Last active
August 17, 2025 22:37
-
-
Save soatok/2929e319fa65752c67dbf18d5d38b657 to your computer and use it in GitHub Desktop.
Bad domains to block (truncated HMAC-SHA256 edition)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "key": "99b663fec7d19267e21cce472b8ff9d3cd7b669632ea4e6985d51ed935581dee", | |
| "block": [ | |
| "e5c39e209702e52a", | |
| "3584c040a6057577", | |
| "044befd864f5d185", | |
| "0f299bd4bee0f063", | |
| "693af86bba325385", | |
| "d38cdca747101f8a", | |
| "62d74de0fcebb5da", | |
| "e021e43b2210b2ba", | |
| "4d34b37cd29d90a4", | |
| "a0624bfd03ccd309", | |
| "f2133f8131e4cf35", | |
| "bfbe7e1d7dad2af5", | |
| "a18b99411254de80", | |
| "1b426936b31cebfd", | |
| "12b9682c35518078", | |
| "2012044bd4c6369d", | |
| "54124ba47ca7080b", | |
| "f2133f8131e4cf35", | |
| "31860ee1dc553600", | |
| "b42f1b6e1eff1858", | |
| "18af958ecba0f1a6", | |
| "03a9f7502174d447", | |
| "28c40763ec8082a6" | |
| ] | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const badDomains = {/* load JSON file */}; | |
| // Replace with bad.json | |
| const subtle = (typeof window !== "undefined" && window.crypto?.subtle) | |
| || (typeof globalThis !== "undefined" && globalThis.crypto?.subtle) | |
| || (require('node:crypto').webcrypto.subtle); | |
| const escapeHtml = unsafe => { | |
| return unsafe | |
| .replaceAll("&", "&") | |
| .replaceAll("<", "<") | |
| .replaceAll(">", ">") | |
| .replaceAll('"', """) | |
| .replaceAll("'", "'"); | |
| }; | |
| // Some functions to use this | |
| async function isBadDomain(domain) { | |
| const keyBytes = Uint8Array.from(badDomains['key'].match(/.{2}/g).map(b => parseInt(b, 16))); | |
| const cryptoKey = await subtle.importKey( | |
| "raw", | |
| keyBytes, | |
| { name: "HMAC", hash: "SHA-256" }, | |
| false, | |
| ["sign"] | |
| ); | |
| const dataBytes = new TextEncoder().encode(domain); | |
| const mac = await subtle.sign("HMAC", cryptoKey, dataBytes); | |
| const prefix = Array.from(new Uint8Array(mac.slice(0, 8))) | |
| .map(b => b.toString(16).padStart(2, "0")) | |
| .join("") | |
| ; | |
| return badDomains['block'].includes(prefix); | |
| } | |
| function checkBadReferrer() { | |
| if (typeof(document.referrer) === 'undefined') {return;} | |
| if (!document.referrer) {return;} | |
| const domain = (new URL(document.referrer)).hostname; | |
| isBadDomain(domain).then(function (result) { | |
| if (result) { | |
| document.body.innerHTML = `You are coming here from ${escapeHtml(domain)}. You are not welcome.`; | |
| } | |
| }); | |
| } |
Comments are disabled for this gist.