Intelligence Categories

Talos, Cisco’s Security Intelligence and Research Group, constantly tracks a broad set of attributes to evaluate conclusions about a given host. The below tables contain alphabetical listings and descriptions of the standard categories used to classify website content and the standard threat categories used to classify attack types.

Category Abbreviation Code Description Example Urls
Sports and Recreation sprt 1008 All sports, professional and amateur, recreational activities, fishing, fantasy sports, public parks, amusement parks, water parks, theme parks, zoos and aquariums, spas.
Arts art 1002 Galleries and exhibitions, artists and art, photography, literature and books, performing arts and theater, musicals, ballet, museums, design, architecture. Cinema and television are classified as Entertainment.
Education edu 1001 Education-related, such as schools, colleges, universities, teaching materials, and teachers' resources, technical and vocational training, online training, education issues and policies, financial aid, school funding, standards and testing.
Games game 1007 Various card games, board games, word games, and video games, combat games, sports games, downloadable games, game reviews, cheat sheets, computer games and Internet games, such as role-playing games.
Job Search job 1004 Career advice, resume writing and interviewing skills, job placement services, job databanks, permanent and temporary employment agencies, employer websites.
Search Engines and Portals srch 1020 Search engines and other initial points of access to information on the Internet.
Shopping shop 1005 Bartering, online purchasing, coupons and free offers, general office supplies, online catalogs, online malls.
Society and Culture scty 1010 Family and relationships, ethnicity, social organizations, genealogy, seniors, child-care.
Hate Speech hate 1016 Websites promoting hatred, intolerance, or discrimination on the basis of social group, color, religion, sexual orientation, disability, class, ethnicity, nationality, age, gender, gender identity, sites promoting racism, sexism, racist theology, hate music, neo-Nazi organizations, supremacism, Holocaust denial.
Nature natr 1013 Natural resources, ecology and conservation, forests, wilderness, plants, flowers, forest conservation, forest, wilderness, and forestry practices, forest management (reforestation, forest protection, conservation, harvesting, forest health, thinning, and prescribed burning), agricultural practices (agriculture, gardening, horticulture, landscaping, planting, weed control, irrigation, pruning, and harvesting), pollution issues (air quality, hazardous waste, pollution prevention, recycling, waste management, water quality, and the environmental cleanup industry), animals, pets, livestock, and zoology, biology, botany.
Filter Avoidance filt 1025 Promoting and aiding undetectable and anonymous web usage, including cgi, php and glype anonymous proxy services.
Finance fnnc 1015 Primarily financial in nature, such as accounting practices and accountants, taxation, taxes, banking, insurance, investing, the national economy, personal finance involving insurance of all types, credit cards, retirement and estate planning, loans, mortgages. Stock and shares are classified as Online Trading.
Government and Law gov 1011 Government websites, foreign relations, news and information relating to government and elections, information relating to the field of law, such as attorneys, law firms, law publications, legal reference material, courts, dockets, and legal associations, legislation and court decisions, civil rights issues, immigration, patents and copyrights, information relating to law enforcement and correctional systems, crime reporting, law enforcement, and crime statistics, military, such as the armed forces, military bases, military organizations, anti-terrorism.
Reference ref 1017 City and state guides, maps, time, reference sources, dictionaries, libraries.
Science and Technology sci 1012 Science and technology, such as aerospace, electronics, engineering, mathematics, and other similar subjects, space exploration, meteorology, geography, environment, energy (fossil, nuclear, renewable), communications (telephones, telecommunications).
Social Science socs 1014 Sciences and history related to society, archaeology, anthropology, cultural studies, history, linguistics, geography, philosophy, psychology, women's studies.
Business and Industry busi 1019 Marketing, commerce, corporations, business practices, workforce, human resources, transportation, payroll, security and venture capital, office supplies, industrial equipment (process equipment), machines and mechanical systems, heating equipment, cooling equipment, materials handling equipment, packaging equipment, manufacturing: solids handling, metal fabrication, construction and building, passenger transportation, commerce, industrial design, construction, building materials, shipping and freight (freight services, trucking, freight forwarders, truckload carriers, freight and transportation brokers, expedited services, load and freight matching, track and trace, rail shipping, ocean shipping, road feeder services, moving and storage).
