Content and threat categories

Talos supports two types of categories, both of which appear in the Reputation Center.

  • Threat Categories describe the reason(s) for a lower web reputation threat level. To dispute a threat categorization, submit a web reputation support ticket and select ‘Suggest Threat Category’ from the Suggested Reputation Changes column dropdown, then specify which threat categories you believe should be added or replaced. If you are unsure which new threat category should be applied, you may suggest the Malicious Sites threat category. Please supply additional details in the comment section to aid in investigation.
  • Content Categories characterize the general use of the website and are unrelated to any potential threats that the URL or IP may host. To dispute a content category, submit a web categorization support ticket.

Important notes:

  • A website can have both a threat category and a content category.
  • Some Cisco products may condense both types of categories together into the same field on their management consoles.To dispute a category, you may need to first identify the type of category being displayed and select the appropriate dispute portal that reports the type of category that you would like adjusted.

Web threat categories

Cisco Talos constantly tracks a broad set of attributes to evaluate conclusions about a given host. The below table contains alphabetical listings and descriptions of the standard threat categories used to classify attack types.

Threat Category Description
Bogon Bogons are IP Addresses that are known to belong to reserved IP address spaces that is supposedly unallocated or undelegated. Sites in this category are bogons that are known to be sending traffic.
Botnets Known to participate in a Bot network. These include Command and Control (CNC, C2) Servers and sites that deliver or receive data as part of the malicious transaction (bots, zombies).
Cryptojacking Websites with embedded scripts to mine cryptocurrency which use the visitor’s web browser. The script may belong to the owner of the web site, or injected by a malicious third-party, and is used as a method of generating revenue.
DNS Tunneling Sites that provide DNS Tunneling as a service. These services can be for PC or mobile and create a VPN connection specifically over DNS to send traffic that may bypass corporate policies and inspection.
Domain Generated Algorithm Domains that are extracted from malware that employ algorithms that generate domains for potential use in future malicious activities such as hosting malware or as an exfiltration destination.
Dynamic DNS Sites that are hosting dynamic DNS services. Attackers can use this technology as an evasion technique against IP blacklisting.
Ebanking Fraud Known to engage in fraudulent activities that relate to electronic banking.
Exploits Sites that are known to host or aide in exploits, drive-by-downloads and other activities that identifies and compromises vulnerable systems.
High Risk Sites and Locations Domains and hostnames that match against the OpenDNS predictive security algorithms from security graph.
Indicators of Compromise (IOC) Hosts that have been observed to engage in Indicators of Compromise.
Linkshare Websites that share copyrighted files without permission. The web site may be compromised, or otherwise involved in illegal file sharing.
Malicious Sites Sites exhibiting malicious behavior that do not necessarily fit into another, more granular, threat category.
Malware Sites Websites that are known to contain, serve, or support malware in its delivery, propagation, or in carrying out its malicious intent.
Newly Seen Domains Domains that have recently been registered, or not yet seen via telemetry. The behavior of these URLs has not been observed enough to establish the appropriate reputation. Spammers and malicious actors may rely on newly registered, or previously unused domains to disguise their activities, and avoid interdiction due to low reputation. Some legitimate URLs may briefly appear in this threat category as they become visible.
Open HTTP Proxy Hosts that are known to run Open Web Proxies and offer anonymous web browsing services.
Open Mail Relay Commonly used by Spam and Phishing attackers, sites in this category are hosts that are known to offer anonymous email relaying services.
Phishing Phishing and other fraudulent sites that copy or mimic legitimate sites for the purposes of surreptitiously acquiring sensitive information, such as user names, passwords, credit card numbers, etc…, for use in malicious activities.
Spam Known to serve, deliver or aide in the propagation of Spam.
Spyware and Adware Sites that are known to contain, serve, or support Spyware and Adware activities.
TOR exit Nodes Hosts known to offer exit node services for the Tor Anonymizer network.

Web content categories

Cisco Talos constantly tracks a broad set of attributes to evaluate conclusions about a given host. The below table contains alphabetical listings and descriptions of the standard categories used to classify website content.

