Jump to content

leet.cc blocked due to a suspicious top level domain (TLD)


Recommended Posts

I use Firefox Monitor to determine if my email address has been involved in any known data breaches. Unfortunately, my email address has been involved in a few. I am trying to get my credentials updated for Leet, but when I attempted not navigate to Leet's website, leet.cc, Malwarebytes Browser Guard swooped in with the following:

Quote

Website blocked due to a suspicious top level domain (TLD)

Website blocked: leet.cc

Malwarebytes Browser Guard blocked this website because it may contain scam activity.

We strongly recommend you do not continue.

This is the website provided under the developer information for the LEET Servers for Minecraft app on the Google Play store. I am wondering if this website truly is suspicious, or if this is a false positive. If this is truly a suspicious site, I am curious as to how I should go about addressing my involvement in the breach.

Firefox info: 79.0 (64-bit)

Browser Guard info:

Quote

Version information

Malwarebytes Browser Guard version
2.2.10

Any help that can be provided is greatly appreciated.

Link to post

Forcepoint ThreatSeeker believes the site to be malicious, possibly due to the data breach: https://www.virustotal.com/gui/url/8b4128664915ff616eef9824c1b5edf707b5e12cac1a16f14803dec658a9b15d/detection.

That finding may need to be cleared before Malwarebytes can clear the site.

Also note that Firefox was updated to 80.0 today.

Link to post

@alvarnell, thanks for the prompt response.

What action should be taken to get that finding by Forcepoint ThreatSeeker cleared?

I noticed that Firefox had an update ready to finish installing with a restart of my browser when I opened the About Firefox window to gather the version info for my initial post. That update will most likely bring me up to version 80.0 like you mentioned.

Link to post
2 minutes ago, austinb842 said:

What action should be taken to get that finding by Forcepoint ThreatSeeker cleared?

You would somehow have to contact them about it in the same way as you have here. It's possible that Malwarebytes will be able to independently check the site and clear it when they come in tomorrow, so you may want to wait. From the warning you got, it would appear that they have simply blocked all instances of .cc domains due to a high level of malicious behavior by such sites and simply need to check it out.

Link to post

I appreciate the prompt follow-up response. I will give Malwarebytes an opportunity to review this post and the site before reaching out to Forcepoint ThreatSeeker as you suggested.

Cheers!

Link to post

Site has been whitelisted.  Please allow 15-30 minutes for changes to take effect.

Link to post
22 hours ago, gonzo said:

Site has been whitelisted.  Please allow 15-30 minutes for changes to take effect.

I am now able to access the site without it being flagged by Browser Guard. There is a section of the site, though, that Browser Guard is blocking for the same reason.

Quote

Website blocked due to a suspicious top level domain (TLD)

Website blocked: leetforum.cc

Malwarebytes Browser Guard blocked this website because it may contain scam activity.

We strongly recommend you do not continue.

I am not sure if this should be whitelisted as well, or if the suspicious activity is legitimate. Unfortunately, the link to their helpdesk seems to be broken.

Quote

Hmm. We’re having trouble finding that site.

We can’t connect to the server at support.leet.cc.

Thanks for all of the input and assistance thus far.

Link to post

It has now been whitelisted as well.  Non-standard TLD's (cc/info/xyz and so on) are commonly used for malicious purposes.  We err on the side of caution to assure that we are protecting our users. If our users encounter a block, they report it (as you did), we test it, and if it is determined to be safe, we unblock it (as I did).  Please allow 15-30 minutes for changes to take effect.

Link to post
On 8/27/2020 at 10:18 AM, gonzo said:

It has now been whitelisted as well.  Non-standard TLD's (cc/info/xyz and so on) are commonly used for malicious purposes.  We err on the side of caution to assure that we are protecting our users. If our users encounter a block, they report it (as you did), we test it, and if it is determined to be safe, we unblock it (as I did).  Please allow 15-30 minutes for changes to take effect.

Thanks for providing this additional context. I appreciate the prompt guidance and assistance I have received. I am able to access the main LEET website and the LEET Forums website without being flagged by Browser Guard.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.