diff --git a/all.json b/all.json
index 496e605b1..613cae0a8 100644
--- a/all.json
+++ b/all.json
@@ -5336,8 +5336,6 @@
 		"startofficial.net",
 		"stepn.plus",
 		"stepns.pro",
-		"storageapi.fleek.co",
-		"storageapi2.fleek.co",
 		"stratos.medium.cn.com",
 		"stratos.medium.com.ru",
 		"stratos.polkastarter.com.es",
diff --git a/packages/phishing/src/additions.spec.ts b/packages/phishing/src/additions.spec.ts
index f944d8ebe..55dd0e420 100644
--- a/packages/phishing/src/additions.spec.ts
+++ b/packages/phishing/src/additions.spec.ts
@@ -10,6 +10,10 @@ const allowed = JSON.parse(fs.readFileSync('known.json', 'utf-8')) as Record<str
 const all = JSON.parse(fs.readFileSync('all.json', 'utf8')) as { allow: string[]; deny: string[] };
 
 const TOP_LEVEL = [
+  // wildcards
+  '*.fleek.co', // storageapi.fleek.co, storageapi2.fleek.co
+
+  // root domains
   'ddns.net',
   'herokuapp.com',
   'hopto.org',
@@ -64,7 +68,13 @@ describe('added addresses', (): void => {
 
 describe('added urls', (): void => {
   it('has no entries for allowed top-level domains', (): void => {
-    const invalids = all.deny.filter((u) => TOP_LEVEL.includes(u));
+    const invalids = all.deny.filter((u) =>
+      TOP_LEVEL.some((t) =>
+        t.startsWith('*.')
+          ? (u.endsWith(t.substring(1)) || u === t.substring(2))
+          : u === t
+      )
+    );
 
     expect(invalids).toEqual([]);
   });