Category Abbreviation Code Description Example Urls
Adult adlt 1006 Directed at adults, but not necessarily pornographic. May include adult clubs (strip clubs, swingers clubs, escort services, strippers), general information about sex, non-pornographic in nature, genital piercing, adult products or greeting cards, information about sex not in the context of health or disease.
Advertisements adv 1027 Banner and pop-up advertisements that often accompany a web page, other advertising websites that provide advertisement content. Advertising services and sales are classified as Business and Industry.
Alcohol alc 1077 Alcohol as a pleasurable activity, beer and wine making, cocktail recipes, liquor sellers, wineries, vineyards, breweries, alcohol distributors. Alcohol addiction is classified as Health and Medicine. Bars and restaurants are classified as Dining and Drinking.
Animals and Pets pets 1107 Information about domestic animals, livestock, service animals, pets and their care. Veterinary services, medicines, and animal health. Pet and animal training, aquariums, zoos, and animal shows. Includes animal shelters, humane societies, animal centric charities, and sanctuaries, bee keeping, training, and animal husbandry; dinosaurs and extinct animals.
Arts art 1002 Galleries and exhibitions, artists and art, photography, literature and books, performing arts and theater, musicals, ballet, design, architecture. Cinema and television are classified as Entertainment.
Astrology astr 1074 Astrology, horoscope, fortune telling, numerology, psychic advice, tarot.
Auctions auct 1088 Online and offline auctions, auction houses, and classified advertisements.
Business and Industry busi 1019 Marketing, commerce, corporations, business practices, workforce, human resources, transportation, payroll, security and venture capital, office supplies, industrial equipment (process equipment), machines and mechanical systems, heating equipment, cooling equipment, materials handling equipment, packaging equipment, manufacturing: solids handling, metal fabrication, construction and building, passenger transportation, commerce, industrial design, construction, building materials, shipping and freight (freight services, trucking, freight forwarders, truckload carriers, freight and transportation brokers, expedited services, load and freight matching, track and trace, rail shipping, ocean shipping, road feeder services, moving and storage).
Cannabis cann 1109 Websites that focus on the recreational and medicinal consumption of cannabis. Sites may include marketing, discussions about legal and regulatory issues, growth and production, paraphernalia, research, and investment in the cannabis industry. Dispensaries, cannabinoid (CBD oil, THC, etc.) based products are also included.
Chat and Instant Messaging chat 1040 Web-based instant messaging and chat rooms.
Cheating and Plagiarism plag 1051 Promoting cheating and selling written work, such as term papers, for plagiarism.
Child Abuse Content cprn 1064 Worldwide illegal child sexual abuse content.
Cloud and Data Centers serv 1118 Platforms used to serve cloud infrastructure or data center hosting to support an organization's applications, services, or data processing. Due to the de-centralized nature of these domains and IP addresses, a more specific category cannot be applied based on content or ownership.
Computer Security csec 1065 Offering security products and services for corporate and home users.
Computers and Internet comp 1003 Information about computers and software, such as hardware, software, software support, information for software engineers, programming and networking, website design, the web and Internet in general, computer science, and computer graphics. Freeware and Shareware is a separate category.
Conventions, Conferences and Trade Shows expo 1110 Seminars, trade shows, conventions and conferences themed around a particular industry, market, or common interest. May include information about acquiring tickets, registration, abstract or presentation proposal guidelines, workshops, sponsorship details, vendor or exhibitor information, and other marketing or promotional material. This category includes academic, professional, as well as pop-culture events, all of which tend to be a short-lived or annual event.
Cryptocurrency cryp 1111 Online brokerages and websites that enable users to trade cryptocurrencies; information regarding cryptocurrencies including analysis, commentary, advice, performance indexes, and price charts. General information about cryptomining and mining businesses are included in this category but domains and IP addresses directly involved in mining activities are categorized as Cryptomining.
Cryptomining mine 1112 Hosts that are actively participating in a cryptocurrency mining pool.
Dating date 1055 Dating, online personals, matrimonial agencies.
Digital Postcards card 1082 Enabling sending of digital postcards and e-cards.
Dining and Drinking food 1061 Eating and drinking establishments, restaurants, bars, taverns, and pubs, restaurant guides and reviews.
DIY Projects diy 1097 Guidance and information to create, improve, modify, decorate and repair something without the aid of experts or professionals.
