diff --git a/scripts/retrieve_domains.sh b/scripts/retrieve_domains.sh
index 9c3a94e42..4f8f6201b 100644
--- a/scripts/retrieve_domains.sh
+++ b/scripts/retrieve_domains.sh
@@ -36,6 +36,7 @@ readonly -a SOURCES=(
     source_emerging_threats
     source_fakewebshoplisthun
     source_guntab
+    source_isc
     source_jeroengui_phishing
     source_jeroengui_scam
     source_manual
@@ -658,6 +659,15 @@ source_guntab() {
         # Note results are not sorted by time added
 }
 
+source_isc() {
+    source='Internet Storm Center'
+    results_file='data/pending/domains_isc.tmp'
+
+    url='https://isc.sans.edu/diaryarchive.html'
+    curl -sSZ --retry 2 --retry-all-errors "${url}" \
+        | grep -oE "$DOMAIN_REGEX" | grep '\[\.\]' > "$results_file"
+}
+
 source_jeroengui_phishing() {
     source='Jeroengui phishing'
     ignore_from_light=true