Events associated with this classification taxonomy are related to incidents that do not fit into any other taxonomy.


Events with this classification type contain systems detected through the use of blacklists. These lists should clearly refer to abusive behavior, such as spamming, but the original source did not include more detailed information.

While little might might be known about the specific reason why the system was blacklisted, it still means it is blacklisted and therefore potentially inaccessible to services and users. Depending on the services running on the system, like mail or web server this could be helpful information that could be combined with other indicators.

The system identified by source is most likely on a blacklist and therefore could be unreachable. It is also an indicator that the system might be compromised. If available we include additional information like a classification identifier, extra orevent_description information. The system should be regarded as potentially compromised, further investigation is advised.


  • Check for other issues related to the system or service.
  • Check the logs for unusual behavior.
  • Check the reachability of the system or service.