Skynet Skynet, AiProtection, and USTVGO dot TV

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

JT Strickland

Senior Member
I've been using skynet for well over a year now, and I've never whitelisted anything, although I felt there have been a few exceptions that should have. This is one of those, but I don't want to whitelist a bad guy. My thinking was, it will sort out on the list provider's end eventually, but this one hasn't.

My wife watches streaming content from there and says that's the only place she has access to some programs. TrendMicro says USTVGO is a phishing site or has malicious software, and it has been a no-no on Alien Vault in the past. I got an email from AiProtection today that it had blocked 8 attempts from the wife's phone to connect to the aforesaid site. Skynet didn't show any outbound blocks this time, I guess because AiP got it. Skynet has blocked her fire tv from connecting to it in the past. I ask her about it, and she says the only way she could connect to it was to turn the wifi off.

Anyway, I think this is a false positive, but I don't want to put the gun on safety with a bad guy in the crosshairs.
What say ye?
tia,
jts
 

agilani

Very Senior Member
Best to lookup the reputation in a source like alienvault and decide from there, i typically error on the side of caution. There is no content worth being hit with a 0 day. Having said that, here is a virustotal lookup for it


no one is blocking the root URI for the site
 

JT Strickland

Senior Member
I apologize if I phrased the question wrong, but I don't understand how Skynet works.
I may not be able to wihtelist a site like ustvgo.tv.
I was hoping someone would point me one way or the other.

Has anybody else watched this website?
Can a bad guy impersonate a valid site like ustvgo.tv?
Is it safe to whitelist ustvgo.tv, assuming that I can?
Should I just forget it and quit asking dumb questions?
 

JT Strickland

Senior Member
Best to lookup the reputation in a source like alienvault and decide from there, i typically error on the side of caution. There is no content worth being hit with a 0 day. Having said that, here is a virustotal lookup for it


no one is blocking the root URI for the site
Thank you for the help. I was beginning to think nobody was going to.
I posted the other one while you were posting it looks like.
I looked it up in Alienvault, but don't understand it yet very well either.
thanks again,
jts
 

JaimeZX

Senior Member
I apologize if I phrased the question wrong, but I don't understand how Skynet works.
Pretty straightforward. Blocks access to IPs on a list. If you have "Ban AIProtect" on, then it will also add any AIProtect-flagged IPs to your personal blacklist.

Has anybody else watched this website?
No.

Can a bad guy impersonate a valid site like ustvgo.tv?
Yes and no. (I'm speaking in extremely broad terms here, now.)
A bad guy could hack into a legit website and add malicious code that would run on access.
A bad guy could divert DNS queries so that you get re-directed to a look-alike site with malicious code, or for credential harvesting.
A bad guy could create a similar domain, like ustvg0.tv and have a look-alike site with malicious code, or for credential harvesting.
There is a risk with any website, but ones like this may have less skilled administrators, or pay less close attention, or get paid-off by bad guys to look the other way for a while...

Is it safe to whitelist ustvgo.tv, assuming that I can?
I didn't see anything on AlienVault that makes me specifically uncomfortable, but sites like this generally make me uncomfortable. lol

Should I just forget it and quit asking dumb questions?
No, questions are fine. Why don't you think you'd be able to whitelist it? You can either whitelist the Domain in Diversion or the IPs in Skynet... assuming some of them are blocked. You'd want to check that first.
 

agilani

Very Senior Member
you can always check the syslog and see which sites are blocked when you wife gets the error and login to skynet console and whitelist the whole range.

1) check syslog for ip address being blocked
2) check ip address in myip.ms and see who owns the block and the full CIDR range
3) ssh into the router firewall skynet interface and whitelist the range if you feel its safe

rinse and repeat
 

JT Strickland

Senior Member
Thanks again. My wife uninstalled the app and is looking for programming elsewhere. It isn't worth the risk.
There's a reason it is on all the naughty lists.
 

L&LD

Part of the Furniture
Smart wife. That's what I would do too.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top