From 682cc5402a424650dc01695728b6886ec6b2554b Mon Sep 17 00:00:00 2001
From: Thomas Ciesla <thomas.ciesla@local.de>
Date: Fri, 9 Jan 2026 14:08:17 +0100
Subject: [PATCH] ip resolve local over whois

---
 jtl-wafi-agent.py     | 154 ++++++++++++++++++++++++++++++++++++++++++
 jtl-wafi-dashboard.py |  35 ++++++++--
 2 files changed, 184 insertions(+), 5 deletions(-)

diff --git a/jtl-wafi-agent.py b/jtl-wafi-agent.py
index f9151e9..65faa43 100644
--- a/jtl-wafi-agent.py
+++ b/jtl-wafi-agent.py
@@ -1045,6 +1045,10 @@ _ip_info_cache: Dict[str, Dict[str, Any]] = {}
 _ip_api_last_request = 0.0
 _ip_api_request_count = 0
 
+# WHOIS Cache (1 Stunde TTL)
+WHOIS_CACHE_TTL = 3600  # 1 Stunde
+_whois_cache: Dict[str, Dict[str, Any]] = {}
+
 # Global Country Ranges Cache (loaded once from ipdeny.com files)
 _country_ranges_cache: Dict[str, List[tuple]] = {}  # country -> [(network_int, mask_int), ...]
 _country_cache_loaded = False
@@ -1202,6 +1206,112 @@ def get_cached_ip_info(ip: str) -> Optional[Dict[str, Any]]:
     return _ip_info_cache.get(ip)
 
 
+def whois_lookup(ip: str) -> Dict[str, Any]:
+    """
+    Führt WHOIS-Lookup für eine IP durch (lokales whois-Tool).
+    Cached Ergebnisse für 1 Stunde.
+
+    Returns:
+        Dict mit: netname, org, asn, country, abuse, range, raw
+    """
+    global _whois_cache
+
+    # Cache prüfen
+    if ip in _whois_cache:
+        cached = _whois_cache[ip]
+        if time.time() - cached.get('_cached_at', 0) < WHOIS_CACHE_TTL:
+            return cached
+
+    result = {
+        'ip': ip,
+        'netname': '',
+        'org': '',
+        'asn': '',
+        'country': '',
+        'abuse': '',
+        'range': '',
+        'descr': '',
+        'raw': '',
+        '_cached_at': time.time()
+    }
+
+    try:
+        # WHOIS-Kommando ausführen
+        proc = subprocess.run(
+            ['whois', ip],
+            capture_output=True,
+            text=True,
+            timeout=10
+        )
+
+        if proc.returncode != 0:
+            logger.debug(f"WHOIS fehlgeschlagen für {ip}: {proc.stderr}")
+            _whois_cache[ip] = result
+            return result
+
+        raw_output = proc.stdout
+        result['raw'] = raw_output
+
+        # Parsing - verschiedene WHOIS-Formate unterstützen (RIPE, ARIN, APNIC, etc.)
+        lines = raw_output.split('\n')
+
+        for line in lines:
+            line_lower = line.lower().strip()
+
+            # Netname
+            if line_lower.startswith('netname:'):
+                result['netname'] = line.split(':', 1)[1].strip()
+
+            # Organisation
+            elif line_lower.startswith('org-name:') or line_lower.startswith('orgname:'):
+                result['org'] = line.split(':', 1)[1].strip()
+            elif line_lower.startswith('organization:') and not result['org']:
+                result['org'] = line.split(':', 1)[1].strip()
+            elif line_lower.startswith('descr:') and not result['org']:
+                # Fallback zu descr wenn keine org gefunden
+                val = line.split(':', 1)[1].strip()
+                if val and not result['descr']:
+                    result['descr'] = val
+
+            # ASN
+            elif line_lower.startswith('origin:') or line_lower.startswith('originas:'):
+                result['asn'] = line.split(':', 1)[1].strip()
+
+            # Country
+            elif line_lower.startswith('country:') and not result['country']:
+                result['country'] = line.split(':', 1)[1].strip().upper()
+
+            # Abuse Contact
+            elif 'abuse' in line_lower and '@' in line:
+                # E-Mail aus der Zeile extrahieren
+                import re
+                email_match = re.search(r'[\w\.-]+@[\w\.-]+\.\w+', line)
+                if email_match and not result['abuse']:
+                    result['abuse'] = email_match.group(0)
+
+            # IP Range (inetnum/NetRange)
+            elif line_lower.startswith('inetnum:') or line_lower.startswith('netrange:'):
+                result['range'] = line.split(':', 1)[1].strip()
+            elif line_lower.startswith('cidr:') and not result['range']:
+                result['range'] = line.split(':', 1)[1].strip()
+
+        # Fallback: descr als org wenn org leer
+        if not result['org'] and result['descr']:
+            result['org'] = result['descr']
+
+        logger.debug(f"WHOIS für {ip}: netname={result['netname']}, org={result['org']}, asn={result['asn']}")
+
+    except subprocess.TimeoutExpired:
+        logger.warning(f"WHOIS Timeout für {ip}")
+    except FileNotFoundError:
+        logger.error("WHOIS-Tool nicht installiert! Bitte 'whois' installieren.")
+    except Exception as e:
+        logger.error(f"WHOIS Fehler für {ip}: {e}")
+
+    _whois_cache[ip] = result
+    return result
+
+
 # =============================================================================
 # LIVE STATISTICS TRACKER
 # =============================================================================
@@ -3889,6 +3999,9 @@ class JTLWAFiAgent:
             elif event_type == 'command.autoban_config':
                 await self._handle_autoban_config_command(event_data)
 