DNS-Tunneling tunn 1122 Sites that provide DNS Tunneling as a service. These services can be for PC or mobile and create a VPN connection specifically over DNS to send traffic that may bypass corporate policies and inspection.
Dynamic and Residential dyn 1091 IP addresses of broadband links that usually indicates users attempting to access their home network, for example for a remote session to a home computer.
Dynamic DNS Provider ddns 1114 Users may use dynamic DNS services to make certain applications or content accessible via the web from endpoints hosted on dynamically assigned IP addresses. Access is granted through a hostname on the domain owned by the dynamic DNS service.
Education edu 1001 Education-related, such as schools, colleges, universities, teaching materials, and teachers' resources; technical and vocational training; online training; education issues and policies; financial aid; school funding; standards and testing.
Encrypted DNS doht 1113 Encrypted DNS requests using HTTPS (DoH), TLS (DoT), QUIC (DoQ), or similar technologies. These protocols are typically used as a layer of security and privacy by end-users, but the encryption hides the content and destination of the request, and the request is passed through a third-party.
Entertainment ent 1093 Details or discussion of films, music and bands, television, celebrities and fan websites, entertainment news, celebrity gossip, entertainment venues. Compare the Arts category.
Extreme extr 1075 Material of a sexually violent or criminal nature, violence and violent behavior, tasteless, often gory photographs, such as autopsy photos, photos of crime scenes, crime and accident victims, excessive obscene material, shock websites.
Fashion fash 1076 Clothing and fashion, hair salons, cosmetics, accessories, jewelry, perfume, pictures and text relating to body modification, tattoos and piercing, modeling agencies. Dermatological products are classified as Health and Medicine.
File Transfer Services fts 1071 File transfer services with the primary purpose of providing download services and hosted file sharing.
Filter Avoidance filt 1025 Promoting and aiding undetectable and anonymous web usage, including cgi, php and glype anonymous proxy services.
Finance fnnc 1015 Primarily financial in nature, such as accounting practices and accountants, taxation, taxes, banking, insurance, investing, the national economy, personal finance involving insurance of all types, credit cards, retirement and estate planning, loans, mortgages. Stock and shares are classified as Online Trading.
Freeware and Shareware free 1068 Providing downloads of free and shareware software.
Gambling gamb 1049 Casinos and online gambling, bookmakers and odds, gambling advice, competitive racing in a gambling context, sports booking, sports gambling, services for spread betting on stocks and shares. Websites dealing with gambling addiction are classified as Health and Medicine. Government-run lotteries are classified as Lotteries.
Games game 1007 Various card games, board games, word games, and video games, combat games, sports games, downloadable games, game reviews, cheat sheets, computer games and Internet games, such as role-playing games.
Generative AI gnai 1128 Websites whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video, or images based on user-supplied prompts. Technologies which tangentially use generative AI as part of their service are not included.
Government and Law gov 1011 Government websites, foreign relations, news and information relating to government and elections, information relating to the field of law, such as attorneys, law firms, law publications, legal reference material, courts, dockets, and legal associations, legislation and court decisions, civil rights issues, immigration, patents and copyrights, information relating to law enforcement and correctional systems, crime reporting, law enforcement, and crime statistics.
Hacking hack 1050 Discussing ways to bypass the security of websites, software, and computers.
Hate Speech hate 1016 Websites promoting hatred, intolerance, or discrimination on the basis of social group, color, religion, sexual orientation, disability, class, ethnicity, nationality, age, gender, gender identity, sites promoting racism, sexism, racist theology, hate music, neo-Nazi organizations, supremacism, Holocaust denial.
Health and Medicine hmed 1104 Health care; diseases and disabilities; medical care; hospitals; doctors; medicinal drugs; mental health; psychiatry; pharmacology; exercise and fitness; physical disabilities; vitamins and supplements; sex in the context of health (disease and health care); tobacco use, alcohol use, drug use, and gambling in the context of health (disease and health care).
Humor lol 1079 Jokes, sketches, comics and other humorous content. Adult humor likely to offend is classified as Adult.
Hunting hunt 1098 Professional or sport hunting, gun clubs and other hunting related sites.
Illegal Activities ilac 1022 Promoting crime, such as stealing, fraud, illegally accessing telephone networks, computer viruses, bombs, and anarchy, websites depicting murder and suicide as well as explaining ways to commit them.
Illegal Downloads ildl 1084 Providing the ability to download software or other materials, serial numbers, key generators, and tools for bypassing software protection in violation of copyright agreements. Torrents are classified as Peer File Transfer.