Infrastructure and Content Delivery Networks infr 1018 Content delivery infrastructure and dynamically generated content, websites that cannot be classified more specifically because they are secured or otherwise difficult to classify.
Advertisements adv 1027 Banner and pop-up advertisements that often accompany a web page, other advertising websites that provide advertisement content. Advertising services and sales are classified as Business and Industry.
Lingerie and Swimsuits ling 1031 Intimate apparel and swimwear, especially when modeled.
Lotteries lotr 1034 Sweepstakes, contests and state-sponsored lotteries.
Online Communities comm 1024 Affinity groups, special interest groups, web newsgroups, message boards. Excludes websites classified as Professional Networking or Social Networking.
Online Trading trad 1028 Online brokerages, websites that enable the user to trade stocks online, information relating to the stock market, stocks, bonds, mutual funds, brokers, stock analysis and commentary, stock screens, stock charts, IPOs, stock splits. Services for spread betting on stocks and shares are classified as Gambling. Other financial services are classified as Finance.
Illegal Activities ilac 1022 Promoting crime, such as stealing, fraud, illegally accessing telephone networks, computer viruses, terrorism, bombs, and anarchy, websites depicting murder and suicide as well as explaining ways to commit them.
Child Abuse Content cprn 1064 Worldwide illegal child sexual abuse content.
Non-sexual Nudity nsn 1060 Nudism and nudity, naturism, nudist camps, artistic nudes.
Dining and Drinking food 1061 Eating and drinking establishments, restaurants, bars, taverns, and pubs, restaurant guides and reviews.
News news 1058 News, headlines, newspapers, television stations, magazines, weather, ski conditions.
File Transfer Services fts 1071 File transfer services with the primary purpose of providing download services and hosted file sharing.
Software Updates swup 1053 Websites that host updates for software packages.
Social Networking snet 1069 Social networking. See also Professional Networking.
Freeware and Shareware free 1068 Providing downloads of free and shareware software.
Illegal Downloads ildl 1084 Providing the ability to download software or other materials, serial numbers, key generators, and tools for bypassing software protection in violation of copyright agreements. Torrents are classified as Peer File Transfer.
Humor lol 1079 Jokes, sketches, comics and other humorous content. Adult humor likely to offend is classified as Adult.
Safe for Kids kids 1057 Directed at, and specifically approved for, young children.
Peer File Transfer p2p 1056 Peer-to-peer file request websites. This does not track the file transfers themselves.
Internet Telephony voip 1067 Telephonic services using the Internet.
Astrology astr 1074 Astrology, horoscope, fortune telling, numerology, psychic advice, tarot.
Cheating and Plagiarism plag 1051 Promoting cheating and selling written work, such as term papers, for plagiarism.
Computer Security csec 1065 Offering security products and services for corporate and home users.
Dating date 1055 Dating, online personals, matrimonial agencies.
Gambling gamb 1049 Casinos and online gambling, bookmakers and odds, gambling advice, competitive racing in a gambling context, sports booking, sports gambling, services for spread betting on stocks and shares. Websites dealing with gambling addiction are classified as Health and Nutrition. Government-run lotteries are classified as Lotteries.
Hacking hack 1050 Discussing ways to bypass the security of websites, software, and computers.
Mobile Phones cell 1070 Short Message Services (SMS), ringtones and mobile phone downloads. Cellular carrier websites are included in the Business and Industry category.
Politics pol 1083 Websites of politicians, political parties, news and information on politics, elections, democracy, and voting.
Online Storage and Backup osb 1066 Offsite and peer-to-peer storage for backup, sharing, and hosting.
Pornography porn 1054 Sexually explicit text or depictions. Includes explicit anime and cartoons, general explicit depictions, other fetish material, explicit chat rooms, sex simulators, strip poker, adult movies, lewd art, web-based explicit email.
Real Estate rest 1045 Information that would support the search for real estate, office and commercial space, real estate listings, such as rentals, apartments, and homes, house building.
Religion rel 1086 Religious content, information about religions, religious communities.
SaaS and B2B saas 1080 Web portals for online business services, online meetings.
Web-based Email mail 1038 Public web-based email services. Websites enabling individuals to access their company or organizations email service are classified as Organizational Email.