+            elif event_type == 'command.whois':
+                await self._handle_whois_command(event_data)
+
             elif event_type == 'log.subscribe':
                 shop = event_data.get('shop')
                 if shop:
@@ -4376,6 +4489,47 @@ class JTLWAFiAgent:
                 'message': str(e)
             })
 
+    async def _handle_whois_command(self, data: Dict[str, Any]):
+        """Führt WHOIS-Lookup für eine IP durch und sendet Ergebnis."""
+        command_id = data.get('command_id', 'unknown')
+        ip = data.get('ip')
+
+        if not ip:
+            await self._send_event('whois_result', {
+                'command_id': command_id,
+                'success': False,
+                'error': 'Keine IP angegeben'
+            })
+            return
+
+        try:
+            # WHOIS-Lookup durchführen (wird gecacht)
+            result = whois_lookup(ip)
+
+            # Ergebnis senden (ohne raw für kleinere Payload)
+            await self._send_event('whois_result', {
+                'command_id': command_id,
+                'success': True,
+                'ip': ip,
+                'netname': result.get('netname', ''),
+                'org': result.get('org', ''),
+                'asn': result.get('asn', ''),
+                'country': result.get('country', ''),
+                'abuse': result.get('abuse', ''),
+                'range': result.get('range', '')
+            })
+
+            logger.info(f"WHOIS für {ip}: {result.get('org', 'Unknown')} ({result.get('asn', 'N/A')})")
+
+        except Exception as e:
+            logger.error(f"WHOIS Fehler für {ip}: {e}")
+            await self._send_event('whois_result', {
+                'command_id': command_id,
+                'success': False,
+                'ip': ip,
+                'error': str(e)
+            })
+
     async def _periodic_tasks(self):
         """Führt periodische Tasks aus."""
         while self.running:
diff --git a/jtl-wafi-dashboard.py b/jtl-wafi-dashboard.py
index c140bf2..7f2a91e 100644
--- a/jtl-wafi-dashboard.py
+++ b/jtl-wafi-dashboard.py
@@ -798,6 +798,12 @@ async def agent_websocket(websocket: WebSocket):
                         'data': event_data
                     })
 
+                elif event_type == 'whois_result':
+                    await manager.broadcast_to_browsers({
+                        'type': 'whois_result',
+                        'data': event_data
+                    })
+
             except json.JSONDecodeError:
                 pass
             except Exception as e:
@@ -900,6 +906,19 @@ async def dashboard_websocket(websocket: WebSocket):
                             'data': event_data
                         })
 
