For a few short hours on July 29, the web address fusion.tvaddons.co was online and offering zip files for the once-popular TVAddons Indigo tool. Many in the third-party add-on community are deeply skeptical of any reappearance of a TVAddons website, voicing complaints of a potential “honeypot.” Nevertheless, the original TVAddons website, tvaddons.ag, remains offline, while this new site is registered to a secretive Cayman Islands account.
As indicated by Google, the new website address was last modified on July 29, 2017:
News of this sudden appearance spread quickly online in the widely-used third-party Kodi add-on forum, Addons4Kodi. User Matt00011 created a post alerting community members to the news. Matt00011 also noted that after downloading the Indigo tool (TVAddon’s once-popular all-in-one add-on installer) from the address mentioned above, he found the contents within the add-on to be completely broken.
“Indigo can be installed but the sections within the addon remain broke so I imagine they are still working behind the scenes to get everything in place, hence why the website is still displaying a 403 forbidden. Be careful guys if you add the source.” – Matt00011
Additionally, Matt00011 gave credit to the initial discovery to YouTuber newtechevolution, who posted a video about the return of the website, which included access to the Fusion repository.
In this video, newtechevolution walks users through the installation process for Indigo, discovering that ultimately, the tool still appears to be mostly non-functional.
Perhaps rightly so, newtechevolution warns that any viewers should connect to a VPN before trying to download and install any zip files located on the site. Given the way downloads through the FTP site work, any download attempt connects individuals directly to the hosting site’s servers, allowing whoever currently owns the site to collect IP addresses.
The Potential for a TVAddons “Honeypot”
In the App4Kodi Reddit post, most users were quick to point out that installing any zip files from the site could be dangerous. As the most upvoted comment on the post, from Reddit user sillycyco, states:
“Nope. Not a chance. You would have to be out of your… mind to trust this domain. Some Youtuber gives the “heads up” to a site under discovery investigation in a lawsuit, whose domains were seized or otherwise turned over to a Canadian law firm, with nary a word from any known associated figure from the original group site…
Posted by an account with a 3 post history.
No thanks. Be wary folks. Be super wary. Even if legit, when things like this happen, you have to consider all bridges burned, all sources compromised, and move on. There is no coming back from the previous setback for these folks. Any attempt to do so is suspicious at best, as they themselves should know why they shouldn’t be trusted.TVA had security guides on their site that this supposed rebirth violates. Do not trust. Do not use.”
Sillycyco alludes to a known problem within the Reddit community when he or she addresses the legitimacy of the news-breaking post itself: new Reddit accounts. It is not uncommon for businesses, legal entities, and others to utilize the popular forum website to fish for information. New accounts offering seemingly exciting information to an eager Reddit community often draw suspicion, particularly when the activity in question is under criminal investigation.
Other users pointed out that the site going live and offering up downloads could indeed be what is known as a “honeypot” or “honey trap.”
Honeypots are a form of internet security, often employed to lure hackers into a system in order to reveal their location or hacking method. In effect, this serves to entrap the user into giving away who they are.
Most users on r/Addons4Kodi seem to suspect that the recent Fusion reappearance is a honeypot set up by the Canadian law firm now in possession of many TVAddons domains.
At this time of writing, the website appears to be blocking any new connections – instead returning a 403 Forbidden error from the web server. However, a WhoIs check reveals that the domain was also recently registered. It appears to have been created on July 18 and is currently registered to a private Cayman Islands-based company known to host many pirated media websites.
Meanwhile, the original TVAddons website, TVaddons.ag, remains registered to the head of the Canadian anti-piracy law firm, Daniel Drapeau. According to the WhoIs check, that site remains offline.
It remains unclear who is behind the recent rumblings behind the scenes for TVAddons. Little is known about what happened to the site (or its shadowy owners) following the sudden disappearance of the site in June. While the site owners previously noted that the website would make a return with a more legitimate focus to their services, any news related to their potential return remains as elusive as the site’s owners.
On July 20, website KodiTips.com reported that the TVAddons Twitter account came alive again, posting direct from WordPress to Twitter. The WordPress website, it appears, is the same as that which came online for a few hours only 9 days later, tvaddons.co.
With information lacking regarding the recent developments, all that remains is idle speculation. However, what is undeniably true is that something is happening behind the scenes. Only time will tell whether that something is a legitimate TVAddons return or the honeypot lures of a legal entity.