Netskope Help

RBI Category Definitions

The RBI specific web categories shown in the UI are explained in the table below.

Category

Description

Newly Registered Domain

All the newly registered domains are placed under this category.

No Content

Sites that don't have any content on the entire site are categorized as No Content.

Parked Domains

Parked Domain is the registration of an Internet domain name without that domain being associated with any services, such as e-mail or a website. This may have been done to reserve the domain name for future development, and to protect against the possibility of cybersquatting. Examples are parked domains, for sale call domain owners, etc.

Security Risk

Sites that are security risks and pervasive, plus pose a direct threat to business availability. A risk management site is essential for managing vulnerabilities and other risks.

Security Risk - Ad Fraud

Sites that are being used to commit fraudulent online display, advertising transactions using different ad impressions boosting techniques including but not limited to the following: ads stacking, iframe stuffing, and hidden ads. Includes sites that have high non-human web traffic and with rapid, large and unexplained changes in traffic. This category should be used by Web Analysts.

Security Risk - Attack

Sites that discuss attempts to gain unauthorized access to information resources or services, or to cause harm or damage to information systems.

Security Risk - Botnets

Sites or compromised web servers running software that is used by hackers to send spam, phishing attacks, and denial of service attacks.

Security Risk - Command and Control server

Internet servers used to send commands to infected machines called bots.

Security Risk - Compromised/malicious sites

Compromised sites that appear to be legitimate, but have malicious code or link to malicious sites hosting malware. These sites have been compromised by someone other than the site owner. If Firefox blocks a site as malicious, use this category. Examples are defaced, hacked by, etc.

Security Risk - Cryptocurrency Mining

Sites that use cryptocurrency mining technology without user permission. This is considered a malicious category.

Security Risk - DGA

Domains that are generated algorithmically using a Domain Generation Algorithm. These domains are used by DGA-based malware as their C2 channel and aim to hide the location of the active C2 server.

Security Risk - Hacking

Sites with information or tools specifically intended to assist in online crime, such as unauthorized access to computers, but also sites with tools and information that enables fraud and other online crime.

Security Risk - Malware Call- Home

When viruses and spyware report information back to a particular URL or check a URL for updates, this is considered a malware call-home address. This category is for use by the Threat Prevention Team and automated systems only.

Security Risk - Malware Distribution Point

Sites that host viruses, exploits, and other malware are considered Malware Distribution Points. Web Analysts may use this category if their anti-virus program triggers on a particular website. Other categories should also be added if applicable.

Security Risk - Miscellaneous

Sites with security risk indicators that are not mapped to any of the other security risk subcategories.

Security Risk - Phishing/ Fraud

Sites that impersonate other sites, usually with the intent of stealing passwords, credit card numbers, or other information. Also includes sites that are part of scams, such as a "419" scam where a person is convinced to hand over money with the expectation of a big payback that never comes. Examples: con, hoax, scam, etc.

Security Risk - Spam sites

Sites that frequently occur in spam messages. Should not be used by Web Analysts. 10300 Spyware & Questionable Software Software that reports information back to a central server such as spyware or keystroke loggers. Also includes software that may have legitimate purposes, but some people may object to having on their system. Web analysts should not use this category.

Security Risk - Spyware & Questionable Software

Sites that report information back to a central server, such as spyware or keystroke loggers. Also includes software that may have legitimate purposes, but some people may object to having on their system. Web analysts should not use this category.

Uncategorized

Domains that are yet to be categorized.

Web Proxies/Anonymizers

Web proxies and anonymizers are services that allow users to hide their identity, IP address and location when they browse the web. Unlike apps in other categories, which might have a justification for being used, proxies and anonymizers pose a security and legal risk to the organization and should be blocked. Netskope Cloud Confidence Index (CCI) does not apply to these apps.

Sample URLs include: kproxy.com, hidemyass.com, expressvpn.com