Illegal Drugs drug 1047 Information about recreational drugs, drug paraphernalia, drug purchase and manufacture.
Infrastructure and Content Delivery Networks infr 1018 Content delivery infrastructure and dynamically generated content, websites that cannot be classified more specifically because they are secured or otherwise difficult to classify.
Internet of Things iot 1116 Domains used to monitor the general health, activity, or aid in the configuration of Internet of Things (IoT) and other network-aware electronics. Additionally these sites may provide software or firmware updates or allow remote access to administer the device. IoT exists in both consumer and professional segments, in products such as printers, televisions, thermostats, system monitoring, automation, and smart appliances.
Internet Telephony voip 1067 Telephonic services using the Internet.
Job Search job 1004 Career advice, resume writing and interviewing skills, job placement services, job databanks, permanent and temporary employment agencies, employer websites.
Lingerie and Swimsuits ling 1031 Intimate apparel and swimwear, especially when modeled.
Lotteries lotr 1034 Sweepstakes, contests and state-sponsored lotteries.
Military mil 1099 Military, such as the armed forces, military bases, military organizations, anti-terrorism.
Mobile Phones cell 1070 Short Message Services (SMS), ringtones and mobile phone downloads. Cellular carrier websites are included in the Business and Industry category.
Museums muse 1117 Museums and exhibits, both online and physical, dedicated to preserving information regarding subjects that could be of general interest or highly specialized. Subjects could range from art, history, science, or be of cultural importance.
Nature and Conservation ncon 1106 Sites related to natural resources; ecology and conservation; forests; wilderness; plants; flowers; forest conservation; forest, wilderness, and forestry practices; forest management (reforestation, forest protection, conservation, harvesting, forest health, thinning, and prescribed burning); agricultural practices (agriculture, gardening, horticulture, landscaping, planting, weed control, irrigation, pruning, and harvesting); pollution issues (air quality, hazardous waste, pollution prevention, recycling, waste management, water quality, and the environmental cleanup industry).
News news 1058 News, headlines, newspapers, television stations, magazines, weather, ski conditions.
Non-governmental Organizations ngo 1087 Non-governmental organizations such as clubs, lobbies, communities, non-profit organizations and labor unions.
Non-sexual Nudity nsn 1060 Nudism and nudity, naturism, nudist camps, artistic nudes.
Not Actionable nact 1103 Sites that have been inspected but are unreachable or do not have enough content to be assigned a category.
Online Communities comm 1024 Affinity groups, special interest groups, web newsgroups, message boards. Excludes websites classified as Professional Networking or Social Networking.
Online Document Sharing and Collaboration docs 1115 Cloud-based software used to create, convert, or edit documents. Collaboration and sharing features may be available with access permissions typically configured by the author. Documents may be stored online or available to download.
Online Meetings meet 1100 Online meetings, desktop sharing, remote access and other tools that facilitate multi-location collaboration.
Online Storage and Backup osb 1066 Offsite and peer-to-peer storage for backup, sharing, and hosting.
Online Trading trad 1028 Online brokerages, websites that enable the user to trade stocks online, information relating to the stock market, stocks, bonds, mutual funds, brokers, stock analysis and commentary, stock screens, stock charts, IPOs, stock splits. Services for spread betting on stocks and shares are classified as Gambling. Other financial services are classified as Finance.
Organizational Email pem 1085 Websites used to access business email (often via Outlook Web Access).
Paranormal prnm 1101 UFOs, ghosts, cryptid, telekinesis, urban legends and myths.
Parked Domains park 1092 Websites that monetize traffic from the domain using paid listings from an ad network, or are owned by 'squatters' hoping to sell the domain name for a profit. These also include fake search websites which return paid ad links.
Peer File Transfer p2p 1056 Peer-to-peer file request websites. This does not track the file transfers themselves.
Personal Sites pers 1081 Websites about and from private individuals, personal homepage servers, websites with personal contents, personal blogs with no particular theme.
Personal VPN pvpn 1102 Virtual private network (VPN) sites or tools that are typically for personal use, and, may or may not be approved for corporate usage.
Photo Search and Images img 1090 Facilitating the storing and searching for, images, photographs, and clip-art.
Politics pol 1083 Websites of politicians, political parties, news and information on politics, elections, democracy, and voting.
Pornography porn 1054 Sexually explicit text or depictions. Includes explicit anime and cartoons, general explicit depictions, other fetish material, explicit chat rooms, sex simulators, strip poker, adult movies, lewd art, web-based explicit email.
