Skip to content

Synchronize repository#265733

Merged
samczsun merged 1 commit into
MetaMask:mainfrom
security-alliance-bot:3f4302f7-58ec-4cd0-a412-fb123207f469
Jul 8, 2026
Merged

Synchronize repository#265733
samczsun merged 1 commit into
MetaMask:mainfrom
security-alliance-bot:3f4302f7-58ec-4cd0-a412-fb123207f469

Conversation

@security-alliance-bot

@security-alliance-bot security-alliance-bot commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

This is an automated pull request to synchronize this repository with the latest configuration


Note

Medium Risk
Unblocking a domain can affect phishing or abuse detection if the entry was still needed; the change is tiny but security-relevant.

Overview
This automated sync removes the domain jupter-ag.com from the blocked-domain list in src/config.json.

No other entries in that list are changed in this diff.

Reviewed by Cursor Bugbot for commit 53b839a. Bugbot is set up for automated code reviews on this repo. Configure here.

@samczsun samczsun added the blocklist addition Issue or PR requesting addition of a domain to the blocklist label Jul 8, 2026
@samczsun samczsun merged commit 108235d into MetaMask:main Jul 8, 2026
6 checks passed
@security-alliance-bot security-alliance-bot deleted the 3f4302f7-58ec-4cd0-a412-fb123207f469 branch July 8, 2026 14:19

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Reviewed by Cursor Bugbot for commit 53b839a. Configure here.

Comment thread src/config.json
"coinbase-cc.pages.dev",
"app-phantom-wallet-extension-for-edge.webflow.io",
"auth--kraken---cdn--auth.webflow.io",
"jupter-ag.com",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Phishing domain dropped from blacklist

High Severity

This sync removes jupter-ag.com from the blacklist. That hostname is still used as a Jupiter impersonation phishing site, and Jupiter is not covered by fuzzylist, so exact-match blocking was the protection path. After the change, checkDomain no longer treats visits to that domain as phishing.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 53b839a. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

blocklist addition Issue or PR requesting addition of a domain to the blocklist

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants