IP Address Whois Lookup

By Jethro on Oct 21, 2011

Simple IP Whois Check. This script is self-explanatory as always.

Usage: !track

UPDATE - 6/24/12 - Revised the incorrect match under sockread due to source code change. I removed the regsubex stripping method and the unncessary while loop.

UPDATE - 6/25/12 - Added bold in the output to make the IP result easier to spot and read.

on *:exit:{
  if ($file(whois).shortfn) .remove $v1
on *:sockclose:w...*:{
  .play $gettok($sock($sockname).mark,2,124) whois 2000 
on *:text:$($iif(!track* iswm $strip($1),$1)):*:{
  if ($file(whois).shortfn) write -c $v1 
  if ($regex($strip($2),/((\d{1,3}\.){3}\d{1,3})/S)) { 
    var %ipinfo = $regml(1)
    if ($play(#)) || ($play($nick)) { 
      .notice $nick Please wait until I've finished the IP lookup! 
    .msg $iif(#,#,$nick) Please wait while I fetch the IP info...
    var %w $+(w...,$r(1,$ticks)) 
    sockopen %w www.fr2.cyberabuse.org 80
    sockmark %w $+(%ipinfo,|,$iif(#,#,$nick)) 
  .notice $nick That's not an IP address. Syntax: !track <IP>
on *:sockopen:w...*:{
  if ($sockerr) { 
    $gettok($sock($sockname).mark,2,124) * Error Connecting to Website! 
  var %? = sockwrite -nt $sockname
  var %?? = $+(IP=,$gettok($sock($sockname).mark,1,124),&OK=OK&OK=OK&dns=OK)
  %? POST /whois/?page=whois_server HTTP/1.1 
  %? Host: $sock($sockname).addr
  %? Referer: $+(http://,$sock($sockname).addr,/whois/?page=whois_server)
  %? Content-Type: application/x-www-form-urlencoded 
  %? Connection: close 
  %? Content-Length: $len(%??) 
  %? $+($crlf,%??)
on *:sockread:w...*:{
  if ($sockerr) { 
    $gettok($sock($sockname).mark,2,124) * Error Reading Website! 
  if (error isin %whois) { 
    .msg $gettok($sock($sockname).mark,2,124) Invalid IP Address! 
  var %whois, %data = (Infos|Country|Abuse E-mail|Source)
  sockread %whois 
  if ($chr(37) !isin %whois) && ($regex($v2,/ $+ %data $+ /)) {
    if ($regex(%whois,/(.*) $+  $+($chr(60),br,$chr(62)) $+ /)) {
      write whois $regsubex($remove($regml(1),:),$&
        / $+ %data $+ /g,$+($chr(2),\1 :,$chr(2)))


Sign in to comment.
PackardBell   -  Oct 28, 2013

Something strange happened... It used to work... but now i get this:
/play: unable to open 'C:\Users\myname\AppData\Roaming\mIRC\whois' (line 5, script9.ini)
it used to work... so what could have happened?

horstefan  -  Oct 28, 2013

Is the website reachable? (line 17)
If the website fails or the content has changed the script won't recognise it properly
(om my phone right now so can't check for myself)

Sign in to comment

horstefan   -  Oct 14, 2012

Ripe information fails for me

[17:52:35] !track
[17:52:36] Please wait while I fetch the IP info...
[17:52:39] Source : RIPE

cptpan   -  Sep 30, 2012

How can I make this all return on one line? The bot will flood like all fukc otherwise..

RIcko   -  Jun 25, 2012

Yep, works like a charm! thanks :)

Jethro   -  Jun 25, 2012

Done. Bold request has been added to the script update. Please see to it. ^^

RIcko   -  Jun 25, 2012

Thanks Jethro, + like

Just to make sure that it works for others to see:

(Jun-Mon-25)(12:56:11:pm) Please wait while I fetch the IP info...
(Jun-Mon-25)(12:56:15:pm) [ Informations about ]
(Jun-Mon-25)(12:56:17:pm) Infos : DSLAM Central Infrastructure
(Jun-Mon-25)(12:56:19:pm) Country : Pakistan (PK)
(Jun-Mon-25)(12:56:21:pm) Abuse E-mail : ahmed.imtiaz@ptcl.net.pk
(Jun-Mon-25)(12:56:23:pm) Source : APNIC

Just a little request if you don't mind, i don't want to mess up the script by doing so, but can you make it look like this:


With the bold added to it


Jethro   -  Jun 24, 2012

Rlcko, this script has been fixed and working again. Have fun and enjoy it.

Jethro   -  Jun 24, 2012

Yes, this script has broken on account of site source being altered. I'll have to fix it later.

RIcko   -  Jun 24, 2012

Great and useful Snippet but these are the results:

(Jun-Mon-25)(12:46:05:am) <07Ricko> !track
(Jun-Mon-25)(12:46:06:am) 03@Pedo Please wait while I fetch the IP info...
(Jun-Mon-25)(12:46:09:am) 03@Pedo d44
(Jun-Mon-25)(12:46:16:am) 03@Pedo WHOIS.CYBERABUSE.ORG
(Jun-Mon-25)(12:46:26:am) 03@Pedo body font-family : Arial, Helvetica, sans-serif ; font-size : 10pt;
(Jun-Mon-25)(12:46:28:am) 03@Pedo td font-family : Arial, Helvetica, sans-serif ; font-size : 10pt;
(Jun-Mon-25)(12:46:30:am) 03@Pedo form font-family : Arial, Helvetica, sans-serif ; font-size : 8pt;

I think the script is fine, but the site has moved or isn't working, can you please check because i really need this snippet!

Stewie1k94   -  Jan 09, 2012

This is good. Thanks :)

gabu8balls   -  Jan 09, 2012

Is there something wrong with v7.22 of mIRC?
I was trying to use many snippets that seems not to work, but I'm starting to think that the problem is with the client itself.
I'm using a clear installation of mIRC!! The only .ini loaded contains exactly the code above.
When I type "!track" (without the quotes, of course) nothing happen.
Same problem for all snippets that I must to type something.

Strange think: For remote users it works perfecly!
I've tried this:

on :text:TEST*:#:{
echo IT WORKS!

And when somebody type "TEST" I can see "IT WORKS" on the console.

Somebody knows what can be happening?

Thanks you and congratulations to Jethro for all those snippets :-)

alabama   -  Oct 22, 2011

will try it out soon, loks good jet

Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.