Simple and Transparent Plans
Choose the plan that best fits your SOC. Free plan includes whitelist intelligence. Pro+ plans unlock enrichment data, VPN/Tor detection, and advanced features.
Free
Perfect for evaluation and testing
- 100 queries/day
- 5 indicators per request
- 20 requests per minute
- Whitelist intelligence only (180+ sources)
- Basic confidence level (high/medium/low)
- Short risk context labels
- Verified TLD detection
- REST API access
- Community support
Limitations:
- No enrichment data (upgrade required)
- No provider detection or verdicts
- No recommendations (action/false positive)
- No VPN/Tor/Proxy detection flags
- No detailed risk descriptions
Pro
💰 Full features unlocked
For small SOCs and security teams
- 20,000 queries/day
- 20 indicators per request
- 120 requests per minute
- Whitelist + Enrichment data (full 180+ sources)
- Provider Detection (50+ providers: CDN, Cloud, VPN)
- Actionable Verdicts (likely_benign, investigate, malicious)
- Smart Recommendations (action + false positive likelihood)
- Full confidence scoring (0-100)
- Detailed risk descriptions
- VPN/Tor/Proxy detection flags
- Usage analytics dashboard
- Email support
Team
💰 Most popular
For medium SOCs and growing teams
- 100,000 queries/day
- 50 indicators per request
- 300 requests per minute
- All Pro features
- Priority email support
- Higher throughput
- Extended rate limits
- Team collaboration features
Enterprise
💰 Contact sales for pricing
For large SOCs and custom requirements
- Unlimited queries
- 100 indicators per request
- 1,000+ requests per minute
- All Team features
- Custom rate limits
- Dedicated support
- Custom SLAs available
- Volume discounts
- Invoiced billing
What Makes Reput.io Different
Purpose-built for reducing false positives in SOC environments
Two Types of Intelligence
Whitelist: Verified safe sources (FAANG, banks, governments) - auto-allow
Enrichment: Contextual data (CDNs, VPNs, cloud) - analyst review
Confidence Scoring
Every indicator gets a 0-100 confidence score based on source trust tier, corroboration, and institutional recognition. Not just "good" or "bad".
Risk Context
Human-readable explanations: "Verified Google infrastructure - safe to allow" or "Dynamic DNS provider - commonly abused for C2".
180+ Authoritative Sources
MISP warninglists, Cisco Umbrella, Tranco, AWS/GCP/Azure ranges, government registries, ASN providers, and curated institutional data.