+                elif event_type == 'command.whois':
+                    # WHOIS ist Shop-unabhängig - nutze einen beliebigen Online-Agent
+                    agent_id = None
+                    for aid, ws in manager.agents.items():
+                        if ws:
+                            agent_id = aid
+                            break
+                    if agent_id:
+                        await manager.send_to_agent(agent_id, {
+                            'type': 'command.whois',
+                            'data': event_data
+                        })
+
                 elif event_type == 'get_shop_history':
                     domain = event_data.get('domain')
                     data = store.get_shop_history(domain)
@@ -1691,6 +1710,7 @@ def get_dashboard_html() -> str:
     <div class="modal-overlay" id="allShopsModal"><div class="modal xlarge"><h3 class="modal-title"><span>📊 Alle Shops</span><button class="btn btn-secondary" onclick="closeModal('allShopsModal')">✕</button></h3><div style="margin-bottom:16px"><button class="btn" id="sortByReq" onclick="sortAllShops('req_per_min')">Nach Requests</button> <button class="btn btn-secondary" id="sortByBans" onclick="sortAllShops('active_bans')">Nach Bans</button></div><table><thead><tr><th>#</th><th>Domain</th><th>Server</th><th>Status</th><th>Req/min</th><th>Bans</th><th>Typ</th></tr></thead><tbody id="allShopsTable"></tbody></table></div></div>
     <div class="modal-overlay" id="detailModal"><div class="modal large"><h3 class="modal-title"><a href="#" id="detailDomainLink" target="_blank" style="color:var(--accent);text-decoration:none" onmouseover="this.style.textDecoration='underline'" onmouseout="this.style.textDecoration='none'"><span id="detailDomain">-</span> 🔗</a><button class="btn btn-secondary" onclick="closeModal('detailModal')">✕</button></h3><div style="color:var(--text-secondary);margin:-8px 0 16px 0;font-size:13px">Server: <span id="detailServer">-</span></div><div class="detail-grid"><div class="detail-card"><div class="detail-card-label">Status</div><div class="detail-card-value" id="detailStatus">-</div></div><div class="detail-card"><div class="detail-card-label">Modus</div><div class="detail-card-value" id="detailMode">-</div></div><div class="detail-card"><div class="detail-card-label">Unlimitiert</div><div class="detail-card-value" id="detailRegion">-</div></div><div class="detail-card"><div class="detail-card-label">Rate-Limit</div><div class="detail-card-value" id="detailRateLimit">-</div></div><div class="detail-card"><div class="detail-card-label">Ban-Dauer</div><div class="detail-card-value" id="detailBanDuration">-</div></div><div class="detail-card"><div class="detail-card-label">Laufzeit</div><div class="detail-card-value" id="detailRuntime">-</div></div></div><div class="detail-grid"><div class="detail-card"><div class="detail-card-label">Human/min</div><div class="detail-card-value success" id="detailHumanRpm">0</div></div><div class="detail-card"><div class="detail-card-label">Bot/min</div><div class="detail-card-value warning" id="detailBotRpm">0</div></div><div class="detail-card"><div class="detail-card-label">Aktive Bans</div><div class="detail-card-value" id="detailActiveBans">0</div></div><div class="detail-card"><div class="detail-card-label">Total Bans</div><div class="detail-card-value" id="detailTotalBans">0</div></div></div><div class="detail-section" id="detailActions"><div class="detail-section-title">⚙️ Steuerung</div><div style="display:flex;flex-wrap:wrap;gap:8px;padding:12px;background:var(--card-bg);border-radius:8px;align-items:center"><button class="btn btn-danger" id="detailBtnDeactivate" onclick="detailDeactivate()">⏹️ Deaktivieren</button><div style="border-left:1px solid var(--border);margin:0 8px;height:24px"></div><span style="color:var(--text-secondary);font-size:13px">Wechseln zu:</span><button class="btn" onclick="detailSwitchMode('bot-monitor')">🔍 Monitor</button><button class="btn" onclick="toggleRateLimitForm()">🤖 Bot-Limit ▾</button><button class="btn" onclick="detailSwitchMode('country-dach')">🇩🇪🇦🇹🇨🇭 DACH</button><button class="btn" onclick="detailSwitchMode('country-eu')">🇪🇺 EU+</button></div><div id="rateLimitFormArea" style="display:none;margin-top:12px;padding:12px;background:var(--card-bg);border-radius:8px;border:1px solid var(--border)"><div style="display:flex;gap:16px;align-items:flex-end;flex-wrap:wrap"><div><label style="display:block;font-size:12px;color:var(--text-secondary);margin-bottom:4px">Rate-Limit (Req/min)</label><input type="number" id="detailRateLimitInput" value="30" min="1" max="1000" style="width:100px;padding:8px;border-radius:4px;border:1px solid var(--border);background:var(--bg);color:var(--text)"></div><div><label style="display:block;font-size:12px;color:var(--text-secondary);margin-bottom:4px">Ban-Dauer</label><select id="detailBanDurationInput" style="padding:8px;border-radius:4px;border:1px solid var(--border);background:var(--bg);color:var(--text)"><option value="60">1 Minute</option><option value="300" selected>5 Minuten</option><option value="600">10 Minuten</option><option value="1800">30 Minuten</option><option value="3600">1 Stunde</option><option value="86400">24 Stunden</option></select></div><button class="btn