Whitelist Intelligence API • Reduce False Positives

Stop Chasing
False Positives

Automatically identify legitimate infrastructure: CDNs, cloud providers, corporate domains, and trusted services. Save time, focus your team on real threats.

<100ms

Batch Latency

1,000+

IOCs per Second

180+

Intel Sources

SIEM Ready

Auto-Updated Daily

Signed Webhooks

reput.io — api demo

# Domain lookup — is cloudflare.com safe?

{
  "indicator": "cloudflare.com",
  "status": "whitelisted",
  "type": "domain",
  "confidence_score": 100,
  "confidence_level": "very_high",
  "source_count": 8,
  "risk_level": "info",
  "risk_context": "CDN Security",
  "risk_description": "Cloudflare is a major CDN and security provider protecting over 25 million websites. This IP is part of their anycast edge network. While Cloudflare can proxy both legitimate and malicious sites, blocking Cloudflare IPs causes significant collateral damage affecting millions of services.",
  "verdict": "likely_benign",
  "recommendation": {
    "action": "allow_with_logging",
    "false_positive_likelihood": "very_high",
    "investigation_hint": "Check the HTTP Host header or SNI to identify the actual website being accessed."
  },
  "provider": {
    "name": "Cloudflare",
    "type": "cdn_security",
    "services": [
      "CDN",
      "WAF",
      "DDoS Protection",
      "DNS",
      "Zero Trust"
    ]
  },
  "reasons": [
    "Ranked within top 1K of Cisco Umbrella list.",
    "Ranked within the top 1K entries of the Majestic Million list (ranked by referring subnets).",
    "Cloudflare - Major CDN provider corporate infrastructure.",
    "Top 500 domains according to Moz – commonly legitimate high-traffic domains.",
    "Ranked within top 1K of Majestic Million list.",
    "Ranked within the top 1K entries of the Cisco Umbrella 1M list.",
    "Ranked within the top 1K entries of the Tranco 1M list.",
    "Ranked within top 1K of Tranco list."
  ],
  "categories": [
    "CDN",
    "Cloudflare",
    "Enterprise",
    "High Traffic",
    "Popular Domain",
    "SEO Ranking",
    "Security Service",
    "Top 50K"
  ]
}

Comprehensive coverage for common false positive sources:

AWS / Azure / GCP•Cloudflare / Akamai / Fastly•Microsoft 365 / Google Workspace•Slack / Zoom / Teams•GitHub / GitLab•Payment Processors

Features that Make the Difference

Purpose-built for SOC teams and SIEM integration. Sub-100ms latency, 1,000+ IOCs/second, and daily-refreshed intelligence from 180+ sources.

180+ Curated Intel Sources

MISP warninglists, Fortune 500, banking institutions, government registries, cloud provider ranges, and security research infrastructure—all continuously updated.

Eliminate False Positives

Auto-whitelist Google, Microsoft, Apple, AWS, and thousands of verified domains. Your analysts focus on real threats, not legitimate infrastructure.

Smart Trust Inheritance

Our unique algorithm blocks trust propagation for Dynamic DNS, URL shorteners, and free hosting. malware.duckdns.org is flagged high-risk even though duckdns.org is known.

Confidence Scoring (0-100)

6-factor algorithm: source type, category trust tier, multi-source corroboration, verified TLDs, match specificity, and institutional recognition.

50+ Provider Detection

Automatically identify Cloudflare, AWS, Google, Tor, NordVPN and 50+ infrastructure providers. Get clear verdicts (likely_benign, investigate, malicious) and actionable recommendations.

Complete URL Analysis

Full URL parsing with hostname, domain, path, and query extraction. Detects risky redirects from bit.ly, tinyurl, and 50+ URL shorteners.

60+ Government TLDs Verified

Automatic trust elevation for .gov, .mil, .edu, plus international equivalents: .gov.uk, .gouv.fr, .gob.mx, and 50+ verified government registries worldwide.

Signed Webhooks (Pro+)

Push lookup results and high-risk IOC alerts straight to your SOAR, SIEM, or Slack in real time. HMAC-SHA256 signed, timestamped, and delivered in under 100ms. Automate your response playbooks without polling.

Want to see how it works in your environment?

Try the API Now

Trusted data foundation

Built on 180+ vetted intelligence sources

We aggregate and cross-reference data from the most respected names in threat intelligence — you inherit their signal, without the integration pain.

MISP Warninglists

Community-maintained threat intel warninglists

Cisco Umbrella 1M

Top queried domains by DNS

Majestic Million

Most-linked domains on the web

Tranco

Research-grade domain popularity ranking

Moz Top 500

High-authority domain ranking

Spamhaus

Anti-abuse IP and domain reputation

Abuse.ch URLhaus

Malware distribution URL intelligence

AWS / GCP / Azure

Official cloud provider IP ranges

+ 170 more curated sources across Fortune 500, government registries, cloud ranges, and DNS intelligence.

Built by security engineers, for security engineers

Tired of Chasing Legitimate Traffic?

Industry studies show up to 85% of SOC alerts are false positives. Reput.io helps you cut through the noise. Start free today.

Sub-100ms Latency

1,000+ IOCs/Second

SIEM/SOAR Ready

180+ Intel Sources

Start Free View Documentation

Free plan forever • 500 queries/day

Built for:

SOC Analysts•MSSPs•DevSecOps Teams•Incident Responders

Stop Chasing False Positives