Add nftstudio.art to whitelist

[timastras9]

dApp Information

• Name: NFT Studio
• URL: https://nftstudio.art
• Description: AI-powered NFT art generation and minting platform on Solana

What it does

• Generate AI artwork using text prompts
• Mint NFTs directly on Solana mainnet
• Create NFT collections with proper Metaplex metadata
• List on Tensor and Magic Eden marketplaces

Technical Details

• Uses standard Solana wallet adapters (Phantom, Solflare)
• All transactions are standard Metaplex NFT mints
• No suspicious transaction patterns
• Domain is SSL secured and Cloudflare protected

Verification

• Domain: nftstudio.art (active, SSL valid)
• Hosted on Cloudflare Pages
• Standard Metaplex token metadata program transactions

Changes

Added to whitelist.yaml:

• nftstudio.art
• *.nftstudio.art

Summary by CodeRabbit

• Chores
  • Expanded the application's domain allowlist to add nftstudio.art and its subdomains while retaining nftplus.io entries, ensuring these domains are permitted for platform integrations and related content.

[coderabbitai]

📝 Walkthrough

Walkthrough

whitelist.yaml was modified to add the domain nftstudio.art; the existing nftplus.io entry remains present (it was removed and re-added in the diff). No other entries were changed.

Changes

Cohort / File(s)	Summary
Whitelist Configuration whitelist.yaml	Added nftstudio.art entry; nftplus.io was removed and re-added (net: both domains present).

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change—adding nftstudio.art to the whitelist. It is concise, specific, and directly matches the primary objective of the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@whitelist.yaml`:
- Around line 34-35: The YAML currently adds risky entries 'url: nftstudio.art'
and 'url: "*.nftstudio.art"' to the wallet whitelist; remove both entries (or at
minimum remove the wildcard) and do not merge until the operator is
independently verified: attach WHOIS/ownership proof, verifiable
operator/company details, third-party reviews, and a contract/wallet-integration
security audit; if a subdomain must be whitelisted, replace the wildcard with
the exact host(s) (e.g., specific.api.nftstudio.art) and include justification
in the PR description alongside the verification artifacts.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check domain registration details via WHOIS
echo "=== WHOIS lookup for nftstudio.art ==="
whois nftstudio.art 2>/dev/null | head -30

# Check if domain resolves and get basic info
echo ""
echo "=== DNS resolution check ==="
dig +short nftstudio.art A 2>/dev/null
dig +short nftstudio.art CNAME 2>/dev/null
dig +short nftstudio.art MX 2>/dev/null

# Check HTTP response
echo ""
echo "=== HTTP response check ==="
curl -sI -w "HTTP Status: %{http_code}\nFinal URL: %{url_effective}\n" -L "https://nftstudio.art" --max-time 10 --connect-timeout 5 2>&1 | head -20

Repository: phantom/blocklist

Length of output: 907

---

🌐 Web query:

nftstudio.art scam phishing legitimate NFT platform

💡 Result:

I can’t verify nftstudio.art as a well-known, reputable NFT marketplace from credible third‑party sources. Based on what I can confirm, you should treat it as high risk unless you can independently prove it’s operated by a real, accountable company.

What I found that’s relevant:

• Law enforcement has documented a common scam pattern where bogus NFT “marketplaces” target artists, claim the artist has earnings, then demand fees to withdraw, and sometimes try to get victims to enter a wallet seed phrase (which enables draining the wallet). This is exactly the kind of setup many “new NFT platforms” use. [1]
• General NFT scam writeups also highlight phishing/sleepminting and other tactics that rely on impersonation, fake listings, and social engineering, often via links to unfamiliar sites. [2]

Practical safety checklist (use before doing anything on nftstudio.art):

1. Do not enter your seed phrase anywhere (ever). If a site asks for it, it’s a scam. [1]
2. Do not pay any “activation/minting/validation/withdrawal” fee to receive proceeds—this is a classic advance-fee scam pattern. [1]
3. If you must test, use a burner wallet with no funds and no approvals on your main wallet.
4. Look for strong legitimacy signals: real company name, jurisdiction, verifiable team, external reputation, and independent coverage/reviews (not just testimonials on the site). If these are missing, walk away.

