Why is whois.domaintools.com blocked?

whois.domaintools.com is not blocked, the link shows you the IP information in whois.domaintools.com, it does not mean whois.domaintools.com is blocked.

For the malicious user agent, please copy-paste the alert email here. we will take a look.

Ah, after applying come strong coffee I see that whois.domaintools.com simply gives me info about the IP number that was blocked.

Cool.

Here are some samples I get:

===Begin Quote===
TYPE: Found Malicious User Agent
DETECTED ATTACK VALUE: EMail Exractor
ACTION: Blocked
LOGTIME: 2013-02-21 06:29:30
FROM IP: https://whois.domaintools.com/61.58.82.230
URI: https://uniekewinkeltjes.com/about-unieke-winkeltjes
METHOD: GET
USERAGENT: EMail Exractor
REFERRER: N/A

TYPE: Found Malicious User Agent
DETECTED ATTACK VALUE: Java/1.7.0_02
ACTION: Blocked
LOGTIME: 2013-02-22 02:40:04
FROM IP: https://whois.domaintools.com/176.58.28.111
URI: https://uniekewinkeltjes.com/26/pollux-cafe-restaurant
METHOD: GET
USERAGENT: Java/1.7.0_02
REFERRER: N/A

TYPE: Found Basic DoS Attacks
DETECTED ATTACK VALUE: dDos Attack
ACTION: Blocked
LOGTIME: 2013-02-22 02:41:32
FROM IP: https://whois.domaintools.com/38.113.234.181
URI: https://uniekewinkeltjes.com/26/pollux-cafe-restaurant
METHOD: GET
USERAGENT: N/A
REFERRER: N/A
===End Quote===

Hi there

The first two should be spammers that tries to extract email addresses from your website then spam your email box. The last one does not have a user agent so suspicious, I would recommend to leave them as it is, no need to whitelist these IPs.

Hope this helps. ??

Yes, it does. Thanks!

That said, how are we to know whether or not to whitelist any blocked IPs? Or is is better not to worry about it?

It is not necessary to worry about it. In the future release, we will more functions and explanations so you can know whether they should be blocked permanently.