Site_Feedback

Topic   ztomy.com

bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
1-Jan-2014(#1)
This morning I saw a bunch of regular GameTZ traders show up as being on the same IP address.

The IP address resolved to a name server with ztomy.com at the end of the host name. For example: 166.147.72.26 (ns1504.ztomy.com) and 166.147.72.19 (ns1504.ztomy.com).

I googled a little for ztomy.com and found them associated with domain name hijacking cases in the past. In other words, your computer or device has its DNS redirected through ztomy's servers and then they control what sites you actually see (e.,g. you may try to load google.,com, but instead you get a ztomy host that can inject whatever it wants you to see). Presumably to give you malware or other dastardly things.

There were about 8 GameTZ people affected by this. It was all at once this morning (didn't see it yesterday), as if suddenly a virus was spreading reapidly... kind of scary. But, I could just have it all wrong too (doubt it).

Anyway, if you're seeing strange things... it may be your DNS settings and you might want to run a virus checker or malware fixer...


John
So rad! GameTZ Gold Subscriber GameTZ Full Moderator
350 Trade Quintuple Gold Good Trader Gold Global Trader (13)
Secret Santa
1-Jan-2014(#2)
Probably worth sending a PM to each of them, yes?

- John...

Visit the new Travel Hacking forum to learn about traveling for free or near-free!

bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
1-Jan-2014(#4)
Yeah, it's kind of a technical point. Every computer or device has a setting somewhere deep inside network config where you tell it what DNS (domain name system) servers to use. Then, when your device needs to resolve a hostname (like gametz.com ) it asks those DNS servers to give you back an IP address for the name (e.g. gametz.com resolves to the IP address: 50.97.242.9). The IP address number is then used to make the connection.

So, you can see how if your DNS settings get hijacked, the hijacker can give you another IP address instead of the real host. Or, more likely, will wrap it with it's malware by still sending you the original content plus whatever evil gunk it adds to it. Then it's acting like a proxy.

Basically, what I saw was 8 different GameTZ users coming in from the same IP/host. Which implies this is happening. Though, it might also be a legit proxy of some sort.
Miranda
GameTZ Subscriber Quadruple Gold Good Trader
Has Written 1 Review
* 1-Jan-2014(#5)
Crap. I would have no idea how to change/fix that. May I safely assume if I were one of the eight you would have let me know?




bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
* 1-Jan-2014(#6)
OK, I sent out 9 pms...

you were not one of them Miranda
PeteKelly
GameTZ Subscriber Triple Gold Good Trader
1-Jan-2014(#8)
Appreciate the PM Bill. I'm on my iPhone, what should I do?
brockmoreno
GameTZ Subscriber Gold Good Trader
1-Jan-2014(#9)
Same here iphone only. Got the pm any ideas?
TapU0ut
Quadruple Gold Good Trader
1-Jan-2014(#10)
I got the pm, but I was not on a I phone but a galaxy phone.
JesterScott
Triple Gold Good Trader Global Trader - willing to trade internationally
1-Jan-2014(#11)
I got a pm and I am on MAAAANNY devices
bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
1-Jan-2014(#12)
hm... now it seems like a false alarm or maybe the issue was on my end?

The 2 IP addresses I mentioned above as resolving to ztomy.com domain names, now resolve to mycingular.net

% host 166.147.72.19
19.72.147.166.in-addr.arpa domain name pointer alnmspsrvz3ts105-dmz.mycingular.net.
% host 166.147.72.26
26.72.147.166.in-addr.arpa domain name pointer alnmspsrvz3ts212-dmz.mycingular.net.

So, I'm not sure what that means. But, when I looked at these earlier they were giving the other domains.
brockmoreno
GameTZ Subscriber Gold Good Trader
1-Jan-2014(#13)
Maybe AT&T had been hijacked? Because we most likely were all using it on our phones. Maybe they resolved it?
PeteKelly
GameTZ Subscriber Triple Gold Good Trader
1-Jan-2014(#14)
I have AT&T
TapU0ut
Quadruple Gold Good Trader
1-Jan-2014(#15)
AT&T here
starsfan
Gold Good Trader
* 1-Jan-2014(#16)
Yeah I was also on my iPhone via AT&T and don't really do much on it so I'm assuming it was a false alarm. I have noticed redirects though to Candy Crush occasionally from what I assume to be mobile ads.
bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
2-Jan-2014(#17)
I think it was just some fluke thing. Sorry to alarm everyone.
John
So rad! GameTZ Gold Subscriber GameTZ Full Moderator
350 Trade Quintuple Gold Good Trader Gold Global Trader (13)
Secret Santa
2-Jan-2014(#18)
Whoa. That's weird. It looks like either MyCingular just acquired IPs that used to be owned by Ztomy -- or the DNS was just screwed up and it was reversing to the wrong domain. Crazy...

- John...

Visit the new Travel Hacking forum to learn about traveling for free or near-free!

Ranchan
GameTZ Subscriber Double Gold Good Trader
Has Written 9 Reviews
2-Jan-2014(#19)
bill wrote:
> I think it was just some fluke thing. Sorry
> to alarm everyone.

Better to be safe than sorry. The last thing we want is for the infection to somehow spread to other GTZers. That being said, from what I read it appears the issue popped up w/ iphone/smartphone users. To those affected I ask: can't you wait 'til you get home for your GTZ fix? :P


Plz check out my Anime, Manga, and Figure Blog!
rsouxlja7
Double Gold Good Trader
2-Jan-2014(#20)
I also browse the site from an iPhone on AT&T and got the pm. So looks like everything is ok?
JesterScott
Triple Gold Good Trader Global Trader - willing to trade internationally
2-Jan-2014(#21)
Ranchan wrote:
To those
> affected I ask: can't you wait 'til you get home for your GTZ fix?
> :P

Nope! I am on here more than facebook
PeteKelly
GameTZ Subscriber Triple Gold Good Trader
2-Jan-2014(#22)
JesterScott wrote:
> Ranchan wrote:
> To those
>> affected I ask: can't you wait 'til you get home for your GTZ fix?
>> :P
>
> Nope! I am on here more than facebook

Haha. Same here


Appreciate you contacting us Bill. Even if it was a false alarm. Nice to know you'll let people know if something seems fishy
theyrhere
GameTZ Subscriber Quadruple Gold Good Trader
Has Written 2 Reviews
* 2-Jan-2014(#23)
I am on my windows phone through AT&T pretty often as well. I thought this was strange since I haven't really been doing much on the web since I have the flu lol
Scott
It's a secret to everybody. GameTZ Subscriber Triple Gold Good Trader
Global Trader - willing to trade internationally Has Written 1 Review
This user is on the site NOW (4 minutes ago)
2-Jan-2014(#24)
I'm fairly certain this means the NSA is now monitoring our site.

Thanks Obama.


image
bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
2-Jan-2014(#25)
theyrhere wrote:
> I have the flu lol

bill wrote:
> run a virus checker
Ranchan
GameTZ Subscriber Double Gold Good Trader
Has Written 9 Reviews
3-Jan-2014(#26)
Scott wrote:
> I'm fairly certain this means the NSA is
> now monitoring our site.
>
> Thanks Obama.
>
>
I certainly wouldn't be surprised at this point, especially considering the fact that this site has 3k+ active users (many being international and hence provides the excuse/pretext for monitoring).


Plz check out my Anime, Manga, and Figure Blog!
bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
3-Jan-2014(#27)
If the NSA contacts me, demanding that I rat you all out. I'll go all Snowden on their asses.
John
So rad! GameTZ Gold Subscriber GameTZ Full Moderator
350 Trade Quintuple Gold Good Trader Gold Global Trader (13)
Secret Santa
3-Jan-2014(#28)
Just give them Hunt and call it good.  * wink *

- John...

Visit the new Travel Hacking forum to learn about traveling for free or near-free!

Ranchan
GameTZ Subscriber Double Gold Good Trader
Has Written 9 Reviews
3-Jan-2014(#29)
bill wrote:
> If the NSA contacts me, demanding that I
> rat you all out. I'll go all Snowden on
> their asses.

Nah. If you do rat them out you run the risk of prosecution under federal law. Even the disclosure of a NSA request would be illegal. So the options would be basically to shut down the site, or comply and send them a hefty bill (a la AT&T) for compliance. I totally would understand if you choose the second option. Having the GTZ remain online (w/ NSA monitoring) is preferable to not having the site at all. But again, this would be my personal view, and I'm sure many users will disagree w/ me on this.

The situation is like big CPA firms coming across massive fraud at a company they are auditing. The CPA firm cannot issue an opinion saying that the company they audited has reported in compliance w/ GAAP, b/c that would in turn expose the auditor to liability from investors and the SEC. So the firms are supposed to do a "noisy withdrawal." They cannot publicly disclose what they found, but their withdrawal should tip investors off to problems within the books of the company being audited. Similarly, if GTZ shuts down in the future, users can read into the undisclosed reason behind the shutdown.


Plz check out my Anime, Manga, and Figure Blog!
bill
GameTZ Subscriber GameTZ Full Moderator 550 Trade Quintuple Gold Good Trader Gold Global Trader (15) Has Written 26 Reviews
3-Jan-2014(#30)
http://GameTZ.ru has a nice ring to it.
theyrhere
GameTZ Subscriber Quadruple Gold Good Trader
Has Written 2 Reviews
3-Jan-2014(#31)
If we're being monitored now it's all MentalVortex's fault
flyngmonbob
GameTZ Gold Subscriber Double Gold Good Trader
9-Jan-2014(#32)
No way, the government knows he's not worth monitoring since he's always just staring at the sun.
Ranchan
GameTZ Subscriber Double Gold Good Trader
Has Written 9 Reviews
9-Jan-2014(#33)
The gov't could monitor this site for a variety of reasons. For example all those gifted paypal transactions back and forth (and set up through this site) could look a tad suspicious in the eyes of IRS.


Plz check out my Anime, Manga, and Figure Blog!

Topic   ztomy.com