HMA! = frauds
here a copy of a mail i sent after i downloaded their program that pointed to reseller page
after logging in with 63 char pass they put infected file on page pointing to reseller page
at first a file called ForceInterface.DLL will try to contact malicious websites, after which you might want to download anew, and then this happens.. note the links and know why you should never EVER get Hide My Ass VPN
upon asking explanation about this none was given, only the link as it should have been.
******notice how the windows version is NOT https*********
http://hidemyass.cachefly.net/download/HMA-Pro-VPN-2.6.9-install.exe
https://vpn.hidemyass.com/HMA-Pro-VPN-1.1.7-install.pkg.zip
https://vpn.hidemyass.com/HMA-Pro-VPN-1.1.7-install-tiger.pkg.zip
https://vpn.hidemyass.com/linux.zip linux
I also got a different registrant on the domainsearch
About a week ago my AV alerted me on a malicious website, and pointed the file ForceInterfaceLSP.dll in hma/bin as being the compromised file trying to connect to this IP.
also a file forceInterfaceCOM.dll was in there
I have since reinstalled my OS and have lost the IP it was trying to connect to.
Earlier i reinstalled the service and noticed that despite it being a new reinstall, several of the files were showing dates that weren't today.
Noticing this, deleted the program and all files going with that and then saw the difference in download links
Below the Whois. and the website tucows.com is a reseller service.. and i thought i read somewhere that a download for a trustworthy VPN should never come of a reseller page..
Address lookup
canonical name hidemyass.cachefly.net.
aliases
addresses 205.234.175.175
Domain Whois record
Queried whois.internic.net with "dom cachefly.net"...
Domain Name: CACHEFLY.NET
Registrar: TUCOWS.COM CO.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.ADNS.CACHEFLY.NET
Name Server: NS2.ADNS.CACHEFLY.NET
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 10-dec-2008
Creation Date: 24-feb-2005
Expiration Date: 24-feb-2015
>>> Last update of whois database: Wed, 31 Aug 2011 23:03:34 UTC <<<
Queried whois.tucows.com with "cachefly.net"...
Registrant:
CacheNetworks, LLC
2002 W Chicago Ave
Chicago, IL 60622
US
Domain name: CACHEFLY.NET
Administrative Contact:
Admin, DNS dnsadmin@cachenetworks.com
2002 W Chicago Ave
Chicago, IL 60622
US
+1.1111111111
Technical Contact:
Admin, DNS dnsadmin@cachenetworks.com
2002 W Chicago Ave
Chicago, IL 60622
US
+1.1111111111
Registration Service Provider:
Hover, help@hover.com
416.538.5498
http://help.hover.com
Registrar of Record: TUCOWS, INC.
Record last updated on 17-Dec-2008.
Record expires on 24-Feb-2015.
Record created on 24-Feb-2005.
Registrar Domain Name Help Center:
http://tucowsdomains.com
Domain servers in listed order:
NS1.ADNS.CACHEFLY.NET 205.234.175.2
NS2.ADNS.CACHEFLY.NET 205.234.175.3
Domain status: clientTransferProhibited
clientUpdateProhibited
Network Whois record
Queried whois.arin.net with "n ! NET-205-234-175-0-1"...
NetRange: 205.234.175.0 - 205.234.175.255
CIDR: 205.234.175.0/24
OriginAS:
NetName: CACHENETWORKS-ANYCAST-2
NetHandle: NET-205-234-175-0-1
Parent: NET-205-234-128-0-1
NetType: Reallocated
RegDate: 2004-06-07
Updated: 2004-06-07
Ref: http://whois.arin.net/rest/net/NET-205-234-175-0-1
OrgName: CacheNetworks, Inc.
OrgId: CACHE
Address: 209 W Jackson Blvd
Address: Suite 700
City: Chicago
StateProv: IL
PostalCode: 60606
Country: US
RegDate: 2003-03-04
Updated: 2011-02-09
Ref: http://whois.arin.net/rest/org/CACHE
OrgTechHandle: DNSSE-ARIN
OrgTechName: DNS Services
OrgTechPhone: +1-877-442-2243
OrgTechEmail: dnsadmin@cachenetworks.com
OrgTechRef: http://whois.arin.net/rest/poc/DNSSE-ARIN
RTechHandle: DNSSE-ARIN
RTechName: DNS Services
RTechPhone: +1-877-442-2243
RTechEmail: dnsadmin@cachenetworks.com
RTechRef: http://whois.arin.net/rest/poc/DNSSE-ARIN
DNS records
name class type data time to live
hidemyass.cachefly.net IN A 205.234.175.175 3600s (01:00:00)
cachefly.net IN SOA server: ns1.adns.cachefly.net
email: hostmaster.cachefly.net
serial: 1314831603
refresh: 16384
retry: 2048
expire: 1048576
minimum ttl: 2560
2560s (00:42:40)
cachefly.net IN NS ns1.adns.cachefly.net 86400s (1.00:00:00)
cachefly.net IN NS ns2.adns.cachefly.net 86400s (1.00:00:00)
175.175.234.205.in-addr.arpa IN PTR vip1.g-anycast1.cachefly.net 46437s (12:53:57)
Traceroute
Tracing route to hidemyass.cachefly.net [205.234.175.175]...
hop rtt rtt rtt ip address fully qualified domain name
1 1 1 1 70.84.211.97 61.d3.5446.static.theplanet.com
2 0 0 0 70.87.254.5 po101.dsr02.dllstx5.networklayer.com
3 1 0 0 70.85.127.109 po52.dsr02.dllstx3.networklayer.com
4 0 0 0 70.87.253.29 e5-2.ibr04.dllstx3.networklayer.com
5 0 0 0 64.208.170.197 gigabitethernet7-3.ar2.dal2.gblx.net
6 0 0 0 205.234.175.175 vip1.g-anycast1.cachefly.net
Trace complete
Service scan
FTP - 21 Error: ConnectionRefused
SMTP - 25 Error: ConnectionRefused
HTTP - 80 HTTP/1.1 404 Not Found
Server: CFServ v0530
Date: Wed, 31 Aug 2011 23:04:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
X-CF1: fH.ord1:nom:cacheH.ord1-01
POP3 - 110 Error: ConnectionRefused
IMAP - 143 Error: ConnectionRefused
these faggots deserve to be nuked