fix: Cherry-pick: Fix c2 detection bypass by supporting all network requests types

[AugmentedMode]

Description

Cherry pick: #28057

This update addresses a bypass that allowed scammers to bypass C2 detection by using alternative network request types to communicate with their Command and Control (C2) servers. Previously, we only listened for a limited set of request types (e.g., main_frame, sub_frame, xmlhttprequest), which left the system exposed to other methods of calling C2s.

With this fix, we now listen to all network request types and cross-check them against our client-side blocklist, ensuring better coverage and preventing these types of bypasses.

Changes:

Updated maybeDetectPhishing in background.js to listen for all network requests by removing restrictions on request types.

Related issues

Fixes:

Manual testing steps

1. Go to a website known to be on the C2 domain blocklist. For now we made our test website https://develop.d3bkcslj57l47p.amplifyapp.com/ have a malicious C2 Request that is on our blocklist.
2. Attempt to interact with the site.
3. Verify that on visiting the website you get redirected to the Metamask phishing page.
4. Repeat with a site that is not on the blocklist to confirm normal operation.

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding
  Standards.
• I've completed the PR template to the best of my ability
• I’ve included tests if applicable
• I’ve documented my code using JSDoc format if applicable
• I’ve applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[metamaskbot]

Builds ready [5f93667]

• builds: chrome, firefox
• builds (beta): chrome
• builds (flask): chrome, firefox
• builds (MMI): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• build viz: Build System
• mv3: Background Module Init Stats
• mv3: UI Init Stats
• mv3: Module Load Stats
• mv3: Bundle Size Stats
• mv2: E2e Actions Stats
• code coverage: Report
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6
  • common: 0, 1, 10, 11, 2, 3, 4, 5, 6, 7, 8, 9
  • content-script: 0
  • offscreen: 0
  • ui: 0, 1, 10, 11, 12, 2, 3, 4, 5, 6, 7, 8, 9

Page Load Metrics (1884 ± 214 ms)

Platform	Page	Metric	Min (ms)	Max (ms)	Average (ms)	StandardDeviation (ms)	MarginOfError (ms)
Chrome	Home	firstPaint	1634	3702	1889	442	212
		domContentLoaded	1586	2744	1799	249	120
		load	1635	3721	1884	445	214
		domInteractive	27	149	47	28	14
		backgroundConnect	8	1003	83	213	102
		firstReactRender	51	197	97	31	15
		getState	4	82	23	26	13
		initialActions	0	1	0	0	0
		loadScripts	1178	1769	1329	150	72
		setupStore	10	82	26	24	11
		uiStartup	1781	3889	2126	468	225

Bundle size diffs [🚀 Bundle size reduced!]

• background: -50 Bytes (-0.00%)
• ui: 1.06 KiB (0.01%)
• common: 0 Bytes (0.00%)

[metamaskbot]

No release label on PR. Adding release label release-12.6.0 on PR, as PR was cherry-picked in branch 12.6.0.