phantom / blocklist Goto Github PK

Our website usdcswap.com was flagged as potentially deceptive here.
The website is owned and managed by Ultra Stellar and is linked to at the company website ultrastellar.com
This is a legitimate website however the USDC swap tool has been temporarily disabled some time ago. We are planning on resuming the operations over the next few months.
Please remove usdcswap.com from this blocklist as soon as possible. Metamask issue link attached.

This has already been resolved at Metamask.
MetaMask/eth-phishing-detect#11497

Wrongfully flagged domain. Thank you, please let me know how I can be of any help.

**Domain: https://akiprotocol.io

**Details: The site is loyal to its users and we didn't find any malicious activity so far. Let metamask wallet access able to this site.

Adding more info about Aki Network / Aki Protocol.

Aki introduces two layers to organize the web3 world’s information and make it universally accessible and useful.

An open infrastructural multi-chain knowledge base that provides oracle services and rewards data layer contributors - Aki Protocol
A consumer-facing application suite built on top of Aki Protocol with a specific focus on influencer-centered graphs - Aki Network
Whitepaper: https://aki-network.gitbook.io/aki-general-whitepaper/
Twitter: https://twitter.com/aki_protocol
Email: [email protected]

Feel free to DM/email and book a call with us if you have more questions

Hello!

I believe exodus.icu was automatically flagged due to its resemblance of exodus.com, or possible past use in phishing activities. I just recently registered the domain 2 days ago and plan to run my own personal instance of the Revolt Chat app. It's currently up and live now, and a few friends alerted me that MetaMask or Phantom are flagging it.

If I could request the flag be removed, that would be great. I also utilize a few subdomains such as https://app.exodus.icu/ https://autumn.exodus.icu/ https://docs.exodus.icu/ https://support.exodus.icu/ https://endpoint.exodus.icu/ and have plans to use a few others in the future.

https://luckyboxesgift.com/
https://droppingboxs.com/

Hi, thanks for this resource!

For the nft-blocklist, is the coverage ETH only? or are these contracts also malicious in other networks (e.g. MATIC)?

I'm working on an API which tracks malicious domains from a variety of sources, alongside malicious NFT contracts for ETH & MATIC (and AVAX, FTM & BSC in future) at https://github.com/smk762/no_phish_nfts

Happy to coordinate with sharing data back upstream. Do you have any licence or attribution requirements?

Somehow blocklist file is not being parsed with Symfony parser so I needed to make some changes. Purpose of this example is to help someone who is struggling to use it with php.

<?php

namespace App\Utils\Nft;

use Symfony\Component\Yaml\Yaml;

class ScamPrevention
{
    const SCAM_URL_SOURCE = 'https://raw.githubusercontent.com/phantom-labs/blocklist/master/blocklist.yaml';

    private static array $scamWebsites = [];

    public static function isScamNft(array $nftMetadata): bool
    {
        if (empty($nftMetadata['external_url'])) {
            return false;
        }

        $website = $nftMetadata['external_url'];
        $website = preg_replace("(^https?://)", "", $website);
        $website = str_replace('www.', '', $website);

        if (in_array($website, self::fetchListOfScamWebsites())) {
            return true;
        }

        return false;
    }

    public static function fetchListOfScamWebsites(): array
    {
        if (!empty(self::$scamWebsites)) {
            return self::$scamWebsites;
        }

        try {
            $scamWebsitesAsYaml = file_get_contents(self::SCAM_URL_SOURCE);
            $parsedWebsites = Yaml::parse(str_replace(': ', '', $scamWebsitesAsYaml));
            $parsedWebsites = str_replace('- url', '', $parsedWebsites);
            self::$scamWebsites = explode(' ', $parsedWebsites);
        } catch (\Throwable $throwable) {
            self::$scamWebsites = [];
        }

        return self::$scamWebsites;
    }
}

How can you test?

