Update whitelist.yaml to add and modify URLs

[theezemmuo]

Summary by CodeRabbit

• Chores
  • Restored access to nftplus.io
  • Added support for *.withcitii.xyz domains

[coderabbitai]

📝 Walkthrough

Walkthrough

The whitelist.yaml configuration file was updated to restore the previously removed nftplus.io domain entry and introduce a new wildcard domain entry *.withcitii.xyz to the allowed domains list.

Changes

Cohort / File(s)	Summary
Whitelist Configuration whitelist.yaml	Restored nftplus.io entry and added new wildcard domain *.withcitii.xyz to the allowed domains list.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: updating whitelist.yaml by restoring an entry and adding a new wildcard domain.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@whitelist.yaml`:
- Line 33: Remove the whitelist entry for "nftplus.io" from whitelist.yaml
because the domain is non-existent or suspicious; delete the line containing the
url: nftplus.io, verify why it was added (check commit/PR author or source of
the whitelist addition) and, if needed, replace with a validated legitimate
domain or leave removed and note the removal in the PR description.
- Line 34: Remove the wildcard entry "*.withcitii.xyz" from the whitelist.yaml;
the added url value "*.withcitii.xyz" is not a verified or trusted domain and
should not be whitelisted—reject this entry, and if a domain needs to be added
instead require documented justification and evidence of legitimacy (company
info, HTTPS, reputation) before adding a non-standard domain to the whitelist.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 65fde374-046d-4047-ab02-7891b810105c

📥 Commits

Reviewing files that changed from the base of the PR and between f0e8ff9 and 2820b32.

📒 Files selected for processing (1)

• whitelist.yaml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check if nftplus.io exists in blocklist or fuzzylist files

echo "=== Checking for nftplus.io in blocklist files ==="
rg -i 'nftplus\.io' --glob '*blocklist*.yaml' -C 2

echo -e "\n=== Checking for nftplus.io in fuzzylist ==="
rg -i 'nftplus\.io' fuzzylist.yaml -C 2

echo -e "\n=== Checking git history for removal context ==="
git log --all --oneline --grep="nftplus" -- whitelist.yaml

echo -e "\n=== Checking for previous removals ==="
git log -p --all -S "nftplus.io" -- whitelist.yaml | head -50

Repository: phantom/blocklist

Length of output: 276

---

🌐 Web query:

Is nftplus.io a legitimate NFT-related service or website? Are there any security concerns or scam reports associated with this domain?

💡 Result:

No, nftplus.io does not appear to be a legitimate NFT-related service. There is no evidence of an active website, official documentation, company information, user reviews, or mentions in reputable sources associating nftplus.io specifically with any established NFT platform or service. Searches across general web, scam reports, reviews, Reddit, Trustpilot, and targeted queries returned zero direct hits for nftplus.io. Similar-sounding domains like nftgoplus.com, nftplus.traitswap.com, and pluspad.app exist but are distinct and not linked to nftplus.io. The complete absence of any online footprint for this exact domain, especially in the NFT space which is highly visible, indicates it is likely either non-existent, defunct, or potentially a non-operational or scam-related site not yet reported. No security concerns or scam reports were found specifically for it, but the lack of presence raises high suspicion—avoid interacting with it. Use established platforms like OpenSea instead.

Citations:

• 1: https://nftgoplus.com/
• 2: https://nftplus.traitswap.com/
• 3: https://pluspad.app/
• 4: https://www.trustpilot.com/review/pluswallet.app
• 5: https://uk.trustpilot.com/review/pluswallet.app
• 6: https://scamminder.com/website/nft-plaza.com
• 7: https://ie.trustpilot.com/review/nft-place.com
• 8: https://uk.trustpilot.com/review/nftplace.club

---

Do not whitelist nftplus.io — domain appears non-existent or scam-related.

