Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC Feature of the Week: Suspicious Domains

Published: 2012-04-18
Last Updated: 2012-04-18 16:39:18 UTC
by Adam Swanger (Version: 1)
0 comment(s)

After some maintenance downtime, the Suspicious Domains lists at have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources.


Background -

  • Project description, sources cited and suggested uses of project data.

Lists By Level -
Domain lists linked here are categorized by Low, Medium and High sensitivity.

  • The lower the sensitivity, the fewer false positives.
  • Lists are based on ranges so they will overlap at each level.

Domain Whitelist -
Links to lists of approved and pending known-good domains. Submissions will be reviewed for approval and the form is limited to the following:

  • 20 submissions per 24 hour period
  • Submit one domain at a time
  • Domain must be on one of the current Lists by Level
  • Domain whitelisted will automatically be removed 7 days after dropping off Lists by Level

Search the Lists -

  • Search for domain history and details:
    • Enter a domain from one of the Lists by Level to view First Added, Last Seen, Source and Whitelist details.
  • Creates a custom domain list file
    Choose criteria on this form to refine a custom suspicious domain list! Results are displayed in a text box so you can easily select all and copy for use.
    - Limit Score Range between 0 to 100 (Higher the score, the more sensitive the domain)
    - Refine Domain Names by Any, All or Like
    - Occurs a minimum of n times 


Post suggestions or comments in the section below or send us any questions or comments in the contact form on
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center

Keywords: ISC feature
0 comment(s)
Diary Archives