Release Notes: A bug has been fixed that caused ARIN to RIPE whois redirects to fail.
Release Notes: The ARIN whois server has recently changed whois server redirect information for RIPE, causing the RIPE whois server to not be checked. This has been fixed in this release.
Release Notes: A parsing bug has been fixed when processing ARIN entries with parentheses in them. The handling of WHOIS errors has been improved for servers such as whois.educause.net which handles many .edu sites. Redirects from whois.publicinterestregistry.net are now supported properly.
Release Notes: Whois output from whois.arin.net has changed, causing the script to not follow netblocks. The script has been updated to parse this output correctly.
Release Notes: This release fixes a bug which caused batch mode to incorrectly stop processing after no contacts were found for one entry.
Release Notes: 'trouble:' entries reported from WHOIS servers such as RIPE now take priority over other email addresses listed in the same WHOIS output.
Release Notes: When showing an excerpt of logs, the number of matching lines is now shown to show severance of attack. A bug was also fixed that would consider certain FQDNs erroneously as IPs.
Release Notes: whois.abuse.net is now queried for contacts, and any contacts returned from here can optionally take priority over others to avoid sending complaints to the wrong administrators. Also, an option to not ignore 'Received:' lines in the input has been added.
Release Notes: Local network IPs such as 192.168/127.0 are now ignored. Options have been added to allow running the script non-interactively. All IPs in each input line are now counted instead of only the first one. arin.net and iana.org have been added the list of ignored domains.
Release Notes: This release has switched back to WHOIS for IP lookups with a fallback to RWHOIS, because rwhois.arin.net is often overloaded.