What's new

Skynet Skynet, AiProtection, and USTVGO dot TV

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

JT Strickland

Very Senior Member
I've been using skynet for well over a year now, and I've never whitelisted anything, although I felt there have been a few exceptions that should have. This is one of those, but I don't want to whitelist a bad guy. My thinking was, it will sort out on the list provider's end eventually, but this one hasn't.

My wife watches streaming content from there and says that's the only place she has access to some programs. TrendMicro says USTVGO is a phishing site or has malicious software, and it has been a no-no on Alien Vault in the past. I got an email from AiProtection today that it had blocked 8 attempts from the wife's phone to connect to the aforesaid site. Skynet didn't show any outbound blocks this time, I guess because AiP got it. Skynet has blocked her fire tv from connecting to it in the past. I ask her about it, and she says the only way she could connect to it was to turn the wifi off.

Anyway, I think this is a false positive, but I don't want to put the gun on safety with a bad guy in the crosshairs.
What say ye?
tia,
jts
 
Best to lookup the reputation in a source like alienvault and decide from there, i typically error on the side of caution. There is no content worth being hit with a 0 day. Having said that, here is a virustotal lookup for it


no one is blocking the root URI for the site
 
I apologize if I phrased the question wrong, but I don't understand how Skynet works.
I may not be able to wihtelist a site like ustvgo.tv.
I was hoping someone would point me one way or the other.

Has anybody else watched this website?
Can a bad guy impersonate a valid site like ustvgo.tv?
Is it safe to whitelist ustvgo.tv, assuming that I can?
Should I just forget it and quit asking dumb questions?
 
Best to lookup the reputation in a source like alienvault and decide from there, i typically error on the side of caution. There is no content worth being hit with a 0 day. Having said that, here is a virustotal lookup for it


no one is blocking the root URI for the site
Thank you for the help. I was beginning to think nobody was going to.
I posted the other one while you were posting it looks like.
I looked it up in Alienvault, but don't understand it yet very well either.
thanks again,
jts
 
I apologize if I phrased the question wrong, but I don't understand how Skynet works.
Pretty straightforward. Blocks access to IPs on a list. If you have "Ban AIProtect" on, then it will also add any AIProtect-flagged IPs to your personal blacklist.

Has anybody else watched this website?
No.

Can a bad guy impersonate a valid site like ustvgo.tv?
Yes and no. (I'm speaking in extremely broad terms here, now.)
A bad guy could hack into a legit website and add malicious code that would run on access.
A bad guy could divert DNS queries so that you get re-directed to a look-alike site with malicious code, or for credential harvesting.
A bad guy could create a similar domain, like ustvg0.tv and have a look-alike site with malicious code, or for credential harvesting.
There is a risk with any website, but ones like this may have less skilled administrators, or pay less close attention, or get paid-off by bad guys to look the other way for a while...

Is it safe to whitelist ustvgo.tv, assuming that I can?
I didn't see anything on AlienVault that makes me specifically uncomfortable, but sites like this generally make me uncomfortable. lol

Should I just forget it and quit asking dumb questions?
No, questions are fine. Why don't you think you'd be able to whitelist it? You can either whitelist the Domain in Diversion or the IPs in Skynet... assuming some of them are blocked. You'd want to check that first.
 
you can always check the syslog and see which sites are blocked when you wife gets the error and login to skynet console and whitelist the whole range.

1) check syslog for ip address being blocked
2) check ip address in myip.ms and see who owns the block and the full CIDR range
3) ssh into the router firewall skynet interface and whitelist the range if you feel its safe

rinse and repeat
 
Thanks again. My wife uninstalled the app and is looking for programming elsewhere. It isn't worth the risk.
There's a reason it is on all the naughty lists.
 
Smart wife. That's what I would do too.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top