Skip to content

Synchronize repository#265871

Merged
samczsun merged 1 commit into
MetaMask:mainfrom
security-alliance-bot:0e929b23-81ad-4ef6-a8b9-efed5ec72c53
Jul 8, 2026
Merged

Synchronize repository#265871
samczsun merged 1 commit into
MetaMask:mainfrom
security-alliance-bot:0e929b23-81ad-4ef6-a8b9-efed5ec72c53

Conversation

@security-alliance-bot

@security-alliance-bot security-alliance-bot commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

This is an automated pull request to synchronize this repository with the latest configuration


Note

Low Risk
Single-domain removal from the phishing block list via automated sync; limited blast radius but users may briefly stop seeing a warning for that host.

Overview
This automated config sync updates MetaMask’s domain block list in src/config.json by removing crm.raccoonsatcrm.com. No other domains are added or changed in this diff.

After this lands, that host will no longer be flagged by the list until it is blocked again upstream.

Reviewed by Cursor Bugbot for commit 4122373. Bugbot is set up for automated code reviews on this repo. Configure here.

@samczsun samczsun added the blocklist addition Issue or PR requesting addition of a domain to the blocklist label Jul 8, 2026
@samczsun samczsun merged commit 18a8439 into MetaMask:main Jul 8, 2026
6 checks passed
@security-alliance-bot security-alliance-bot deleted the 0e929b23-81ad-4ef6-a8b9-efed5ec72c53 branch July 8, 2026 20:30

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

Reviewed by Cursor Bugbot for commit 4122373. Configure here.

Comment thread src/config.json
"plametaryproperty.xyz",
"coinbase-cc.pages.dev",
"app-phantom-wallet-extension-for-edge.webflow.io",
"crm.raccoonsatcrm.com",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Phishing domain removed from blocklist

High Severity

This automated sync removes crm.raccoonsatcrm.com from the blacklist. The domain is associated with the RaccoonO365 phishing campaign, so unblocking it could expose users to phishing if the site is still active.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 4122373. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

blocklist addition Issue or PR requesting addition of a domain to the blocklist

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants