Russian 'P poster

WARNING: PROUD TRANNY PEDOPHILE(S)
You can help by notifying Chris Hansen, and also by ordering 'za to xer house

Pedo-meter 3000:

▲

THE RUSSIAN 'P POSTER I̸S̴~AN̵—— ̷EX̵TREM̸EL̷Y̵ —V̵O̵LAT̵I̵LE̴— ̸A̵N̸TIM̵A̸TT̸ER̸— ̵SING̸U̸L̸A̸RI̸T̵Y̶ ̷F̸O̷RM̸E̸D̶ ̵I̸N̴ ̴A̶ ̶B̸LA̵C̵K̴H̸O̸LE̷— ̴THAT̴— ̴D̵O̵O̵M̵S̵ ̶T̷H̵E̴— E̵N̷TI̷RE̵— ̵S̸OY̷VER̷S̵E̸!!!!!!!

If you see any of these advertisements on any imageboard, silently report it to the admins and do not ever interact with the advertisement (even with SAGE!) or even publicly mention that it exists on their site or another's site. If the site is unmoderated, ALWAYS disable images by using this guide or try to avoid using the site for a while. Posting even censored screenshots of the advertisement is discouraged due to the risk of others attempting to find it, for it's best you completely redact the post altogether if you still want to post the screenshot.

Captain 'P
An unofficial depiction of him. It is widely believed[By whom and why?] he is from Kazakhstan instead of Russia, russian is widely spoken in Kazakhstan.
Status	Active
Nationality	Presumably russian based on his timezone
Other names	Captain 'P
Years active	early 2020s(?)–now
Best known for	Spamming child porn and links to it
Opponent	Moderators

The Russian 'P advertisements are a series of commercial 'P spam that occurs on almost every single imageboard website, where a link to a clearnet 'p file collection text file hosted on a random text sharing service are posted (sometimes with a "preview"). This kind of spam has occurred since at least the 2020s and probably earlier, has many variants, probably by seperate individuals, using goyzillions of proxy IPs and fingerprints from Central Asia/Russia/Siberia (probably other proxy servers as well). Imageboard users have accused the advertisements of being a bot, a single pedo, a glowie, or a boogeyman or hostile community attempting to take the site down. (in SNCApedia it has been called "Captain 'P")

This includes, but is not limited to:

• a sexually suggestive or explicit image of a minor
• having keywords related to 'p, some even of extremely gross degeneracy, followed by a shortened link redirecting to the 'p file listings. Some variants have no keywords at all, having only the link in either text field, image, or both
• evades all wordfilters by using spaces, dots, or asterisks in between the words, also evades all CAPTCHAs, so it is probably not a bot

These advertisers are known to go through a directory of imageboards, although it is not comoletely redtricted to those. Most active imageboards (including soyjak.party) immediately ban it upon sight, where it is stopped by an automated filter or manual image/post approval, where an admin takes steps to remove it and probably report it to law enforcement. This information is slightly documented by sweens and other literal whos.^[1][2]. A datamine into his logged fingerprint on one of the imageboards he tried to post 'p on has shown that his timezone is Moscow Time^[3] and his browser languages are Russian, English, American English and Polish. The same datamine also has shown that he used same fingerprint a few times it was logged, meaning that fingerprint bans are PARTIALLY effective against him. See the Prevention section of this page to find more ways to fight against him.

It is possible that these advertisements do not explicitly target imageboards, but also forum sites (including vulnerable sites) and other posting sites. You WILL NOT investigate those posts any further (genuinely do not find said posts yourself).

Note that this is different from the 'cordnigger jarty foodist 'p spam which usually does not shill a redirect to 'p and/or attempts to demoralize soyteens (spammed during imageboard raids), which is less common.

Reporting him - obviously must always be done.

