@cR0w "Demonstrably legitimate [...] CDNs [..]"

CDNs and Cloud Ranges are where most of our malicious traffic originate. These guys are destined for litigation...

@cR0w as an (ex) Red Teamer I support fully reput's approach!

@cR0w Yep, really complementary. Blocklists catch known-bad; we clear known-good so analysts stop burning time triaging legit infra. Both together beats either alone

@mathaetaes Agreed, which is why CDN and cloud stay at investigate with low trust in our output, never "benign". They can host C2 and we say so.

Actually my intro wording was sloppy, let me rephrase that, thanks!