Online Whois tools for IPs … in this post I combine some works I did for exercise and for this report. Several IPs have suspicious behaviours (spam comments on blog, try exploits … ) like 220.127.116.11. But sometime IPs are Crawlers like 18.104.22.168 So using Whois and IP “reputation” (Spamhous and Project Honey Pot) helps to figure out what kind of IP is accessing to our resources.
WHOIS (pronounced as the phrase who is) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format. The WHOIS protocol is documented in RFC 3912.Wikipedia
The Spamhaus Project is an international organisation, based in both London and Geneva, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an Internet service provider, or other firm, which spams or knowingly provides service to spammers.
The Spamhaus Project is responsible for compiling several widely used anti-spam lists. Many internet service providers and email servers use the lists to reduce the amount of spam that reaches their users. In 2006, the Spamhaus services protected 650 million email users, including the European Parliament, US Army, the White House and Microsoft, from billions of spam emails a day.Wikipedia
Project Honey Pot
Project Honey Pot is a web-based honeypot network, which uses software embedded in web sites to collect information about IP addresses, used when harvesting e-mail addresses for spam or other similar purposes such as bulk mailing and e-mail fraud. The project also solicits the donation of unused MX entries from domain owners…Wikipedia