Investigator Use
Project Honey Pot is a distributed web-based honeypot network that collects data about malicious internet visitors — harvesters collecting email addresses for spam, spambots, and other malicious web crawlers. Its IP address lookup service allows investigators to check whether a specific IP has been observed engaging in harvesting, spam delivery, or comment spam activity.
For OSINT investigators working email spam, fraud, and abuse investigations, Project Honey Pot's database provides historical activity records for IP addresses. When an IP appears in spam-related investigation materials, Project Honey Pot can confirm whether that IP has a documented history of harvesting email addresses for spam lists or delivering spam to honeypot addresses.
The threat score and activity type classifications in Project Honey Pot help investigators assess the risk profile and historical behavior of suspect IPs. An IP with a long history of email harvesting activity is likely part of a spam campaign infrastructure, while recent first-time appearance might indicate a recently compromised legitimate host.
Project Honey Pot's data is particularly relevant for investigations involving email spam campaigns, where identifying the sending infrastructure is key. IPs that have sent spam to Project Honey Pot addresses have been directly observed engaging in malicious email activity — a higher-confidence attribution than simple blocklist inclusion.
The harvester detection data reveals IPs that have scraped Project Honey Pot's embedded email addresses (which are only visible to web crawlers, not humans). This directly identifies automated email harvesting activity — a precursor to spam campaigns.
First seen and last seen dates for IPs in the Project Honey Pot database help investigators establish the operational timeline of suspect infrastructure — when a specific IP began engaging in malicious activity and whether it is currently active.
The service also allows investigators to contribute to the honeypot network by embedding honey pot links in their own web properties, which generates ongoing threat intelligence about harvesting activity targeting their domains.
Document queried IPs, activity types reported, first/last activity dates, and query timestamps for case records.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
APNIC
IP Address OSINT
A global, open, stable, and secure Internet that serves the entire Asia Pacific community
Abuse IP DB
IP Address OSINT
AbuseIPDB provides IP reputation data and community abuse reports for identifying malicious hosts in network and threat investigations.
Censys Search
IP Address OSINT
Internet-wide search interface for hosts and certificates with large-scale host, service, and virtual host coverage plus API access.
Cloudflare IP Finder
IP Address OSINT
Utilize misconfigured DNS and old database records to find hidden IP's behind the CloudFlare network
Criminal IP
IP Address OSINT
Criminal IP delivers AI-powered IP threat intelligence, attack surface data, and fraud detection for cyber threat investigations.
DNS dumpster
IP Address OSINT
Free domain research tool to discover hosts related to a domain. Find visible hosts from the attackers perspective for Red and Blue Teams.