Streaming Audio aud 1073 Real-time streaming audio content including Internet radio and audio feeds.
Streaming Video vid 1072 Real-time streaming video including Internet television, web casts, and video sharing.
Transportation trns 1044 Personal transportation, information about cars and motorcycles, shopping for new and used cars and motorcycles, car clubs, boats, airplanes, recreational vehicles (RVs), and other similar items. Note, car and motorcycle racing is classified as Sports and Recreation.
Travel trvl 1046 Business and personal travel, travel information, travel resources, travel agents, vacation packages, cruises, lodging and accommodation, travel transportation, flight booking, airfares, car rental, vacation homes.
Web Hosting whst 1037 Website hosting, bandwidth services.
Chat and Instant Messaging chat 1040 Web-based instant messaging and chat rooms.
Professional Networking pnet 1089 Social networking for the purpose of career or professional development. See also Social Networking.
Paranormal prnm 1101 UFOs, ghosts, cryptid, telekenesis, urban legends and myths.
Non-governmental Organizations ngo 1087 Non-governmental organizations such as clubs, lobbies, communities, non-profit organizations and labor unions.
Auctions auct 1088 Online and offline auctions, auction houses, and classified advertisements.
Photo Search and Images img 1090 Facilitating the storing and searching for, images, photographs, and clip-art.
Entertainment ent 1093 Details or discussion of films, music and bands, television, celebrities and fan websites, entertainment news, celebrity gossip, entertainment venues. Compare the Arts category.
Online Meetings meet 1100 Online meetings, desktop sharing, remote access and other tools that facilitate multi-location collaboration.
Parked Domains park 1092 Websites that monetize traffic from the domain using paid listings from an ad network, or are owned by 'squatters' hoping to sell the domain name for a profit. These also include fake search websites which return paid ad links.
Dynamic and Residential dyn 1091 IP addresses of broadband links that usually indicates users attempting to access their home network, for example for a remote session to a home computer.
Personal Sites pers 1081 Websites about and from private individuals, personal homepage servers, websites with personal contents, personal blogs with no particular theme.
Web Page Translation tran 1063 Translation of web pages between languages.
Alcohol alc 1077 Alcohol as a pleasurable activity, beer and wine making, cocktail recipes, liquor sellers, wineries, vineyards, breweries, alcohol distributors. Alcohol addiction is classified as Health and Nutrition. Bars and restaurants are classified as Dining and Drinking.
Computers and Internet comp 1003 Information about computers and software, such as hardware, software, software support, information for software engineers, programming and networking, website design, the web and Internet in general, computer science, computer graphics and clipart. Freeware and Shareware is a separate category.
Extreme extr 1075 Material of a sexually violent or criminal nature, violence and violent behavior, tasteless, often gory photographs, such as autopsy photos, photos of crime scenes, crime and accident victims, excessive obscene material, shock websites.
Health and Nutrition hlth 1009 Health care, diseases and disabilities, medical care, hospitals, doctors, medicinal drugs, mental health, psychiatry, pharmacology, exercise and fitness, physical disabilities, vitamins and supplements, sex in the context of health (disease and health care), tobacco use, alcohol use, drug use, and gambling in the context of health (disease and health care), food in general, food and beverage, cooking and recipes, food and nutrition, health, and dieting, cooking, including recipe and culinary websites, alternative medicine.
Sex Education sxed 1052 Factual websites dealing with sex, sexual health, contraception, pregnancy.
Tobacco tob 1078 Pro-tobacco websites, tobacco manufacturers, pipes and smoking products (not marketed for illegal drug use). Tobacco addiction is classified as Health and Nutrition.
Weapons weap 1036 Information relating to the purchase or use of conventional weapons such as gun sellers, gun auctions, gun classified ads, gun accessories, gun shows, and gun training, general information about guns, other weapons and graphic hunting sites may be included. Government military websites are classified as Government and Law.
Adult adlt 1006 Directed at adults, but not necessarily pornographic. May include adult clubs (strip clubs, swingers clubs, escort services, strippers), general information about sex, non-pornographic in nature, genital piercing, adult products or greeting cards, information about sex not in the context of health or disease.
