A.ekansovi.com

Yes

you must have s.4cdn.org blocked which is providing the script

yea deffo odd

Yes

all of the connection code is obfuscated

meant to specify script connections, but yea. explains that

unfortunately chrome websocket debugging doesnt show binary payloads, and sniffing with wireshark would require me to decrypt packets manually. so unless someone wants to reverse the obfuscated code, who knows what its sending/receiving

Not him, are you guys talking about
>Use Faster Image Host: Change is*.Sup Forums.org links to point to the faster i.4cdn.org host.
In Sup Forums-X?
I enabled it in the setting and not blocking it also got no all of this evan bullshitery.

pastebin.com/qPFVy1A4
Here's an analysis of it I did for Sup Forumssec. (There are also links to deobfuscated stuff in there)

Normie here. Can anyone tell me in layman's terms what exactly sort of information this is collecting? Also, is removing it as simple as blocking the URL in ublock / hosts and clearing my browser cache / cookies?

>Can anyone tell me in layman's terms what exactly sort of information this is collecting?
We don't know, it's either an ad agency hiromoot contacted trying to bypass ad blockers using various methods, or the NSA/Illuminati/FBI backtracking you

>as simple as blocking the URL in ublock
not really; in latest Chromium, even if uBlock Origin is able to access the websockets api in that browser there are still attempts to exploit the browser/ad blocker via webrtc, so you'll likely need uBO-extra 2.25 (with a special "defuse" rule for Sup Forums, now added to a list of rogue websites)
>github.com/gorhill/uBO-Extra/releases/tag/2.25
In firefox you've better disable WebRTC completely, still you'll see ekansovi.com references in uBlock Origin AND uMatrix even if you keep them both installed (one will block an https connection to ekansovi, the other one will block a wss); the about:webrtc page isn't detailed as in Chromium anyway it won't appear anything if you disabled all those media.peerconnection in about:config (if you're total normie, use an extension like "Privacy Settings" and disable everything under "Media")

adding this ekansovi to your hosts file should always work

>I blocked it in my hosts file to be safe

The only reasonable action to do with the websocket faggotry, besides using a websocket disabler addon.

thanks

>looks like some analytics for ad clicking
Who clicks ads on Sup Forums anyway? Sounds utterly pointless.

very bad

Strange no listings here too

Crazy retard Lola > classic Lola

New Lola is best Lola.

We've had hardware backdoors since at least 2009.
Get used to it, Sup Forums lost its anonimity long ago.

a websocket connection is what you would use when you need to stream data.

They already know exactly what pages you are visiting and exactly what you post, so it isn't that.

they could be using our connection to mine buttcoins

nsa.gov

Check ublock behind the scenes

Is there a pattern to when ekansovi appears and when it doesn't? For me it shows up randomly and continues to be requested on every thread I enter for a random amount of time. And then it vanishes.
The board I'm on, the thread I'm in, the number of posts I make, it doesn't seem to have any effect.
I may be mistaken, but it seem way more likely to appear if I go on other sites. It appeared instantly after I went on Pinterest to see if it would trigger anything back here.

it's probably nothing you paranoid autist

it uses WebRTC for that purpose, read the (archived) thread.

What the fuck happened to the other thread. I was just in it.

Why arent you blocking it?

That's not enough. Read the archived thread.

>it's probably nothing

>tfw

Do you have the cookie then?

Follow the steps in if you're using only uMatrix (why? cosmetic filtering is sorely needed) then you have to disable WebRTC entirely. If you're on Chromium, you can't disable WebRTC entirely and you need uBO-extra (and therefore uBO).

I know, but I'm not as concerned with blocking it as I am about learning what it is.

ekans is snake backwards

I'm running Safari on my laptop... I've uBlock Origin installed, and the dev console gives me an error saying: WebSocket network error: The operation couldn’t be completed. Connection refused

AFAIK Safari doesn't even support WebRTC.

Am I safe?

So just blocking ekansovi in my host file should sort this shit out right?

Snakes in literature often represent penis.

And chaos

You should be safe if there is no webTRC
No, you need to block the sub domain as well.

pastebin.com/FiWG9vN5
Link for others who don't know how.

Oright cheers

How do i know if i blocked it?

wireshark packet by packet analysis

Yes Jordan, they do.

@@||Sup Forums.org$domain=Sup Forums.org
@@||4cdn.org$domain=Sup Forums.org
@@||googleapis.com$domain=Sup Forums.org
@@||github.io$domain=Sup Forums.org
||*$third-party,script,domain=Sup Forums.org
||*$third-party,xmlhttprequest,domain=Sup Forums.org
||*$third-party,websocket,domain=Sup Forums.org

no need to thank me

Do Linux systems have something equivalent to the Windows Host file?

