Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- HMA! = frauds
- here a copy of a mail i sent after i downloaded their program that pointed to reseller page
- after logging in with 63 char pass they put infected file on page pointing to reseller page
- at first a file called ForceInterface.DLL will try to contact malicious websites, after which you might want to download anew, and then this happens.. note the links and know why you should never EVER get Hide My Ass VPN
- upon asking explanation about this none was given, only the link as it should have been.
- ******notice how the windows version is NOT https*********
- http://hidemyass.cachefly.net/download/HMA-Pro-VPN-2.6.9-install.exe
- https://vpn.hidemyass.com/HMA-Pro-VPN-1.1.7-install.pkg.zip
- https://vpn.hidemyass.com/HMA-Pro-VPN-1.1.7-install-tiger.pkg.zip
- https://vpn.hidemyass.com/linux.zip linux
- I also got a different registrant on the domainsearch
- About a week ago my AV alerted me on a malicious website, and pointed the file ForceInterfaceLSP.dll in hma/bin as being the compromised file trying to connect to this IP.
- also a file forceInterfaceCOM.dll was in there
- I have since reinstalled my OS and have lost the IP it was trying to connect to.
- Earlier i reinstalled the service and noticed that despite it being a new reinstall, several of the files were showing dates that weren't today.
- Noticing this, deleted the program and all files going with that and then saw the difference in download links
- Below the Whois. and the website tucows.com is a reseller service.. and i thought i read somewhere that a download for a trustworthy VPN should never come of a reseller page..
- Address lookup
- canonical name hidemyass.cachefly.net.
- aliases
- addresses 205.234.175.175
- Domain Whois record
- Queried whois.internic.net with "dom cachefly.net"...
- Domain Name: CACHEFLY.NET
- Registrar: TUCOWS.COM CO.
- Whois Server: whois.tucows.com
- Referral URL: http://domainhelp.opensrs.net
- Name Server: NS1.ADNS.CACHEFLY.NET
- Name Server: NS2.ADNS.CACHEFLY.NET
- Status: clientTransferProhibited
- Status: clientUpdateProhibited
- Updated Date: 10-dec-2008
- Creation Date: 24-feb-2005
- Expiration Date: 24-feb-2015
- >>> Last update of whois database: Wed, 31 Aug 2011 23:03:34 UTC <<<
- Queried whois.tucows.com with "cachefly.net"...
- Registrant:
- CacheNetworks, LLC
- 2002 W Chicago Ave
- Chicago, IL 60622
- US
- Domain name: CACHEFLY.NET
- Administrative Contact:
- Admin, DNS dnsadmin@cachenetworks.com
- 2002 W Chicago Ave
- Chicago, IL 60622
- US
- +1.1111111111
- Technical Contact:
- Admin, DNS dnsadmin@cachenetworks.com
- 2002 W Chicago Ave
- Chicago, IL 60622
- US
- +1.1111111111
- Registration Service Provider:
- Hover, help@hover.com
- 416.538.5498
- http://help.hover.com
- Registrar of Record: TUCOWS, INC.
- Record last updated on 17-Dec-2008.
- Record expires on 24-Feb-2015.
- Record created on 24-Feb-2005.
- Registrar Domain Name Help Center:
- http://tucowsdomains.com
- Domain servers in listed order:
- NS1.ADNS.CACHEFLY.NET 205.234.175.2
- NS2.ADNS.CACHEFLY.NET 205.234.175.3
- Domain status: clientTransferProhibited
- clientUpdateProhibited
- Network Whois record
- Queried whois.arin.net with "n ! NET-205-234-175-0-1"...
- NetRange: 205.234.175.0 - 205.234.175.255
- CIDR: 205.234.175.0/24
- OriginAS:
- NetName: CACHENETWORKS-ANYCAST-2
- NetHandle: NET-205-234-175-0-1
- Parent: NET-205-234-128-0-1
- NetType: Reallocated
- RegDate: 2004-06-07
- Updated: 2004-06-07
- Ref: http://whois.arin.net/rest/net/NET-205-234-175-0-1
- OrgName: CacheNetworks, Inc.
- OrgId: CACHE
- Address: 209 W Jackson Blvd
- Address: Suite 700
- City: Chicago
- StateProv: IL
- PostalCode: 60606
- Country: US
- RegDate: 2003-03-04
- Updated: 2011-02-09
- Ref: http://whois.arin.net/rest/org/CACHE
- OrgTechHandle: DNSSE-ARIN
- OrgTechName: DNS Services
- OrgTechPhone: +1-877-442-2243
- OrgTechEmail: dnsadmin@cachenetworks.com
- OrgTechRef: http://whois.arin.net/rest/poc/DNSSE-ARIN
- RTechHandle: DNSSE-ARIN
- RTechName: DNS Services
- RTechPhone: +1-877-442-2243
- RTechEmail: dnsadmin@cachenetworks.com
- RTechRef: http://whois.arin.net/rest/poc/DNSSE-ARIN
- DNS records
- name class type data time to live
- hidemyass.cachefly.net IN A 205.234.175.175 3600s (01:00:00)
- cachefly.net IN SOA server: ns1.adns.cachefly.net
- email: hostmaster.cachefly.net
- serial: 1314831603
- refresh: 16384
- retry: 2048
- expire: 1048576
- minimum ttl: 2560
- 2560s (00:42:40)
- cachefly.net IN NS ns1.adns.cachefly.net 86400s (1.00:00:00)
- cachefly.net IN NS ns2.adns.cachefly.net 86400s (1.00:00:00)
- 175.175.234.205.in-addr.arpa IN PTR vip1.g-anycast1.cachefly.net 46437s (12:53:57)
- Traceroute
- Tracing route to hidemyass.cachefly.net [205.234.175.175]...
- hop rtt rtt rtt ip address fully qualified domain name
- 1 1 1 1 70.84.211.97 61.d3.5446.static.theplanet.com
- 2 0 0 0 70.87.254.5 po101.dsr02.dllstx5.networklayer.com
- 3 1 0 0 70.85.127.109 po52.dsr02.dllstx3.networklayer.com
- 4 0 0 0 70.87.253.29 e5-2.ibr04.dllstx3.networklayer.com
- 5 0 0 0 64.208.170.197 gigabitethernet7-3.ar2.dal2.gblx.net
- 6 0 0 0 205.234.175.175 vip1.g-anycast1.cachefly.net
- Trace complete
- Service scan
- FTP - 21 Error: ConnectionRefused
- SMTP - 25 Error: ConnectionRefused
- HTTP - 80 HTTP/1.1 404 Not Found
- Server: CFServ v0530
- Date: Wed, 31 Aug 2011 23:04:37 GMT
- Content-Type: text/html
- Content-Length: 167
- Connection: close
- X-CF1: fH.ord1:nom:cacheH.ord1-01
- POP3 - 110 Error: ConnectionRefused
- IMAP - 143 Error: ConnectionRefused
- these faggots deserve to be nuked
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement