Filehippo Games For Pc

[Yaima President]

Frommy "quick" research filehippo, CCleaner, and piriform are all owned and operated by the same individuals. Simply looking at their domain name records (domaintools.com) they were all registered in 2005 by GoDaddy and all three are hosted on the same DNS server (dnsmadeeasy.com). But even without this proof it has always been apparent that CCleaner and filehippo were related. I mean why would filehippo allow CCleaner to be their main, bandwidth draining, download site?

I think Piriform should brag about filehippo. They are the premier download site for non-spyware software. Only the best of the best end up on filehippo. You also get access to the old versions too. I work for the largest pc repair company in the US (Geek Squad) and use CCleaner every day. I would love to "legally" tell our customers about CCleaner and filehippo. They keep downloading the same crap that keeps infecting their systems, over and over. We loose money redoing cleanings that the customer causes. But how do you tell a customer to use 5-10 different pieces of software to clean their computer. BTW, this website does the best job MIO on how to clean a pc from viruses and spyware. It's even more thorough than we do.

As of now, there's only some weak agreement between Piriform and Bestbuy. We are only allowed to use CCleaner for cleanings, that's it. All the while I have to sneak the handwritten note across the counter saying, CCleaner.com or filehippo.com

It's dumb, no one has come out with a better (or just as good) temp and registry cleaner than CCleaner. And CCleaner is free. See the problem here? I love the software, don't get me wrong. It kicks Window Washer's ass, but guess what, Bestbuy sells the hell out of Window Washer. I don't push it, i just write CCleaner.com on receipt paper and pass it across the counter with a wink.

This has been raised before, particularly in late 2013, and has been passed onto Pirform admin, so they are aware of it. Filehippo used to be the trusted repository for software, especially for archived releases. Unfortunately Filehippo has become just like many of the other software repositories, riddled with sneaky - and presumably paying - dubious and deceptive downloads. This applies to all software on Filhippo, not just Piriform's. Perhaps your post should have been directed at Filehippo.

Why is Filhippo rubbish? I dunno, why is the world rubbish? I guess they have to eat, like the rest of us. Why do Piriform still use Filhippo? I dunno either, possibly because a lot of users still go there for their software.

What FileHippo.com or other 3rd party sites do is out of the control of Piriform.com! It is already a known issue because other people have been posting about getting duped into downloading something off of FileHippo.com that they didn't want, i.e.; not the software they thought they were getting. Basically you clicked an advertisement and didn't realize it.

If you and your friend had adblock software installed in all of your web browsers (Adblock Plus for Firefox based browsers, or Adblock for Chrome based browsers), along with a HOSTS file like MVPS HOSTS File this maybe would've never happened to begin with - that dubious/trickery advertisement would've been blocked.

It's important to manually inspect downloaded setup files by right-clicking them and looking at the properties listed in the Version (tab) which will reveal: Company, Product Name, Product Version. Also it's vital to make sure the Digital Signature is valid if one is available in the setup file (all Piriform installers have a Digital Signature), if the Digital Signature is not valid do NOT install the software, and inquire on the software forum about it by posting a bug report.

Try to follow the same practice when it's possible of getting setup files directly from the developer website. Even if some download site is deemed by the developers as an "official mirror / official download host / official download site".

Hey guys thanks for all you responses, I was typing this reply that was extreamely detailed (I spent over an hour typing it) then I accidently clicked on another members avatar and my browser jumped and when I press back all the stuff I had typed had not been saved to the cache but was gone forever OH WELL. Maybe it was for the better. To sum things up though I have 2 questions,

To answer the direct question asked above, in all likelihood the "culprit" is FileHippo. It's how they make revenue, by counting on a user not to notice the small but marked actual download and to click on the clearly marked adverts. to put it another way, they expect you not to notice the big button says it's for downloading something other than what you went to the page for, thus getting them paid.

My first load of the page, I did not get the same misleading advertisements that the original poster did I was able to confirm the makeup of the adverts, which I had noticed in the OP screenshot (thank you that provided much help).

All of the adverts shown in the screenshot and my browser have two symbols in the top left corner a sideways triangle (like a play button) and an x. The former doesn't seem to have a function, while the latter brings up a limited report button (see my screenshot)

In the original post's screenshot one can see what the ads are for, if one is paying attention (as I stated in my previous post). The large top left is for "browsersafe" whilst the smaller trickier one below the proper download button is for a site that WoT barely trusts. the index(homepage) of this site automatically transfers you to a download button similar looking to the OP's screenshot for a sketchy flash player bundled with a delta-based-porentially-unsafe-toolbar (see my second screenshot)

Yes this all points to the filehippo advertising platform. 1 and 2 in my screenshot are ads 3 is the real download. While I can understand filehippo's need for revenue, these advertisements lull a normal user into a false sense that ccleaner (and other hosted software) in malicious. Most people don't notice the aspects I noticed in the original post that shows they are ads and most who do notice such things block ads and semi-malicious injection type banners via HOSTS or their security softwares.

We should not fault those who don't use these precautions though, and sadly some posters in this thread (perhaps even myself initially, though I tried to mitigate that in post) seem to have done that to the original poster; for our entire community I apologize for that, and hang my head in shame that some of us "nerds" can be so judgemental and shortsighted.

I informed other mods about these links just after this thread first started and provided screenshots of the web addresses involved. I even went to the same site the Original Poster went to and tried to download the that file (my security software blocked it)

I had no doubt GuitarSmokr was telling the truth as to what had happened to him. The wrappers and software involved are in a grey area of legality. Software writers of PuPs (Potentially unwanted programs) can sue antivirus programs if they are blocked automatically unless the user has ticked a box in the settings of the av saying they want them removed.

I have talked a lot about this and that but have done nothing in action. Now I will talk about proxying actual applications. I will start with something easy, the FileHippo App Manager. This app was chosen because it can be proxied with Burp, it does not use TLS and it has its own proxy settings (also works with Internet Explorer proxy settings). The requests are pretty simple to understand. I like the FileHippo website because it archives old versions of software. For example I loved the non-bloated Yahoo! Messenger 8.0 when I used it (it's pretty popular in some places) and used FileHippo to download the old versions.

Note: I attempted to contact both Well Known Media (parent company of FileHippo) and FileHippo via their security addresses. secu...@filehippo.com and secu...@wkmedia.com do not exist. I contacted them via their only email on the Well Known Media website which is ads...@wkemdia.com and got no response. I tried to check the validity of the keys using the most non-intrusive way possible as discussed below and fortunately they were not valid so I went ahead and shared the adventure.

As you can see, the application supports its own proxy settings and also can use IE proxy settings via the Auto-detect proxy settings for this network. It does not really matter which method is chosen, we can use both of these to point the application to Burp. Point it to Burp's proxy listener (default is 127.0.0.1:8080), run Burp and then press Test.

Then the app requests which is a list of all applications that are supported by the App Manager. This request also contains the AccessToken header which contains a base64 encoded 40 byte blob. It seems like this access token is also time sensitive because if you send the request to Repeater and then send it after 10 minutes the response is 401 Unauthorized while this did not happen in the DateTime request. At this point we do not know where this access token comes from because it is not in any of the responses (up until now we have only done the proxy test). There is also a 32 byte GUID named ClientId. Based on the previous request and the ClientId header, you can probably guess how the AccessToken is generated.

Next request is where the app exfiltrates (hyperbole of course) data from our machine. Not super secret stuff but information about installed applications and the operating system. The previous request only contained applications supported by the App Manager but this one contains a lot more. It's a POST request to with another JSON payload.

3a8082e126