IP Address Whois Lookup

By Jethro on Oct 21, 2011

Simple IP Whois Check. This script is self-explanatory as always.

Usage: !track

UPDATE - 6/24/12 - Revised the incorrect match under sockread due to source code change. I removed the regsubex stripping method and the unncessary while loop.

UPDATE - 6/25/12 - Added bold in the output to make the IP result easier to spot and read.

on *:exit:{
  if ($file(whois).shortfn) .remove $v1
}
on *:sockclose:w...*:{
  .play $gettok($sock($sockname).mark,2,124) whois 2000 
}
on *:text:$($iif(!track* iswm $strip($1),$1)):*:{
  if ($file(whois).shortfn) write -c $v1 
  if ($regex($strip($2),/((\d{1,3}\.){3}\d{1,3})/S)) { 
    var %ipinfo = $regml(1)
    if ($play(#)) || ($play($nick)) { 
      .notice $nick Please wait until I've finished the IP lookup! 
      halt 
    }
    .msg $iif(#,#,$nick) Please wait while I fetch the IP info...
    var %w $+(w...,$r(1,$ticks)) 
    sockopen %w www.fr2.cyberabuse.org 80
    sockmark %w $+(%ipinfo,|,$iif(#,#,$nick)) 
    halt 
  }
  .notice $nick That's not an IP address. Syntax: !track <IP>
}
on *:sockopen:w...*:{
  if ($sockerr) { 
    $gettok($sock($sockname).mark,2,124) * Error Connecting to Website! 
    halt 
  }
  var %? = sockwrite -nt $sockname
  var %?? = $+(IP=,$gettok($sock($sockname).mark,1,124),&OK=OK&OK=OK&dns=OK)
  %? POST /whois/?page=whois_server HTTP/1.1 
  %? Host: $sock($sockname).addr
  %? Referer: $+(http://,$sock($sockname).addr,/whois/?page=whois_server)
  %? Content-Type: application/x-www-form-urlencoded 
  %? Connection: close 
  %? Content-Length: $len(%??) 
  %? $+($crlf,%??)
}
on *:sockread:w...*:{
  if ($sockerr) { 
    $gettok($sock($sockname).mark,2,124) * Error Reading Website! 
    halt 
  }
  if (error isin %whois) { 
    .msg $gettok($sock($sockname).mark,2,124) Invalid IP Address! 
    halt
  }
  var %whois, %data = (Infos|Country|Abuse E-mail|Source)
  sockread %whois 
  if ($chr(37) !isin %whois) && ($regex($v2,/ $+ %data $+ /)) {
    if ($regex(%whois,/(.*) $+  $+($chr(60),br,$chr(62)) $+ /)) {
      write whois $regsubex($remove($regml(1),:),$&
        / $+ %data $+ /g,$+($chr(2),\1 :,$chr(2)))
    }
  }
}

Jethro

Like Page Follow Author

Comments

Sign in to comment.
PackardBell   -  Oct 28, 2013

Heyo.
Something strange happened... It used to work... but now i get this:
/play: unable to open 'C:\Users\myname\AppData\Roaming\mIRC\whois' (line 5, script9.ini)
it used to work... so what could have happened?

  1 Response  
horstefan  -  Oct 28, 2013

Is the website reachable? (line 17)
If the website fails or the content has changed the script won't recognise it properly
(om my phone right now so can't check for myself)

Sign in to comment

horstefan   -  Oct 14, 2012

Ripe information fails for me

[17:52:35] !track 46.105.168.133
[17:52:36] Please wait while I fetch the IP info...
[17:52:39] Source : RIPE

 Respond  
cptpan   -  Sep 30, 2012

How can I make this all return on one line? The bot will flood like all fukc otherwise..

 Respond  
RIcko   -  Jun 25, 2012

Yep, works like a charm! thanks :)

 Respond  
Jethro   -  Jun 25, 2012

Done. Bold request has been added to the script update. Please see to it. ^^

 Respond  
RIcko   -  Jun 25, 2012

Thanks Jethro, + like

Just to make sure that it works for others to see:

(Jun-Mon-25)(12:56:11:pm) Please wait while I fetch the IP info...
(Jun-Mon-25)(12:56:15:pm) [ Informations about 182.179.116.118 ]
(Jun-Mon-25)(12:56:17:pm) Infos : DSLAM Central Infrastructure
(Jun-Mon-25)(12:56:19:pm) Country : Pakistan (PK)
(Jun-Mon-25)(12:56:21:pm) Abuse E-mail : ahmed.imtiaz@ptcl.net.pk
(Jun-Mon-25)(12:56:23:pm) Source : APNIC

Just a little request if you don't mind, i don't want to mess up the script by doing so, but can you make it look like this:

http://i.imgur.com/yfKoc.png

With the bold added to it

thanks

 Respond  
Jethro   -  Jun 24, 2012

Rlcko, this script has been fixed and working again. Have fun and enjoy it.

 Respond  
Jethro   -  Jun 24, 2012

Yes, this script has broken on account of site source being altered. I'll have to fix it later.

 Respond  
RIcko   -  Jun 24, 2012
1

Great and useful Snippet but these are the results:

(Jun-Mon-25)(12:46:05:am) <07Ricko> !track 109.125.152.196
(Jun-Mon-25)(12:46:06:am) 03@Pedo Please wait while I fetch the IP info...
(Jun-Mon-25)(12:46:09:am) 03@Pedo d44
(Jun-Mon-25)(12:46:16:am) 03@Pedo WHOIS.CYBERABUSE.ORG
(Jun-Mon-25)(12:46:26:am) 03@Pedo body font-family : Arial, Helvetica, sans-serif ; font-size : 10pt;
(Jun-Mon-25)(12:46:28:am) 03@Pedo td font-family : Arial, Helvetica, sans-serif ; font-size : 10pt;
(Jun-Mon-25)(12:46:30:am) 03@Pedo form font-family : Arial, Helvetica, sans-serif ; font-size : 8pt;

I think the script is fine, but the site has moved or isn't working, can you please check because i really need this snippet!

 Respond  
Stewie1k94   -  Jan 09, 2012

This is good. Thanks :)

 Respond  
gabu8balls   -  Jan 09, 2012

Is there something wrong with v7.22 of mIRC?
I was trying to use many snippets that seems not to work, but I'm starting to think that the problem is with the client itself.
I'm using a clear installation of mIRC!! The only .ini loaded contains exactly the code above.
When I type "!track 208.67.222.222" (without the quotes, of course) nothing happen.
Same problem for all snippets that I must to type something.

Strange think: For remote users it works perfecly!
I've tried this:

on :text:TEST*:#:{
echo IT WORKS!
}

And when somebody type "TEST" I can see "IT WORKS" on the console.

Somebody knows what can be happening?

Thanks you and congratulations to Jethro for all those snippets :-)

 Respond  
alabama   -  Oct 22, 2011

will try it out soon, loks good jet

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.