owns the domain?

wew is he one of us?

! rbt.asia/g/thread/61009719 ! Appears related to uponit.com ||ekansovi.com^ ! Somehow, websocket requests are behind-the-scene with Firefox. Pending ! further investigation, this fixes the issue. ||Sup Forums.org^$csp=connect-src https: http:

theguardian

Apparently it might only be showing up for people from certain countries.
Right click > View source
Search for b.u("gIlePonVjyjmEpHGmTsFPsEYyxBVkstc");
That's the class for the XOR string decryption.

Unless the key is randomly generated, in which case you'd have to search for b.u("... unless the names are randomly generated as well in which case just look for 15KB of random as fuck javascript.

What made you come to that conclusion?

Hmm the key is there. The script is there, but its not running from a third party site.

Does that mean Sup Forums runs its own version?

>Appears related to uponit.com
There you have your question answered OP

Yep

It's a joke.

test

How can i block it with Ublock?

I have ABP on and I still see three little ads at the bottom of every Sup Forums page.

Open the uBlock settings
Go to the '3rd-party filters' tab
Click on the clock icon next to 'uBlock filters'
Click the 'Update now' button at the top

it's on the front page of Sup Forums as well, not just every thread
I can confirm it loads regardless of browser or addons. from different locations all around the world

those who say it does not load for them I have no idea why. But any OS, any browser, any addons (or none) on different ips and physically different computers all have it loading.

only thing I can say is those who don't have it loading have the old cached version of the javascript on Sup Forums still running

(you can open the settings by clicking on the uBlock button and then clicking the gear icon on the far left in the gray bar at the top)

alt. click on 'domains connected' in the uBlock popup
make both columns for 'ekansovi.com' solid red then save by clicking the padlock icon.

you forgot to mention
ekansovi

ekans
ovi

snake
egg

>uponit.com
>Immune to filters or blacklists
Am I really going to have to start blocking ads with hosts file?

They're uponit domains. End of story.

>unblockable
If that's related to this, and this uses websockets, then...
>||*^$csp=connect-src https: http:

'Appears to be related to uponit' != 'Its uponit'

||wss:// actually, probably should have tested it first.

it smells more like some elaborate scheme to catch ban evaders.
hiro should just put mobile shitters in read only mode or at least increase the post timer

No, it is literally uponit. Do some more investigation.

>Immune to filters or blacklists

whatever they are doing, it doesn't seem to be working. i don't see ads here or on their site

...

>Unironically uses XOR for its string encryption

I don't get what Miley Cyrus has to do with this :^)

That's because they're using it for tracking, not for displaying ads.

yep I get this same key

USA here but blocking cross site requests

Can it be blocked with noscipt? Does private browsing mode and deleting cookies and cache work?

Unless you're blocking Sup Forums.org, no.
Just get uBlock, or if you already have it update the uBlock filters in '3rd-party filters'

Am I good now Sup Forums?

Blocked it everywhere I could.

There's two instances of b.u in the code, that's the first one.

Probably... hopefully.

I just blocked it in hosts file.

how to even take a picture of umatrix
it leaves when I grab terminal to scrot it

Hmmm, the logger is still showing it, after I had blocked it, is this just because it attempts to or is it bypassing the block?

How do I do that?

Pic related time is after I had blocked so it might still be coming through

scrot -d [delay in seconds]

Click on the uBlock button, click the grey title bar at the top, go to the '3rd-party filters' tab, click on the clock icon next to 'uBlock filters', click on 'Update now'

I'm not getting this domain. It's probably coming from that notorious malware 4chanx.

that's some low effort bait right there

what is a good logger aka what are you using?

I'm on firefux vanilla Sup Forums and see it in umatrix

I FUCKING KNEW IT

pastebin.com/FiWG9vN5 for hosts file instructions.
THIS IS FUCKING BIZARRE: Sup Forums wouldn't let me post the specific text of this pastebin link, giving me a connection error. Pic related. It lets me post normally otherwise.

Well shit I did that and it still showing up in the logger

Also I'm visiting random Sup Forums threads to confirm it shows up as thats when it appears only so far.

Its just uBlock Origin's logger

Very suspicious coincidence.

Thanks for the link user

Trying to post the text from that pastebin through post a reply at the top instead of the little reply window gets this response from Sup Forums. My IP is obviously not blocked as I'm posting right now. What the fuck?

127.0.0.1

...

kek I just had that idea too, you beat me

127.0.0.1 a.ekansovi.com
127.0.0.1 ekansovi.com

test

In advanced cookie manager there is a cookie for that website named __cfduid or some shit.
Anothr user didnt see it listed in the normal cookei viewer

Thats a cloudflare cookie

Why not
0.0.0.0 a.ekansovi.com
0.0.0.0 ekansovi.com

literally won't let me post this
posted this though

This is the line which returns the connection error. Fucking bizarre.

Looks like simply etc(slash)hosts returns the connection error.

I guess Im out of the loop,
can you explain to me what addons I should be running and why?

I am using noscript + ublock origin.
I was using noscript + adblock plus or something but I was told they are cucks now and switched.

Now Im seeing all kinds of other crazy shit and I dont even know what it does

>Its just uBlock Origin's logger

Thanks

Requestpolicy blocks ekans egg completely

Well I did the hosts file thing but new instances of ekanshitty still show up in the logger when I click new Sup Forums threads in the catalog

Should that be possible even with hosts file solution? Is the logger also showing attempted connections or just those that get through?

what tool are you using here

rquestpolicy extension in firefox seems to stop it

those are probably attempted request that are failing, I would hope

>This role is in our Tel Aviv office
uponit.com/careers/

Sup Forums is always right.

uBlock was created by gorhill and then got taken over by a cuck
uBlock Origin is gorhill's continuation for automagically blocking ads
uMatrix Origin is for blocking things with way more control over what's getting blocked.

Wouldn't blocking ekansovi also take care of a.ekansovi?

/etc/host

*.ekansovi.com would
ekansovi.com means only ekansovi.com

>*.ekansovi.com
Would that or something equivalent work in hosts file?

New Zealand here, string appears more than once
new b.u("R3X + gIlePonVjyjmEpHGmTsFPsEYyxBVkstc")
new b.u("gIlePonVjyjmEpHGmTsFPsEYyxBVkstc")

its just Ublock origin logger like I've said already ITT

probably not no

It's always two

Those must be attempted requests. The only thing I know of capable of bypassing hosts file is M$'s telemetry.

What about *ekansovi? Would that block everything?

Probably not, no.

shit that's neat

ok so it was ublock I was told not to use,

So do I want ublock + umatrix or just umatrix?

Is noscript still safe? is it redundant with umatrix?
I noticed that when a site doesnt work noscript is the only thing that I need to fuck with, like its doing a better job than ublock

>attempted request that are failing

I sure hope so, I set up the hosts file exactly as it should be and checked and rechecked and yet each new Sup Forums thread I open the ekansovi shit pops up again in the logger, hopefully its just logging the attempt and not an actual connection, I wish the logger distinguished between the two

Noscript + uBlock ORIGIN
+ uMatrix ORIGIN if you want more control.