Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC Suspicious Domains


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Background

There are many suspicious domains on the internet. In an effort to identify them, as well as false positives, we have assembled weighted lists based on tracking and malware lists from different sources. ISC is collecting and categorizing various lists associated with a certain level of sensitivity. We would like to acknowledge the following data sources:

A suggested use of these lists is as input file for Guy's domain sinkhole project.

Thank you to handler Jason Lam for developing this project! This page is still experimental and evolving. We will be adding more data sources over time. If you have any suggestions, please let us know.

Lists By Level

NOTE: List have been reordered to make Sensitivity Levels more clear.

The lists below categorizes domains as a guide to Low, Medium and High Levels.
For our recommended IP block list, please visit https://isc.sans.edu/block.txt.

  • The high sensitivity list has fewer false positives down to the low sensitivty list with more false positives.
  • Lists are based on ranges so they will overlap at each level.
  • Approved Whitelist below is excluded from these lists.

Low Sensitivity Level (opens in new window)

Medium Sensitivity Level (opens in new window)

High Sensitivity Level (opens in new window)

Domain Whitelist

Download current whitelists:

The form below allows you to submit a known-good domain to the suspicious domains whitelist. Your submission will be reviewed and approved for release. Please Contact Us if you feel you have special circumstances outside of the criteria listed below or have any problems with the form.

  • There is a limit of 20 submissions per 24 hour period
  • Only 1 domain allowed per form submission
  • Domain MUST exists in one of the Lists By Level at the time of submission
  • Domain will be removed from whitelist 7 days after dropping off all Lists By Level

Please log in to submit a domain to the whitelist.

Search the Lists

Search for domain history and details:

Domain Name:

Creates a custom domain list file

Limit Score Range: -to- Higher the score, the more sensitive the domain
Refine Domain Names: separate lists with spaces
Restrict Date Range: -to-
Occurs A Minimum Of: leave at zero(0) for unlimited