Private IP Addresses as Host piah 1121 Private IP addresses which are used as the host part of a URL. Private IP addresses are meant for internal use behind border routers only, so they are not publicly routable.
Professional Networking pnet 1089 Social networking for the purpose of career or professional development. See also Social Networking.
Real Estate rest 1045 Information that would support the search for real estate, office and commercial space, real estate listings, such as rentals, apartments, and homes, house building.
Recipes and Food reci 1105 Sites dedicated to sharing or discussing information about cooking, recipes, and food or non-alcoholic beverages; cultural aspects of cuisine and food; diet descriptions and adherence tips, general nutrition information about foods. Use and instruction on cooking appliances and utensils. Food celebrity, lifestyle, and enthusiast blogs.
Reference ref 1017 City and state guides, maps, time, reference sources, dictionaries, libraries.
Regional Restricted Sites (Germany) xdeu 1125 URLs that are restricted in Germany due to content which may be unlawful as determined by the regional government.
Regional Restricted Sites (Great Britain) xgbr 1123 URLs that are restricted in Great Britain due to content which may be unlawful as determined by the regional government.
Regional Restricted Sites (Italy) xita 1124 URLs that are restricted in Italy due to content which may be unlawful as determined by the regional government.
Regional Restricted Sites (Poland) xpol 1126 URLs that are restricted in Poland due to content which may be unlawful as determined by the regional government.
Religion rel 1086 Religious content, information about religions, religious communities.
SaaS and B2B saas 1080 Web portals for online business services.
Safe for Kids kids 1057 Directed at, and specifically approved for, young children.
Science and Technology sci 1012 Science and technology, such as aerospace, electronics, engineering, mathematics, and other similar subjects, space exploration, meteorology, geography, energy (fossil, nuclear, renewable), communications (telephones, telecommunications).
Search Engines and Portals srch 1020 Search engines and other initial points of access to information on the Internet.
Sex Education sxed 1052 Factual websites dealing with sex, sexual health, contraception, pregnancy.
Shopping shop 1005 Bartering, online purchasing, coupons and free offers, general office supplies, online catalogs, online malls.
Social Networking snet 1069 Social networking. See also Professional Networking.
Social Science socs 1014 Sciences and history related to society, archaeology, anthropology, cultural studies, history, linguistics, geography, philosophy, psychology, women's studies.
Society and Culture scty 1010 Family and relationships, ethnicity, social organizations, genealogy, seniors, child-care.
Software Updates swup 1053 Websites that host updates for software packages.
Sports and Recreation sprt 1008 All sports, professional and amateur, recreational activities, fishing, fantasy sports, public parks, amusement parks, water parks, theme parks, spas.
Streaming Audio aud 1073 Real-time streaming audio content including Internet radio and audio feeds.
Streaming Video vid 1072 Real-time streaming video including Internet television, web casts, and video sharing.
Terrorism and Violent Extremism terr 1119 Terrorist or extremist websites that promote death or violence as part of their ideology. Sites may contain graphic or disturbing images, videos, and text. Some sites may not advocate terrorism but share first-hand material of a violent nature.
Tobacco tob 1078 Pro-tobacco websites, tobacco manufacturers, pipes and smoking products (not marketed for illegal drug use). Tobacco addiction is classified as Health and Medicine.
Transportation trns 1044 Personal transportation, information about cars and motorcycles, shopping for new and used cars and motorcycles, car clubs, boats, airplanes, recreational vehicles (RVs), and other similar items. Note, car and motorcycle racing is classified as Sports and Recreation.
Travel trvl 1046 Business and personal travel, travel information, travel resources, travel agents, vacation packages, cruises, lodging and accommodation, travel transportation, flight booking, airfares, car rental, vacation homes.
URL Shorteners shrt 1120 Domains used to shorten long URLs, brand URLs, or may obscure the final destination of a hyperlink.
Weapons weap 1036 Information relating to the purchase or use of conventional weapons such as gun sellers, gun auctions, gun classified ads, gun accessories, gun shows, and gun training, general information about guns, other weapons may be included. Government military websites are classified as Military.
Web Cache and Archives cach 1108 Cached or archived web content often stored for preservation or to decrease load times.
Web Hosting whst 1037 Website hosting, bandwidth services.
Web Page Translation tran 1063 Translation of web pages between languages.
Web-based Email mail 1038 Public web-based email services. Websites enabling individuals to access their company or organizations email service are classified as Organizational Email.