# Suspicious Addresses Suspicious Transactions are labeled in ChainArgos as "sus". A "sus" address is one that has: * received a transfer from a known scam (e.g. cashing out of stolen funds); * received a transfer from a sanctioned address (whether by OFAC or any other governmental organization); * to/from transaction with an address flagged as a terrorist address (in this case, because both directions for the transfer could potentially be nefarious); or * to/from transaction with an address blacklisted by the token issuer themselves (e.g. Tether regularly blacklists addresses and both directions for the transfer could potentially be nefarious). The threshold for a "sus" transaction is any transfer >1 from a known scam, terrorist, or blacklisted address. Given the expansive nature of the "sus" label, exchange wallets will almost always inevitably be labeled "sus" because they would be within one degree of separation of a "sus" address that may have used the exchange's services. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.chainargos.com/documentation/labels/programmatic-labels/suspicious-addresses.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.