<?php

namespace Tests\Unit;

use App\Utils\Nft\NftException;
use App\Utils\Nft\NftHelper;
use App\Utils\Nft\ScamPrevention;
use Tests\TestCase;

class ScamPreventionTest extends TestCase
{
    public function testFetchListOfScamWebsites(){
        $scamWebsites = ScamPrevention::fetchListOfScamWebsites();
        $this->assertIsArray($scamWebsites);
        $this->assertNotEmpty($scamWebsites);
    }

    public function testIsScamNft(){
        $this->assertTrue(ScamPrevention::isScamNft(['external_url' => 'officialnftgift.com']));
        $this->assertFalse(ScamPrevention::isScamNft(['external_url' => 'movsumov.com']));
    }
}

https://magicalworld.cool/

link on dropbox with stealer on site
https://www.dropbox.com/s/dl/9aerkhjab8s3wjs/Magical%20World%20%28BETA%29.zip

News about same (old) scam - https://www.bleepingcomputer.com/news/security/fake-cthulhu-world-p2e-project-used-to-push-info-stealing-malware/

Hello,

Please remove fatcatsupgrade.com from your blocklist. This is a legitimate site and we will be launching an art upgrade for the FatCats Collection here.

It is a fresh domain so I can see how it was flagged, but I can assure you it is legitimate.

For some proof of my reputation, you can see some code contributions I've made to metaplex and various other projects in the solana ecosystem here. Let me know if you need me to provide any more proof.

metaplex-foundation/candy-machine-ui#12
metaplex-foundation/sugar#348

https://magicalworld.io

link on dropbox with stealer on site
https://www.dropbox.com/s/dl/9aerkhjab8s3wjs/Magical%20World%20%28BETA%29.zip

News about same (old) scam - https://www.bleepingcomputer.com/news/security/fake-cthulhu-world-p2e-project-used-to-push-info-stealing-malware/

https://gold-island-game.com/

Stealer in download button

https://celadon.game

stealer in launcher.

https://www.[dropbox].com/s/dl/xinamt4gdfzvb8q/CeladonLauncher.exe - link on download from website

https://www.virustotal.com/gui/file/27943821044a84f7b3c65fc3004d6f12b3790f545f99bbc57db0e567b750e795/detection

virustotal

Hello, my website has been blocked by mistake. Please help to verify.

https://banterbubbles.com/ Hi there guys, hope you're well, we've just noticed our website being flagged as dangerous with malicious activity present.

I assure you this is not the case. Please visit our site and notice there are absolutely no requirements for any metamask or other wallet addresses. It's not even an available option.

Banter Bubbles is a platform we built for users in the Crypto Banter community to track major price movements in Crypto. We allow users to chat through use of their Twitter account.

Please correct this issue as it is causing major issues for our community.

Correspondence will be much appreciated

Best regards
Josh (Product Manager)

http://btcs.love/ is the official domain controlled by COREDAO. I believe it should not be on the blacklist

https://shadowagesp2e.com

SCAM WITH STEALLER!!!

Hi everyone

I had the error pop up when trying to open my non-blockchain related app on Netlify. Checking down the list, I notice that netlify.app has been added.

Given Netlify is a popular hosting service for front-end apps of all sorts, is it right that the entire netlify.app domain part is included on the list? Especially in a dev environment, using the Netlify autogenerated URL is standard practice.

Thanks

The official site from EthereumPoW (ETHW) - ethereumpow.org is blocked in the eth-blocklist, any reason why?

https://twitter.com/EthereumPoW

Thanks in advance!

Stealer on website
https://1986reborn.com/
need to enter code, then stealer will be downloaded

https://kotaworldwide.space/

fake site of original - https://www.kidsoftheapocalypse.com/

stealer on website

https://matrix-eco.xyz/

Scam website. Trojan in it. After entering the code in the EcoMatrix window, the virus is quickly loaded.

Fake project of original https://MatrixMeta.land

Our site discord-accounts.ru poses no danger. We have been working since 2020. We sell clean new automatically registered Discord messenger accounts. According to search engines "google" and "yandex" we have leading positions in CIS countries. Please exclude the site from suspicious.

crystalplay.io

Scam site using a stealer to steal all data from your computer.

/

walletsubmit.com

Hi there, my domain solswipe.io has been blocked for no apparent reason.
We have issued and submitted countless documents and even implemented 4 milestone escrow to our mint. So there is technically close to no way that we can perform any funny actions as all our funds will be locked and only unlocked if our community releases it. We have also submitted lots of documents and will continue posting up more information when we have it. And also postponed our mint to september specifically for the intention of providing more supporting documents to ME or community before our mint.

