PSA: Don't use anonimag.es for image hosting

Since anony.ws and now sli.mg went down. I see the use of anonimag.es increasing.

There are 2 issues with it:

  1. Popups galore! The site can crash some browsers/phones with the crazy popups. They seem completely random. Sometimes you get nothing... then BAM! suddenly popups everywhere!

  2. They don't salt/obfuscate uploaded filenames. They just appear to incrementally add to the previous upload. I noticed this in this review:

https://pay.reddit.com/r/DarkNetMarkets/comments/5rdi5d/multivendor_review_braincandy_jor_12_100ug_lsd/

He has 3 images:

https://anonimag.es/image/JJE4 https://anonimag.es/image/JJE6 https://anonimag.es/image/JJEA

Anyone see the pattern?

Just changing up the last char gives you all sorts of juicy shit:

Vendor shipping issues: https://anonimag.es/image/JJEM

Location of someone's dead drop? https://anonimag.es/image/JJEI https://anonimag.es/image/JJEH

Someone's butthole? https://anonimag.es/image/JJEL

I could archive the whole site easy peasy!

In contrast sites like anonimage.net and imgur (not recommended as they block tor node IPs) hash their filenames so you can't do any of that shady stuff.


Comments


[44 Points] GotMeSomeAlpandMDMA:

I clicked on the butthole. I don't know what I expected .... :/


[12 Points] None:

[deleted]


[10 Points] fuckmepelican:

What happened to that niggas ass bro


[8 Points] Thoughtsofamaniac:

I like how so few people realize you can remove EXIF data by just taking a screenshot of an image and re-saving in MSPaint. Like, it seems it'd be common knowledge, but so many people seem to overlook it.


[2 Points] murderhomelesspeople:

That's a huge fucking hemorrhoid! But yes man this is fucked. It should be assumed that anything you share on the internet is not private though, especially an image sharing site. Bad move if these things were opsec sensitive.

edit: OMFG I'm looking at someones full passport!


[1 Points] Wamboz:

More dead drops

https://anonimag.es/image/JJCW

https://anonimag.es/image/JJCQ

https://anonimag.es/image/JJCO

https://anonimag.es/image/JJCP

https://anonimag.es/image/JJCF

https://anonimag.es/image/JJCG

https://anonimag.es/image/JJCJ

https://anonimag.es/image/JJCK

https://anonimag.es/image/JJCL

https://anonimag.es/image/JJCX

https://anonimag.es/image/JJCV

https://anonimag.es/image/JJCB

https://anonimag.es/image/JJCN

https://anonimag.es/image/JJCM

https://anonimag.es/image/JJFq

https://anonimag.es/image/JJFW

https://anonimag.es/image/JJFR

https://anonimag.es/image/JJFT

https://anonimag.es/image/JJFI

https://anonimag.es/image/JJFA

https://anonimag.es/image/JJFF

https://anonimag.es/image/JJFj

https://anonimag.es/image/JJFK

https://anonimag.es/image/JJQe

https://anonimag.es/image/JJQr

https://anonimag.es/image/JJQt

https://anonimag.es/image/JJQy

https://anonimag.es/image/JJQu

https://anonimag.es/image/JJQi

https://anonimag.es/image/JJDD

Some sort of bank account info: https://anonimag.es/image/JJCD


[2 Points] DooshNozzzle:

that's a nasty hemorrhoid asshole.


[1 Points] None:

[deleted]


[1 Points] None:

Also made a post about this the other day. Fucking worst website


[1 Points] AgentScully_FBI:

Didn't a marketplace have a similar leak in their messaging service a while back?


[1 Points] lordredvampire:

Disable JS to prevent popups/ads. And I view them in TBB just fine.


[1 Points] stacyblended:

where should we host images then?


[1 Points] None:

Welp. I just saw a butthole.


[1 Points] None:

[removed]


[1 Points] young_k:

Does anyone know what's causing the disappearance/closure of these anonymous image hosting services?

I've heard it's becaues their hosting finds child porn on their site (obviously from random users uploading it to share on CP forums or something) - and i think that'd be hard to flag based on image recogniton.

But we have things like tinypic and all those other regular big main stream sites that never go down. imgur is always great, and I've used it often, but why can't these other hosts like anony and anonimag and sli maintain that sort of longevity in their site lifetime?


[1 Points] 6ALLAS:

What does PSA mean?


[1 Points] Jay-__:

Those are dead drop pics from RAMP.

Done the same with anony.ws months back. Just be very careful, you will also find shit you can't unsee there.


[1 Points] None:

Looks like that is the site people use on those Russian dark web Dead drop sites to tell each other where the drop is


[1 Points] pirate_q:

you can find some more file here: http://pastebin.com/sL2DMqE3


[1 Points] None:

https://anonimag.es/image/JJFP Lots of drugs.


[1 Points] jarxlots:

Don't forget, capitalization matters:

https://anonimag.es/image/JJzw

https://anonimag.es/image/JJZW


[1 Points] crushdudes:

Can someone with permission to edit the wiki please add some of the many pomf clones? mixtape.moe and cuntflaps.me (the best file host) should be added at least.


[-6 Points] I_LIKE_MONEY_THO:

I am sorry you're having issues with our service. Offending ad has been removed, and site should no longer crash anyone's browser.

Regarding the image URL, file itself has the EXIF data removed and the file name is randomized, but the page ID itself is PARTIALLY vulnerable to enumeration attacks.

You can avoid this by changing upload privacy and/or setting auto delete: https://anonimag.es/i/28916e4ebeb0d216af0dcdffed44d696.png