Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Suspicious Domains - SANS Internet Storm Center Suspicious Domains

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Suspending Service

Upon recently reviewing some of our sources for this service, we noticed how pretty much none of them are producing current data anymore (thanks to a reader for pointing this out to us). The lists will be empty until we find a way to resume this service.


    There are many suspicious domains on the internet. In an effort to identify them, as well as false positives, we have assembled weighted lists based on tracking and malware lists from different sources. ISC is collecting and categorizing various lists associated with a certain level of sensitivity. We would like to acknowledge the following data sources:

  • Phishtank Phishing URLs
  • URLHaus List from

A suggested use of these lists is as input file for Guy's domain sinkhole project.

Thank you to handler Jason Lam for developing this project! This page is still experimental and evolving. We will be adding more data sources over time. If you have any suggestions, please let us know.

Lists By Level

The lists below categorizes domains as a guide to Low, Medium and High Levels.
For our recommended IP block list, please visit

  • The high sensitivity list has fewer false positives down to the low sensitivty list with more false positives.
  • Lists are based on ranges so they will overlap at each level.
  • Approved Allowlist below is excluded from these lists.

Low Sensitivity Level (opens in new window)

Medium Sensitivity Level (opens in new window)

High Sensitivity Level (opens in new window)

Domain Allowlist

Download current allowlists:

The form below allows you to submit a known-good domain to the suspicious domains allowlist. Your submission will be reviewed and approved for release. Please Contact Us if you feel you have special circumstances outside of the criteria listed below or have any problems with the form.

  • There is a limit of 20 submissions per 24 hour period
  • Only 1 domain allowed per form submission
  • Domain MUST exists in one of the Lists By Level at the time of submission
  • Domain will be removed from allowlist 7 days after dropping off all Lists By Level

Please log in to submit a domain to the allowlist.

Search the Lists

Search for domain history and details:

Domain Name:

Creates a custom domain list file

Limit Score Range: -to- Higher the score, the more sensitive the domain
Restrict Date Range: -to-