imghippo.com

ferider said:
Hi Spark Spark ,

just a note that - when I'm browsing picture threads - I come across the occasional picture hosted on imghippo.com, which then flags a riskware block by Malwarebytes.

This appears to be a valid threat, see for instance https://forums.malwarebytes.com/topic/321685-fivem/

Thanks !

Roland.
Click to expand...
Please post a link to an example of a post which generates such a flag. Could be the site. Could be something linked to that image.
 
knarfeng said:
Just, next time you come across one, post a link to it here.
Click to expand...

Here is where it happened the last time yesterday and it's reproducible today, screenshot is from a couple of min ago. I can't find the link to imghippo though, maybe you can ....

Screenshot-X3.jpg
 
el gigantor

Post in thread 'EDC XIII Which knife or knives are you carrying today?'

Set up on my most dusty and scratched-up table today.
IMG_6507.jpeg
  • Like
  • Love
There were two pics in your screenshot.
The picture in the top post is an imgur link.
The picture in the bottom post was uploaded to BF. So that would be the one which is suspect.

I can't find any direct links to imghippo in the post, either.
The only thing I can think of is that when I downloaded the pic, the file size was only 193 Kb. So that means the file was compressed sometime between the time the picture was taken and the time the picture was uploaded. I know that imghippo has file compression software available on its site. Possible that el gigantor el gigantor used imghippo software to compress his jpg size, and that the software left signs of having been used and that Malwarebytes is finding it. If that's what is happening, then it's not a hazard to anyone.

I found this report on imghippo, but this is not a site or software that I use, so the validity of the report is not known to me:
any.run

Malware analysis i.imghippo.com Malicious activity | ANY.RUN - Malware Sandbox Online

Online sandbox report for i.imghippo.com, tagged as arch-exec, arch-scr, arch-doc, adware, adaware, verdict: Malicious activity
any.run any.run

If using Windows, it's always a good idea to have two accounts on the machine, one with admin privileges and one without, and use the account which does not have admin privileges as your standard account. That inactivates most malware because the malware cannot install anything without asking for the admin password.
 
Thanks a lot for investigating this, Frank.

knarfeng said:
If using Windows, it's always a good idea to have two accounts on the machine, one with admin privileges and one without, and use the account which does not have admin privileges as your standard account. That inactivates most malware because the malware cannot install anything without asking for the admin password.
Click to expand...

Worth repeating for the community, I'm guessing. I do this anyways.

Roland.
 
el gigantor said:
ferider ferider knarfeng knarfeng I've never heard of imghippo before. Since I have a gold membership, whenever I have something to share I simply snap a photo on my phone and upload it directly to BladeForums. I don't do any editing beyond changing the dimensions or straightening the picture itself.
Click to expand...

Don’t know how my browser (Edge) caches, ElG, it could have been a pic on the same page after your post … anyways, not the posters fault, and the risk is additional adds if I understand right, so maybe not too big a deal.
 
It’s post #160,193 by SPuzzard604 here.

Like PostIMG, that site hosts lots of questionable ads. Could be why “riskware”.
 
You must log in or register to reply here.
Back
Top