28 KiB
VN Malicious Domains Blocklist
- Formats
- Compressed version
- FAQ and Guides
- CI Variables
- License
A blocklist of malicious (malware, scam, phishing) websites that are targeting Vietnamese users. Sourced from api.chongluadao.vn.
| Client | mirror 1 | mirror 2 | mirror 3 | mirror 4 | mirror 5 | mirror 6 |
|---|---|---|---|---|---|---|
| uBlock Origin | link | link | link | link | link | link |
| Pi-hole | link | link | link | link | link | link |
| AdGuard Home | link | link | link | link | link | link |
| AdGuard (browser extension) | link | link | link | link | link | link |
| Vivaldi | link | link | link | link | link | link |
| Hosts | link | link | link | link | link | link |
| Dnsmasq | link | link | link | link | link | link |
| BIND zone | link | link | link | link | link | link |
| BIND RPZ | link | link | link | link | link | link |
| dnscrypt-proxy | names.txt, ips.txt | names.txt, ips.txt | names.txt, ips.txt | names.txt, ips.txt | names.txt, ips.txt | names.txt, ips.txt |
| Internet Explorer | link | link | link | link | link | link |
| Snort2 | link | link | link | link | link | link |
| Snort3 | link | link | link | link | link | link |
| Suricata | link | link | link | link | link | link |
| Splunk | link | link | link | link | link | link |
For other programs, see Compatibility page in the wiki.
Check out my other filters:
URL-based
Import the URL into uBO to subscribe.
AdGuard Home users should use this blocklist.
URL-based (AdGuard)
Import the following URL into AdGuard browser extensions to subscribe.
URL-based (Vivaldi)
Requires Vivaldi Desktop/Android 3.3+, blocking level must be at least "Block Trackers"
Import the URL into Vivaldi's Tracker Blocking Sources to subscribe.
Domain-based
This blocklist includes domains and IP addresses.
Domain-based (AdGuard Home)
This AdGuard Home-compatible blocklist includes domains and IP addresses.
Hosts-based
This blocklist includes domains only.
Dnsmasq
This blocklist includes domains only.
Save the ruleset to "/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf". Refer to this guide for auto-update.
Configure dnsmasq to use the blocklist:
printf "\nconf-file=/usr/local/etc/dnsmasq/vn-badsite-filter-dnsmasq.conf\n" >> /etc/dnsmasq.conf
BIND
This blocklist includes domains only.
Save the ruleset to "/usr/local/etc/bind/vn-badsite-filter-bind.conf". Refer to this guide for auto-update.
Configure BIND to use the blocklist:
printf '\ninclude "/usr/local/etc/bind/vn-badsite-filter-bind.conf";\n' >> /etc/bind/named.conf
Add this to "/etc/bind/null.zone.file" (skip this step if the file already exists):
$TTL 86400 ; one day
@ IN SOA ns.nullzone.loc. ns.nullzone.loc. (
2017102203
28800
7200
864000
86400 )
NS ns.nullzone.loc.
A 0.0.0.0
@ IN A 0.0.0.0
* IN A 0.0.0.0
Zone file is derived from here.
Response Policy Zone
This blocklist includes domains only.
Unbound
This blocklist includes domains only.
Save the rulesets to "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf". Refer to this guide for auto-update.
Configure Unbound to use the blocklist:
printf '\n include: "/usr/local/etc/unbound/vn-badsite-filter-unbound.conf"\n' >> /etc/unbound/unbound.conf
dnscrypt-proxy
Save the rulesets to "/etc/dnscrypt-proxy/". Refer to this guide for auto-update.
Configure dnscrypt-proxy to use the blocklist:
[blocked_names]
+ blocked_names_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-names.txt'
[blocked_ips]
+ blocked_ips_file = '/etc/dnscrypt-proxy/vn-badsite-filter-dnscrypt-blocked-ips.txt'
Tracking Protection List (IE)
This blocklist includes domains only. Supported in Internet Explorer 9+.
Snort2
Not compatible with Snort3.
Save the ruleset to "/etc/snort/rules/vn-badsite-filter-snort2.rules". Refer to this guide for auto-update.
Configure Snort to use the ruleset:
printf "\ninclude \$RULE_PATH/urlhaus-filter-snort2-online.rules\n" >> /etc/snort/snort.conf
Snort3
Not compatible with Snort2.
Save the ruleset to "/etc/snort/rules/vn-badsite-filter-snort3.rules". Refer to this guide for auto-update.
Configure Snort to use the ruleset:
# /etc/snort/snort.lua
ips =
{
variables = default_variables,
+ include = 'rules/vn-badsite-filter-snort3.rules'
}
Suricata
Save the ruleset to "/etc/suricata/rules/vn-badsite-filter-suricata.rules". Refer to this guide for auto-update.
Configure Suricata to use the ruleset:
# /etc/suricata/suricata.yaml
rule-files:
- local.rules
+ - vn-badsite-filter-suricata.rules
Splunk
A CSV file for Splunk lookup. This ruleset includes online URLs only.
Either upload the file via GUI or save the file in $SPLUNK_HOME/Splunk/etc/system/lookups or app-specific $SPLUNK_HOME/etc/YourApp/apps/search/lookups.
Or use malware-filter add-on to install this lookup and optionally auto-update it.
Columns:
| host | path | message | updated |
|---|---|---|---|
| example.com | vn-badsite-filter malicious website detected | 2022-12-21T12:34:56Z | |
| example2.com | /some-path | vn-badsite-filter malicious website detected | 2022-12-21T12:34:56Z |
Compressed version
All filters are also available as gzip- and brotli-compressed.
- Gzip: https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter.txt.gz
- Brotli: https://malware-filter.gitlab.io/malware-filter/vn-badsite-filter.txt.br
FAQ and Guides
See wiki
CI Variables
Optional variables:
CLOUDFLARE_BUILD_HOOK: Deploy to Cloudflare Pages.NETLIFY_SITE_ID: Deploy to Netlify.
Repository Mirrors
https://gitlab.com/curben/blog#repository-mirrors
License
Creative Commons Zero v1.0 Universal and MIT License
api.chongluadao.vn (operated by Hieu Minh Ngo): CC0