There are many suspicious domains on the internet. In an effort to identify them, as well as false positives, we have assembled weighted lists based on tracking and malware lists from different sources. ISC is collecting and categorizing various lists associated with a certain level of sensitivity. We would like to acknowledge the following data sources:
- Malware Domain List.com
- Domain Blocklist From Malwaredomains
- Abuse.ch Ransomware Domain Blocklist
- Threatexpert.com Malicious URLs
- Virustotal Domains
- Zeus Command And Control Server from Abuse.ch
A suggested use of these lists is as input file for Guy's domain sinkhole project.
Thank you to handler Jason Lam for developing this project! This page is still experimental and evolving. We will be adding more data sources over time. If you have any suggestions, please let us know.
Lists By Level
The lists below categorizes domains as a guide to Low, Medium and High Levels.
For our recommended IP block list, please visit https://isc.sans.edu/block.txt.
- The high sensitivity list has fewer false positives down to the low sensitivty list with more false positives.
- Lists are based on ranges so they will overlap at each level.
- Approved Whitelist below is excluded from these lists.
Low Sensitivity Level (opens in new window)
Medium Sensitivity Level (opens in new window)
High Sensitivity Level (opens in new window)
The form below allows you to submit a known-good domain to the suspicious domains whitelist. Your submission will be reviewed and approved for release. Please Contact Us if you feel you have special circumstances outside of the criteria listed below or have any problems with the form.
- There is a limit of 20 submissions per 24 hour period
- Only 1 domain allowed per form submission
- Domain MUST exists in one of the Lists By Level at the time of submission
- Domain will be removed from whitelist 7 days after dropping off all Lists By Level
Search the Lists
Search for domain history and details:
Creates a custom domain list file