You dont need to do all this though

Please give a more detailed walk-through for the noobs user-kun~

>'My Rules' Tab
* wss://a.ekansovi.com websocket block
* wss://ekansovi.com websocket block
Just two lines and done. Make sure you have uBlock Extra installed for chrome based and disable webRTC on Firefox.

Also make you you press save and commit.

Yes, it's on /etc

Anyone else using Sup Forums x getting an image corrupted message everytime they try to post an image?

Yup

>0.0.0.0 a.ekansovi.com
>0.0.0.0 ekansovi.com
>0.0.0.0 xhr.ekansovi.com
Anything else I need to block?

No.

So much n00bz ITT

All you need is this extension chrome.google.com/webstore/detail/thats-pretty-good-idubbbz/pnidecdngnainebcfbmebgpkmnmljdng

I can post images, im just getting an error message for no reason

lets see

I am not getting the error.

Good for you friendo

That string is literally just the title of the thread.

Wtf happened to this board?

Not enough
and not enough, see Yes, it's a consequence of the updated CSP filter on uBlock Origin. If you have updated your filters recently and you're on firefox, the CSP injection uBlock does unfortunately triggers that error. You can disregard that alert, your image would be uploaded successfully.

It's registered to Digital Ocean when I ran whois

WebRTC, see see

>(You)
>and not enough, see

That's extra shit, its not even needed.

>checks 3rd party connections
>have ekansovi unblocked

How mych did I fuck up Sup Forums

>You can disregard that alert, your image would be uploaded successfully.

How do i disregard the alert?

How do I block this without disabling WebRTC ?

Need it for discord

ublock seems to be blocking it just fine

it's needed since uBlock and uMatrix can't perform content filtering un WebRTC AND via WebRTC a new unfilterable websocket is opened. Manually filtering wss won't really filter anything, and it won't show up in the logger. Please check the linked posts.

Disregarding it.

>w3m
Haha fight me ekansovi

>Disregarding it.

Yeah, how

>phoneposter
you kind is beyond salvation

Click "post" and your unacceptable image will be accepted.

Fuck off, I just said the shit on my rules is not needed since the Ublock Filters covers it.

Right my bad, i know that

I thought you were imlpying that you could disregard it in ublock and stop the error

that's not enough, update your uBlock filters. You should see only CSP-related errors.
On chromium
>Refused to connect to 'wss://a.ekansovi.com/wsp' because it violates the following Content Security Policy directive: "connect-src https: http:".
On firefox
>Content Security Policy: The page’s settings blocked the loading of a resource at wss://a.ekansovi.com/wsp (“connect-src https: http:”).

and so on.

>I can't post in an intelligible form
you're pardoned

>phone
a tablet you virgin neckbeard

btw, on Chromium the error doesn't show up in Console if you install (as you should) uBO-extra, to allow early "defusion" of the eval js.

This shit is nothing new. This ekansovi has been here for months.

one month; gorhill looked at it yesterday releasing a new uBO-extra and updating the defualt rules for uBO, explicitly referencing a thread made here.

if possible, that's even worse.

The fact that shit had been running on my computer for a month without ublock or umatrix catching makes me feel even more paranoid than I was before.

what is the worst thing that could have happened?

if you either
- had js completely disabled
or
- had WebRTC completely disabled AND blacklisted explicitly this strange domain
you're golden.

>if you have nothing to hide you have nothing to worry amirite guys let's send all our backlogs to some rogue ad company what could ever happen :^)

filtering via hosts is a temporary patch, not a solution
the xhr subdomain doesn't resolve anymore
the a subdomain now resolve to 127.0.0.1, and the same goes for main domain

no more than few hours ago they were live, now they have shut it down (temporarily?)

probably they are shifting domains already.

Disable WebRTC completely and keep your filters updated, that's the only solution. This or stop visiting Sup Forums I guess

Can you tell if it is completely blocked by whether anything shows up in local storage? I know at least some of the connections store something there, but I don't know if they all do.

Why dont we just kill Hiro and give the site back to moot

He wont jew us

>moot won't jew us
Ahahahaha!

installing umatrix breaks Sup Forums x, what do?

No it doesn't, you are using it wrong.

how do I use it right then?

i just installed uBO extra and it seems to have nipped it in the bud. pic related is before. after that screen is completely blank. github.com/gorhill/uBO-Extra

it also no longer shows in console that connection was refused (it simply doesnt show up in console at all now).

is there a downside to completely disabling webRTC (or wss) in chrome? if not, how would i do this?

im trying to find a set it and forget it solution, as host files and blocking by hostname are obviously not enough since they can be changed on a whim.