Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC Feature of the Week: Suspicious Domains

Published: 2012-04-18
Last Updated: 2012-04-18 16:39:18 UTC
by Adam Swanger (Version: 1)
0 comment(s)

Overview
After some maintenance downtime, the Suspicious Domains lists at https://isc.sans.edu/tools/suspicious_domains.html have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources.

Features

Background - https://isc.sans.edu/tools/suspicious_domains.html#background

  • Project description, sources cited and suggested uses of project data.


Lists By Level - https://isc.sans.edu/tools/suspicious_domains.html#lists
Domain lists linked here are categorized by Low, Medium and High sensitivity.

  • The lower the sensitivity, the fewer false positives.
  • Lists are based on ranges so they will overlap at each level.

Domain Whitelist - https://isc.sans.edu/tools/suspicious_domains.html#whitelist
Links to lists of approved and pending known-good domains. Submissions will be reviewed for approval and the form is limited to the following:

  • 20 submissions per 24 hour period
  • Submit one domain at a time
  • Domain must be on one of the current Lists by Level
  • Domain whitelisted will automatically be removed 7 days after dropping off Lists by Level


Search the Lists - https://isc.sans.edu/tools/suspicious_domains.html#search

  • Search for domain history and details:
    • Enter a domain from one of the Lists by Level to view First Added, Last Seen, Source and Whitelist details.
       
  • Creates a custom domain list file
    Choose criteria on this form to refine a custom suspicious domain list! Results are displayed in a text box so you can easily select all and copy for use.
    - Limit Score Range between 0 to 100 (Higher the score, the more sensitive the domain)
    - Refine Domain Names by Any, All or Like
    - Occurs a minimum of n times 

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

Keywords: ISC feature
0 comment(s)
Diary Archives