🎯 Whitelist Intelligence API • Reduce False Positives

Stop Chasing
False Positives

Automatically identify legitimate infrastructure: CDNs, cloud providers, corporate domains, and trusted services. Save time, focus your team on real threats.

Cut Alert Noise

Clear Allow/Block Verdicts

50+ Providers Verified

Try for Free View Documentation

<100ms

API Response

50+

CDN & Cloud Providers

100

IOCs per Request

Free

Tier Available

SOC Ready

REST API

Batch Lookups

Auto-Updated Daily

POST api.reput.io/lookup

Pro+ Response

// Cloudflare CDN IP - with Provider Detection & Verdict
{
  "indicator": "104.16.132.229",
  "status": "enrichment",
  "type": "ip",
  "verdict": "likely_benign",
  "risk_level": "low",
  "risk_context": "CDN Security Provider",
  "provider": {
    "name": "Cloudflare",
    "type": "cdn_security",
    "services": ["CDN", "WAF", "DDoS Protection", "DNS"]
  },
  "recommendation": {
    "action": "allow_with_logging",
    "false_positive_likelihood": "very_high",
    "investigation_hint": "Check HTTP Host header to identify actual site"
  },
  "categories": ["CDN", "Cloud Provider", "Corporate"]
}

// Tor Exit Node - Anonymity Network Detection
{
  "indicator": "185.220.101.42",
  "status": "enrichment",
  "verdict": "investigate",
  "risk_level": "high",
  "risk_context": "Anonymity Network",
  "provider": {
    "name": "Tor Network",
    "type": "anonymity_network"
  },
  "recommendation": {
    "action": "investigate",
    "false_positive_likelihood": "low"
  }
}

Comprehensive coverage for common false positive sources:

AWS / Azure / GCP•Cloudflare / Akamai / Fastly•Microsoft 365 / Google Workspace•Slack / Zoom / Teams•GitHub / GitLab•Payment Processors

Features that Make the Difference

Technology designed for security analysts who need precision, speed and context in every decision.

180+ Curated Intel Sources

MISP warninglists, Fortune 500, banking institutions, government registries, cloud provider ranges, and security research infrastructure—all continuously updated.

Eliminate False Positives

Auto-whitelist Google, Microsoft, Apple, AWS, and thousands of verified domains. Your analysts focus on real threats, not legitimate infrastructure.

Smart Trust Inheritance

Our unique algorithm blocks trust propagation for Dynamic DNS, URL shorteners, and free hosting. malware.duckdns.org is flagged high-risk even though duckdns.org is known.

Confidence Scoring (0-100)

6-factor algorithm: source type, category trust tier, multi-source corroboration, verified TLDs, match specificity, and institutional recognition.

50+ Provider Detection

Automatically identify Cloudflare, AWS, Google, Tor, NordVPN and 50+ infrastructure providers. Get clear verdicts (likely_benign, investigate, malicious) and actionable recommendations.

Complete URL Analysis

Full URL parsing with hostname, domain, path, and query extraction. Detects risky redirects from bit.ly, tinyurl, and 50+ URL shorteners.

60+ Government TLDs Verified

Automatic trust elevation for .gov, .mil, .edu, plus international equivalents: .gov.uk, .gouv.fr, .gob.mx, and 50+ verified government registries worldwide.

Simple REST API

JSON API with batch lookups (up to 100 indicators/request for Enterprise), rate limiting, and instant responses. Integrates with any SIEM, SOAR, or custom tooling in minutes.

Want to see how it works in your environment?

Try the API Now

Thousands of analysts trust Reput.io

Tired of Chasing Legitimate Traffic?

Join SOC teams that have reduced false positives by up to 85% with Reput.io. Start free today.

100 queries/day free

5-minute integration

No credit card required

Full documentation

Start Free View Documentation

Free plan forever • No credit card required

Used by security teams at:

SaaS Startups•Fintech•Consulting•E-commerce

Stop Chasing False Positives