Customer has a server which is only accessible from their intranet. Access to server is blocked as it is being categorized by BCWF as suspicious.
The suspicious rating was coming from WebPulse/DRTR.
DRTR was flagging this site as suspicious as it was not getting a response back from the server, normal since it's internal to the customers environment.
The use of a local database to whitelist internal sites and adding the appropriate policy is one way to work around this, alternatively having the site categorized correctly via sitereview will resolve the issue long term.