Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Suspicious Domains Suspicious Domains

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!


A suggested use of these lists is as input file for Guy's domain sinkhole project.

Thank you to handler Jason Lam for developing this project! This page is still experimental and evolving. We will be adding more data sources over time. If you have any suggestions, please let us know.

Lists By Level

The lists below categorizes domains as a guide to Low, Medium and High Levels.
For our recommended IP block list, please visit

  • The high sensitivity list has fewer false positives down to the low sensitivty list with more false positives.
  • Lists are based on ranges so they will overlap at each level.
  • Approved Whitelist below is excluded from these lists.

Low Sensitivity Level (opens in new window)

Medium Sensitivity Level (opens in new window)

High Sensitivity Level (opens in new window)

Domain Whitelist

Download current whitelists:

The form below allows you to submit a known-good domain to the suspicious domains whitelist. Your submission will be reviewed and approved for release. Please Contact Us if you feel you have special circumstances outside of the criteria listed below or have any problems with the form.

  • There is a limit of 20 submissions per 24 hour period
  • Only 1 domain allowed per form submission
  • Domain MUST exists in one of the Lists By Level at the time of submission
  • Domain will be removed from whitelist 7 days after dropping off all Lists By Level

Please log in to submit a domain to the whitelist.

Search the Lists

Search for domain history and details:

Domain Name:

Creates a custom domain list file

Limit Score Range: -to- Higher the score, the more sensitive the domain
Restrict Date Range: -to-