• Fingerprint ban him - very likely will prevent him, do this.
• Enabling manual approval of media on site – will prevent visitors from being jumpscared with 'p but will still leave links. There is also an upside to him putting descriptions that make it obvious that he's linking 'p: you can check for him and report/ban him with images disabled.
• Enabling manual approval of whole post – will prevent his spam completely (do this, your 10 post per day doesn't need to have users posts reach the log immediatly no offense).
• Spamming boards 'p was posted on with non-offensive shit/spam in a containment thread to slide the ad off the front page – may be done to put the 'p post down until the moderation comes back, will get you banned.
• Enabling captchas on site - may not work, he is proven to solve captchas.
• Wordfiltering text he uses in his 'p posts – will not work as he will just change the text.
• For jschan, using a system made against him - see below:

Here's a shitty system made for the chaddy to prevent this bot, feel free to use it.'
the fingerprint of the "bot" is 100% real and it solves captchas, might not even be a bot and just an obsessed faggot. Also it seems to target every altchan regardless if it is listed on that site or not

		checkPostShorteners: async (options) => {
		const { proxy } = config.get;

		const blacklistedKeywords = config.get.blacklistedKeywords || [
			"previews",
			"202X",
			"cp",
			"child porn",
		];

		const allowedDomains = config.get.allowedDomains || [
			"voca.ro",
			"vocaroo.com",
			"xcancel.com",
			"x.com",
			"twitter.com",
			"youtube.com",
			"m.youtube.com",
			"music.youtube.com",
			"youtu.be",
			"garticphone.com",
			"skribbl.io",
			"catbox.moe",
			"archive.ph",
			"archive.org",
			"web.archive.org",
			"4chan.org",
			"boards.4chan.org",
			"wikipedia.org",
			"strawpoll.com",
			"soyjak.st",
			"soyjakwiki.org",
			"gigacha.de",
			"wiki.gigacha.de",
			"github.com",
			"gitlab.com",
			"bitbucket.org",
			"sncapedia.org",
			"swedishwin.com",
		];

		const post = await Posts.getPost(
			options.board._id || options.board,
			options.postId,
			true
		);

		const siteLinks = post.nomarkup.match(
			/\b(?:https?:\/\/|www\.)[^\s<>"']+/gi
		);

		if (!siteLinks?.length) return;

		const filteredLinks = siteLinks.filter((url) => {
			try {
				const parsed = new URL(
					url.startsWith("http") ? url : `http://${url}`
				);
				const host = parsed.hostname
					.replace(/^www\./, "")
					.toLowerCase();
				return !allowedDomains.some(
					(d) => host === d || host.endsWith(`.${d}`)
				);
			} catch {
				return false;
			}
		});

		const uniqueLinks = [...new Set(filteredLinks)].slice(0, 10);

		console.log("Found links:", uniqueLinks);

		const agent = proxy.enabled
			? new SocksProxyAgent(require("url").parse(proxy.address))
			: null;


		const resolveSite = async (url, signal) => {
			let currentUrl = url;

			for (let i = 0; i <= maxRedirects; i++) {
				const res = await fetch(currentUrl, {
					timeout: 10000,
					agent,
					redirect: "manual",
					signal,
					headers: {
						"User-Agent":
							"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0",
					},
				});

				if (res.status >= 300 && res.status < 400) {
					const location = res.headers.get("location");
					currentUrl = new URL(location, currentUrl).toString();
					continue;
				}

				if (i === 0) { // site wasn't a redirect
					return null;
				} 

				return res;
			}

			return null;
		};

		const scanShortener = async (url) => {
			try {
				const controller = new AbortController();
				setTimeout(() => controller.abort(), 10000);

				const res = await resolveSite(url, controller.signal);
				if (!res) return false;

				const text = await res.text();
				return blacklistedKeywords.some((k) => text.includes(k))
					? url
					: false;
			} catch (e) {
				console.warn(`Error fetching ${url}:`, e.message);
				return false;
			}
		};

		const badSiteFound = await Promise.any(uniqueLinks.map(scanShortener));
		if (!badSiteFound) return;