Overview
After some maintenance downtime, the Suspicious Domains lists at https://isc.sans.edu/tools/suspicious_domains.html have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources.

Features

Background - https://isc.sans.edu/tools/suspicious_domains.html#background

• Project description, sources cited and suggested uses of project data.

Lists By Level - https://isc.sans.edu/tools/suspicious_domains.html#lists
Domain lists linked here are categorized by Low, Medium and High sensitivity.

• The lower the sensitivity, the fewer false positives.
• Lists are based on ranges so they will overlap at each level.

Domain Whitelist - https://isc.sans.edu/tools/suspicious_domains.html#whitelist
Links to lists of approved and pending known-good domains. Submissions will be reviewed for approval and the form is limited to the following:

• 20 submissions per 24 hour period
• Submit one domain at a time
• Domain must be on one of the current Lists by Level
• Domain whitelisted will automatically be removed 7 days after dropping off Lists by Level

Search the Lists - https://isc.sans.edu/tools/suspicious_domains.html#search

• Search for domain history and details:
  
  • Enter a domain from one of the Lists by Level to view First Added, Last Seen, Source and Whitelist details.
     
• Creates a custom domain list file
  Choose criteria on this form to refine a custom suspicious domain list! Results are displayed in a text box so you can easily select all and copy for use.
  - Limit Score Range between 0 to 100 (Higher the score, the more sensitive the domain)
  - Refine Domain Names by Any, All or Like
  - Occurs a minimum of n times 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu