diff --git a/all.json b/all.json
index 25b220983..e6869b742 100644
--- a/all.json
+++ b/all.json
@@ -22,6 +22,7 @@
 		"1token-im.com",
 		"1v4t96knneojmqrl1rblweebvongdgjsd657zqwqzs6jmdspolkadot.js.org",
 		"1vsoumsoosby8aazwusucqrysh7lakimcneijp8shsj8x6bpolkadot.js.org",
+		"interfacevalidation.on.fleek.co",
 		"2022-gift.com",
 		"23.254.132.67",
 		"247metamaskrapidresponse.com",
diff --git a/packages/phishing/src/additions.spec.ts b/packages/phishing/src/additions.spec.ts
index 891bad2e8..da39177fa 100644
--- a/packages/phishing/src/additions.spec.ts
+++ b/packages/phishing/src/additions.spec.ts
@@ -12,6 +12,7 @@ const all = JSON.parse(fs.readFileSync('all.json', 'utf8')) as { allow: string[]
 const TOP_LEVEL = [
   // wildcards
   '*.fleek.co', // storageapi.fleek.co, storageapi2.fleek.co
+  'on.fleek.co',
 
   // root domains
   'ddns.net',
@@ -74,7 +75,8 @@ describe('added urls', (): void => {
   it('has no entries for allowed top-level domains', (): void => {
     const invalids = all.deny.filter((u) =>
       TOP_LEVEL.some((t) =>
-        t.startsWith('*.')
+        // for *. count the parts before the check
+        (t.startsWith('*.') && (u.split('.').length === t.split('.').length))
           ? (u.endsWith(t.substring(1)) || u === t.substring(2))
           : u === t
       )