Digital Postcards card 1082 Enabling sending of digital postcards and e-cards.
DIY Projects diy 1097 Guidance and information to create, improve, modify, decorate and repair something without the aid of experts or professionals.
Military mil 1099 Military, such as the armed forces, military bases, military organizations, anti-terrorism.
Illegal Drugs drug 1047 Information about recreational drugs, drug paraphernalia, drug purchase and manufacture.
Fashion fash 1076 Clothing and fashion, hair salons, cosmetics, accessories, jewelry, perfume, pictures and text relating to body modification, tattoos and piercing, modeling agencies. Dermatological products are classified as Health and Nutrition.
Personal VPN pvpn 1102 Virtual private network (VPN) sites or tools that are typically for personal use,and, may or may not be approved for corporate usage.
Organizational Email pem 1085 Websites used to access business email (often via Outlook Web Access).
Hunting hunt 1098 Hunting and Fishing Professional or sport hunting, gun clubs and other hunting related sites.
Not Actionable nact 1103 Sites that have been inspected but are unreachable or do not have enough content to be assigned a category.
Category Description
Malware Sites Websites that are known to contain, serve, or support malware in its delivery, propagation, or in carrying out its malicious intent.
Spyware and Adware Sites that are known to contain, serve, or support Spyware and Adware activities.
Phishing Phishing and other fraudulent sites that copy or mimic legitimate sites for the purposes of surreptitiously acquiring sensitive information, such as user names, passwords, credit card numbers, etc..., for use in malicious activities.
Botnets Known to participate in a Bot network. These include Command and Control (CNC, C2) Servers and sites that deliver or receive data as part of the malicious transaction (bots, zombies).
Spam Known to serve, deliver or aide in the propagation of Spam.
Exploits Sites that are known to host or aide in exploits, drive-by-downloads and other activities that identifies and compromises vulnerable systems.
Mobile Threats Threats that are designed to infect or adversely affect mobile devices such as phones and tablets.
High Risk Sites and Locations Domains and hostnames that match against the OpenDNS predictive security algorithms from security graph.
Bogon Bogons are IP Addresses that are known to belong to reserved IP address spaces that is supposedly unallocated or undelagated. Sites in this category are bogons that are known to be sending traffic.
P2P Malware Node Sites that use Peer-to-Peer sharing as a method to carry out malware related activities.
Ebanking Fraud Known to engage in fraudulent activities that relate to electronic banking.
Indicators of Compromise (IOC) Hosts that have been observed to engage in Indicators of Compromise.
Domain Generated Algorithm Domains that are extracted from malware that employ algorithms that generate domains for potential use in future malicious activities such as hosting malware or as an exfiltration destination.
Open HTTP Proxy Hosts that are known to run Open Web Proxies and offer anonymous web browsing services.
Open Mail Relay Commonly used by Spam and Phishing attackers, sites in this category are hosts that are known to offer anonymous email relaying services.
TOR exit Nodes Hosts known to offer exit node services for the Tor Anonymizer network.
Potential DNS Rebinding Public DNS entries that resolve to your network space. These are sometimes associated with DNS rebinding attacks, which allow malicious scripts to access your internal network resources.
DNS Tunneling Sites that provide DNS Tunneling as a service. These services can be for PC or mobile and create a VPN connection specifically over DNS to send traffic that may bypass corporate policies and inspection.
Dynamic DNS Sites that are hosting dynamic DNS services. Attackers can use this technology as an evasion technique against IP blacklisting.
Newly Seen Domains Domains that have recently been registered, or not yet seen via telemetry. The behavior of these URLs has not been observed enough to establish the appropriate reputation. Spammers and malicious actors may rely on newly registered, or previously unused domains to disguise their activities, and avoid interdiction due to low reputation. Some legitimate URLs may briefly appear in this threat category as they become visible.
Cryptojacking Websites with embedded scripts to mine cryptocurrency which use the visitor's web browser. The script may belong to the owner of the web site, or injected by a malicious third-party, and is used as a method of generating revenue.
Linkshare Websites that share copyrighted files without permission. The web site may be compromised, or otherwise involved in illegal file sharing.
Malicious Sites Sites exhibiting malicious behavior that do not necessarily fit into another, more granular, threat category.