I use Karen’s WHOIS program to see what “Malewarebytes” is telling me are trojans, PUPs, etc. but the definitions are not up to date as can be seen by inputting the IP address:
WhoIs Lookup performed by Karen's WhoIs http://www.karenware.com/ No Default Regional Internet Registry was found for IP Address. This may mean the IP Address has not yet been allocated to any RIR, and should not be used on the Internet. If this address has been used on the public Internet, it may mean this program's 'C:\ProgramData\Karen's Power Tools\WhoIs\RirInfo2.dat' file is out of-date. You are using version 2008/08/29 17:45:15
- WhoIs.txt has been updated already and is available at http://webupdate.karenware.com/whois/whois.txt
- RirInfo2.txt needs to be fixed. ARIN doesn't seem to have an original file matching the format.
It might be possible to use recursive queries of whois.arin.net to do this.
For instance, if I search whois.arin.net instead of Default RIR Server I find that whois.ripe.net is the authority, then I search it:
WhoIs Lookup performed by Karen's WhoIs http://www.karenware.com/ % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '126.96.36.199 - 188.8.131.52' % Abuse contact for '184.108.40.206 - 220.127.116.11' is 'firstname.lastname@example.org' inetnum: 18.104.22.168 - 22.214.171.124 netname: VPS_Customers_KV_Solutions descr: Virtual Private Servers Customers - KV Solutions B.V. country: NL admin-c: AK18811-RIPE tech-c: AK18811-RIPE status: ASSIGNED PA mnt-by: MNT-KVSOLUTIONS created: 2018-03-28T16:24:45Z last-modified: 2018-03-28T16:26:34Z source: RIPE person: Angelo Kreikamp address: Parelplein 31 address: 4337 MT address: Middelburg address: NETHERLANDS phone: +310118370473 nic-hdl: AK18811-RIPE mnt-by: nl-kvsolutions-nl-1-mnt created: 2018-01-30T13:35:20Z last-modified: 2018-01-30T13:35:21Z source: RIPE % Information related to '126.96.36.199/24AS60355' route: 188.8.131.52/24 origin: AS60355 mnt-by: MNT-KVSOLUTIONS created: 2018-07-16T20:29:44Z last-modified: 2018-07-16T20:29:44Z source: RIPE % This query was served by the RIPE Database Query Service version 1.92.6 (HEREFORD)