[thephyber]

Project Honeypot has been doing this (IP address reputation scoring) for something like 16 years (disclaimer: I once worked for a sibling company and developed an early Apache module for it).

What you propose is very similar to what happens with email IP reputation. If you look at all of the effort that goes into verifying as few false positives and false negatives as possible, you should probably consider why that effort is put in. Example: what happens if a malicious user who works on behalf of a rival company to yours creates a Pull Request to your list with your customer’s IP addresses? Could you realistically identify the issue and the malicious user before it hurt your corporate reputation?

I don’t think your idea is bad, but you have to realize that the concept of an IP address as a proxy for an actor/reputation is not as valuable in recent years as it used to be. With IPv6 and cheap botnet access, your list will fill up with junk when the attacker spends very little effort to add new GET/POST rules and new clients.

I would recommend you spend some time considering how much you care about this particular cat and mouse game when CDNs and WAFs have already made products which cater to this need.