This domain has no online footprint, is not associated with any legitimate NFT service, and lacks any presence in reputable sources. Web research indicates the domain is likely defunct or potentially scam-related. There are no conflicts with blocklist or fuzzylist entries, but the domain itself should not be whitelisted. Please remove this entry and verify the source/intent if this was added unintentionally.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@whitelist.yaml` at line 33, Remove the whitelist entry for "nftplus.io" from
whitelist.yaml because the domain is non-existent or suspicious; delete the line
containing the url: nftplus.io, verify why it was added (check commit/PR author
or source of the whitelist addition) and, if needed, replace with a validated
legitimate domain or leave removed and note the removal in the PR description.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check for withcitii.xyz conflicts and gather domain information

echo "=== Checking for withcitii.xyz or citii in blocklist files ==="
rg -i 'withcitii|citii' --glob '*blocklist*.yaml' -C 2

echo -e "\n=== Checking for withcitii.xyz in fuzzylist ==="
rg -i 'withcitii|citii' fuzzylist.yaml -C 2

echo -e "\n=== Checking DNS resolution for withcitii.xyz ==="
nslookup withcitii.xyz 2>&1 || echo "DNS lookup failed"

echo -e "\n=== Checking for HTTPS availability ==="
curl -I -s -o /dev/null -w "%{http_code}" --max-time 5 https://withcitii.xyz 2>&1 || echo "HTTPS check failed"

Repository: phantom/blocklist

Length of output: 334

---

🌐 Web query:

What is withcitii.xyz? Is it a legitimate web hosting platform or service provider? Are there any security concerns or reports about this domain?

💡 Result:

withcitii.xyz does not appear to be an established web hosting platform or service provider. No information was found describing what the site is, its purpose, official documentation, company details, or user reviews identifying it as a legitimate hosting service. Web searches across general web, scam checkers like Scamadviser, Trustpilot, Reddit, and WHOIS lookups returned no direct matches or mentions of "withcitii.xyz". Similar-sounding .xyz domains (e.g., withit.xyz, witc.xyz registered March 2026 via Alibaba/HiChina with AfterNIC nameservers, citofi.xyz flagged "Very Likely Unsafe") exist but are unrelated and often recently registered with privacy protection, a common trait of low-profile or suspicious sites. .xyz domains are frequently abused for phishing and scams, as noted in cybersecurity reports on fast-flux campaigns and blocklists. Given the complete lack of online footprint as of 2026-04-04, it raises significant security concerns: it may be a non-existent, parked, or potentially malicious domain used for phishing, malware, or fraud. Avoid visiting or using it; no evidence supports legitimacy.

Citations:

• 1: https://wanwang.aliyun.com/whois/withit.xyz
• 2: https://wanwang.aliyun.com/whois/witc.xyz
• 3: https://www.scamadviser.com/check-website/citofi.xyz
• 4: https://phishdestroy.io/domain/cryptionix.xyz/
• 5: https://support.google.com/android/thread/181950422/i-received-a-message-in-chrome-that-says-i-have-malware-but-the-message-is-from-a-week-tale-xyz-i?hl=en
• 6: https://www.reddit.com/r/cybersecurity/comments/1pc583l/urgent_massive_fastflux_phishing_campaign_using/
• 7: https://web3.bio/citzx.lens
• 8: https://web3.bio/xxxyy.lens
• 9: https://web3.bio/fitifi.lens
• 10: http://whois.domaintools.com/citislots.xyz
• 11: https://whois.domaintools.com/cicuyu.xyz
• 12: https://whois.domaintools.com/citrea.xyz
• 13: https://whois.domaintools.com/ciied.xyz
• 14: https://www.scamadviser.com/check-website/ciiticard.com
• 15: https://www.scamadviser.com/check-website/reditt.xyz

---

Do not add *.withcitii.xyz to the whitelist.

The domain is not a legitimate or established platform. Web search found no online presence, documentation, company details, or user reviews identifying it as a trustworthy service. withcitii.xyz appears to be an unknown or potentially malicious domain—.xyz domains are frequently abused in phishing campaigns and scam operations according to cybersecurity reports. While the domain does return an HTTP 200 response (likely a parked or default page), this does not indicate legitimacy. Adding a wildcard for this domain poses a security risk and should be rejected.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@whitelist.yaml` at line 34, Remove the wildcard entry "*.withcitii.xyz" from
the whitelist.yaml; the added url value "*.withcitii.xyz" is not a verified or
trusted domain and should not be whitelisted—reject this entry, and if a domain
needs to be added instead require documented justification and evidence of
legitimacy (company info, HTTPS, reputation) before adding a non-standard domain
to the whitelist.