I work for IPinfo. We do not provide reputation scoring, by the way. Reputation is such a subjective matter.
It would be easy for us to make a very quick sales if we start offering reputation scoring, but we, as a company, would rather support fraud detection, threat intelligence and bot detection services with raw data from us.
In fact, the 1400 servers we operate for internet measurement all have very sophisticated honeypots baked into them, but still, we have not productized that data. In our experience of the fast-moving world of IP addresses, reputation scoring, even with the best intentions, can introduce some downsides. We can do many things which will be better than most things out there, but we have to really balance the consequences of our product.
Thank you for your work and insights. I am a very satisfied paid user for many years. Keep up the good work!
Appreciate the balanced view as well.
Reputation scoring is useless metrics IMHO exactly for reasons you stated - risk appetite and risk model are generally different for everyone. We actually do have IP scoring build on datapoints we have + what ipinfo API gives us. This is tuned to specific projects and practically useless for anyone else.
One of practical point for OP is perhaps to consider an PoV that providing this sort of service will require a lot of intelligence collected from many sources, which OP may not have at this point. Even 1400 servers probably cover limited scope.
After I read your question I thought other people would wonder the same thing and I already had some ideas about greynoise. I'm going to go ahead and add this to the site for other people. Thanks. https://tunnelmind.ai/compare
> GreyNoise tells you whether an IP is internet-background scanning noise.
My somewhat poorly expressed point was that to make a decision whether IP is or isn't a "internet-background scanning noise" (btw how would you define that?) you need to have access to substantial volume of data. And also how the decision is made remains unclear. If some sysadmin on legitimate node does network scan to investiage something and you catch it - will it become positive "internet-background scanning noise"?
It would be easy for us to make a very quick sales if we start offering reputation scoring, but we, as a company, would rather support fraud detection, threat intelligence and bot detection services with raw data from us.
In fact, the 1400 servers we operate for internet measurement all have very sophisticated honeypots baked into them, but still, we have not productized that data. In our experience of the fast-moving world of IP addresses, reputation scoring, even with the best intentions, can introduce some downsides. We can do many things which will be better than most things out there, but we have to really balance the consequences of our product.