Therefore,
I would like to appeal that the domain gets unblocked thank you.

Hi!
I'm wondering why you're not updating your npm package, it's outdated and last publish is 2 years ago.

Do I correctly understand that you're not going to support it anymore?
https://www.npmjs.com/package/@phantom-labs/blocklist

https://celadongame.world/

new domain of celadon site. Stealer in launcher.

Hi,

I can't see any documentation on this, is this working - if so, how does it work?

We are dealing with quite a few scam NFT's with the Tomorrowland project.

Thanks.

Hello, love this initiative, I am wondering if you have any plans to serve this information over the HTTP endpoint so apps that will integrate can fetch fresh data easily.

Would like to request that our site be removed from the blocklist.

All our code are open-sourced here at: https://github.com/diamondhanding

We are submitting for the OPOS hackathon, and everything is spelled out clearly on how the app works and what are the next steps: https://guide.diamondhanding.io/

Please let us know how we can be removed from the blocklist.

Hey, great work here.

Just reviewing the blocklist, have a few questions

1. I see a few user report issues for additions, where do the domains added come from?
2. When adding the domain to the list, how are the domains assessed to be "bad domains"?
3. Are domains pruned when they expire?
4. What is the license?
5. Is there ABP formatted list of eth-blocklist.yaml & blocklist.yaml ? (for those outside of the extension)

This site is not related to phantom

https://twitter.com/optimysticra

Hello @Harii94,

Since a while, there is a "FLIP.GG" Token that is airdropped to many NFT Collection hosted on MagicEden.
Token Id: https://solscan.io/token/VVWAy5U2KFd1p8AdchjUxqaJbZPBeP5vUQRZtAy8hyc

There is 145,756 holders, and it keep have many more as they do airdropping of it regularly. This token promote a flipping website, but there is no way to find if this real of not. We've many report from people annoyed by this airdrop.

What would you suggest to do? Create a PR to add the token only in the blocklist?

Domain: https://babyaptoslabs.com

Hello. This domain was falsely flagged on MetaMask which then found its way into your blocklist through syncing from MetaMask's list.

It has since been removed from MetaMask's phishing list and I would like for it to be removed here as well.

This is the relevant issue for MetaMask: MetaMask/eth-phishing-detect#10508

https://solscan.io/token/J6ob3pFe5FTnuyfLhbi4V7j1dyTurBPfaJExEooJCMEX

yess-yaks.com

Hi 1inch.dev was bought 2 weeks ago by 1inch. Could you please unblock this site?

https://swap.suniswap.online/#/swap has been blocked.
Please remove the block.

Domain: ydeda.pro

Details: This domain belongs to us, we are engaged in SEO services. The domain is more than 7 years old. We are not a member of any phishing sites. We do not do anything crypto related on this domain.

P.S. Our domain consists only of whitelists. Before Metamask we are also now clean

Hi, I'm running a dApp and trying to make user to stake their NFT into our vault and earning some rewards, but somehow some users report that an error/warning message shows when they're trying to sign the transaction.

Message like this:
"Phantom believes this transaction is malicious and unsafe to sign ........."

What's the possible reason to make some user's to get a warning like this ?

thanks!

Cryptio is an Enterprise-grade accounting, audit and tax software for digital assets. It is not a dangerous website. Please remove cryptio.co from this blocklist as soon as possible.

https://apocalypse.pw/

Fake website of a real project. After clicking on the button and entering the password, it throws a stealer virus to download, which drain all funds from wallets.

meta-worldp2e.com

Another scam site!!

https://sneks.gg is the legitimate domain for The Sneks project (https://twitter.com/solsneks). We have a mint upcoming very soon, and it's of the utmost important this is resolved quickly!

Thanks!

This is a legitimate site by Polygon Labs - https://polygonventures.xyz/

Please unblock it

Uniswaphooks.com has been blacklisted by mistake - it's an open source community curated directory for Uniswap v4 Hooks

https://ecometa.land/

Scam website. Trojan in it. After entering the code in the EcoMatrix window, the virus is quickly loaded.

Fake project of original https://matrixmeta.land/

apocalypse.city
celadongame.com
moonwallet.io

apocalypse and celadon already blocked, it’s new domains. MoonWallet - scam wallet, stealer.

all have link on stealer on website.