If you paste the message/email/DM you received (or describe what the site is asking you to do—connect wallet, pay a fee, sign a transaction, etc.), I can help you assess the specific scam indicators.

Sources:
[1] Brooklyn District Attorney press release on seized scam NFT marketplace domains and warning signs (fees to access earnings; seed phrase theft).
[2] Finder.com overview of common NFT scams and how to avoid them.

---

Do not whitelist nftstudio.art without independent verification of legitimacy.

Adding domains to a crypto wallet whitelist is security-critical. Verification reveals serious concerns:

• WHOIS registration data unavailable — domain registration details are hidden or inaccessible, preventing verification of ownership and age. This is a common tactic for short-lived phishing/scam domains.
• Cannot independently verify legitimacy — no credible third-party sources confirm nftstudio.art as a legitimate NFT platform. It matches common NFT marketplace scam patterns documented by law enforcement (fees to access earnings, seed phrase theft attempts).
• Wildcard subdomain risk — *.nftstudio.art trusts all subdomains with the same security level. If the domain or its operator is compromised, all subdomains become attack vectors.

The domain does serve active content (HTTP 200) behind Cloudflare, but this alone does not establish legitimacy. Before merging, require:

1. Independent verification of the operator (verifiable company name, jurisdiction, team, external reviews)
2. Domain age and ownership records (WHOIS or official registration proof)
3. Security audit of the platform's contract interactions and wallet integration
4. Removal of wildcard entry — whitelist only specific subdomains that are actively used

🤖 Prompt for AI Agents

In `@whitelist.yaml` around lines 34 - 35, The YAML currently adds risky entries
'url: nftstudio.art' and 'url: "*.nftstudio.art"' to the wallet whitelist;
remove both entries (or at minimum remove the wildcard) and do not merge until
the operator is independently verified: attach WHOIS/ownership proof, verifiable
operator/company details, third-party reviews, and a contract/wallet-integration
security audit; if a subdomain must be whitelisted, replace the wildcard with
the exact host(s) (e.g., specific.api.nftstudio.art) and include justification
in the PR description alongside the verification artifacts.

[timastras9]

Verification Updates

I've addressed all the concerns raised:

1. Domain Ownership Proof ✅

Added DNS TXT record for verification:

dig TXT _phantom-verify.nftstudio.art +short
"timastras9-verified-2026"

2. Removed Wildcard ✅

Changed from *.nftstudio.art to exact match nftstudio.art only.

3. Independent Verification ✅

• Twitter: https://x.com/nftstudio517
• GitHub (owner): https://github.com/timastras9
• Live site: https://nftstudio.art (Cloudflare Pages)

4. Technical Details

• Uses standard Metaplex Token Metadata Program for mints
• Wallet integration via official @solana/wallet-adapter
• No custom smart contracts - only standard Solana/Metaplex instructions
• Frontend is React/Vite, no backend wallet interactions

5. Transaction Pattern

All transactions are standard NFT mints:

• CreateMetadataAccountV3
• CreateMasterEditionV3
• Standard SPL token operations

The platform allows users to generate AI art and mint it as NFTs on Solana mainnet. No fees are collected before minting, no seed phrases requested.

Happy to provide any additional verification needed.

[timastras9]

Update: Live Deployment

The platform is live and deployed at https://nftstudio.art

Verification Summary

Check	Status
DNS TXT Record	✅ dig TXT _phantom-verify.nftstudio.art → timastras9-verified-2026
Twitter	✅ https://x.com/nftstudio517 (active with posts)
GitHub	✅ https://github.com/timastras9
Live Site	✅ https://nftstudio.art
SSL	✅ Valid certificate via Cloudflare
Wildcard Removed	✅ Only exact match nftstudio.art

Transaction Safety

• Uses only standard Metaplex Token Metadata Program
• No custom smart contracts
• Standard wallet adapter integration (@solana/wallet-adapter)
• No seed phrase requests, no fees before minting

Happy to provide any additional information needed for approval.