btn-primary" onclick="applyRateLimit()">✓ Anwenden</button><button class="btn btn-secondary" onclick="toggleRateLimitForm()">Abbrechen</button></div></div></div><div class="detail-section"><div class="detail-section-title">📈 Bot-Aktivität über Zeit</div><div class="chart-container"><canvas id="requestChart"></canvas></div><div class="chart-legend" id="chartLegend"></div></div><div class="detail-section"><div class="detail-section-title">🌍 Country-Aktivität über Zeit</div><div class="chart-container"><canvas id="countryChart"></canvas></div><div class="chart-legend" id="countryChartLegend"></div></div><div class="detail-section"><div class="detail-section-title">🤖 Top Bots</div><div class="bot-list" id="detailTopBots"></div></div><div class="detail-section"><div class="detail-section-title">🌍 Top Countries</div><div class="bot-list" id="detailTopCountries"></div></div><div class="detail-section"><div class="detail-section-title">📍 Top IPs</div><div class="ip-list" id="detailTopIps"></div></div><div class="detail-section"><div class="detail-section-title">📄 Top Requests</div><div class="bot-list" id="detailTopRequests"></div></div><div class="detail-section"><div class="detail-section-title">🚫 Aktuell gebannt</div><div class="bot-list" id="detailBannedBots"></div></div></div></div>
     <div class="modal-overlay" id="serverDetailModal"><div class="modal large"><h3 class="modal-title"><span>🖥️ <span id="serverDetailHostname">-</span></span><button class="btn btn-secondary" onclick="closeModal('serverDetailModal')">✕</button></h3><div style="color:var(--text-secondary);margin:-8px 0 16px 0;font-size:13px">Status: <span id="serverDetailStatus">-</span> | Load: <span id="serverDetailLoad">-</span> | Memory: <span id="serverDetailMemory">-</span></div><div class="detail-grid"><div class="detail-card"><div class="detail-card-label">Shops</div><div class="detail-card-value" id="serverDetailShops">0/0</div></div><div class="detail-card"><div class="detail-card-label">🤖 Bot-Mode</div><div class="detail-card-value" id="serverDetailBotMode">0</div></div><div class="detail-card"><div class="detail-card-label">🌍 Country-Mode</div><div class="detail-card-value" id="serverDetailCountryMode">0</div></div><div class="detail-card"><div class="detail-card-label">🔍 Monitor</div><div class="detail-card-value" id="serverDetailMonitor">0</div></div><div class="detail-card"><div class="detail-card-label">Human/min</div><div class="detail-card-value success" id="serverDetailHumanRpm">0</div></div><div class="detail-card"><div class="detail-card-label">Bot/min</div><div class="detail-card-value warning" id="serverDetailBotRpm">0</div></div></div><div class="detail-grid"><div class="detail-card"><div class="detail-card-label">🚫 Aktive Bans</div><div class="detail-card-value danger" id="serverDetailActiveBans">0</div></div><div class="detail-card"><div class="detail-card-label">Total Bans</div><div class="detail-card-value" id="serverDetailTotalBans">0</div></div><div class="detail-card"><div class="detail-card-label">🛡️ Link11</div><div class="detail-card-value link11" id="serverDetailLink11">0</div></div><div class="detail-card"><div class="detail-card-label">⚡ Direkt</div><div class="detail-card-value direct" id="serverDetailDirect">0</div></div></div><div class="detail-section"><div class="detail-section-title">⚙️ Server-Aktionen</div><div style="display:flex;flex-wrap:wrap;gap:8px;padding:12px;background:var(--card-bg);border-radius:8px;align-items:center"><button class="btn btn-success" onclick="serverActivateAll()">▶️ Alle aktivieren</button><button class="btn btn-danger" onclick="serverDeactivateAll()">⏹️ Alle deaktivieren</button><div style="border-left:1px solid var(--border);margin:0 8px;height:24px"></div><span style="color:var(--text-secondary);font-size:13px">Nur inaktive:</span><button class="btn" onclick="serverActivateInactive('bot')">🤖 Bot</button><button class="btn" onclick="serverActivateInactive('monitor')">🔍 Monitor</button><button class="btn" onclick="serverActivateInactive('dach')">🇩🇪🇦🇹🇨🇭 DACH</button><button class="btn" onclick="serverActivateInactive('eu')">🇪🇺 EU+</button></div></div><div class="detail-section"><div class="detail-section-title">📈 Bot-Aktivität über Zeit (Server-gesamt)</div><div class="chart-container"><canvas id="serverRequestChart"></canvas></div><div class="chart-legend" id="serverChartLegend"></div></div><div class="detail-section"><div class="detail-section-title">🌍 Country-Aktivität über Zeit (Server-gesamt)</div><div class="chart-container"><canvas id="serverCountryChart"></canvas></div><div class="chart-legend" id="serverCountryChartLegend"></div></div><div class="detail-section"><div class="detail-section-title">🤖 Top Bots (Server-gesamt)</div><div class="bot-list" id="serverDetailTopBots"></div></div><div class="detail-section"><div class="detail-section-title">🌍 Top Countries (Server-gesamt)</div><div class="bot-list" id="serverDetailTopCountries"></div></div><div class="detail-section"><div class="detail-section-title">🚫 Aktuell gebannt (Server-gesamt)</div><div class="bot-list" id="serverDetailBannedBots"></div></div><div class="detail-section"><div class="detail-section-title">📋 Shops auf diesem Server</div><div style="max-height:300px;overflow-y:auto"><table style="width:100%"><thead><tr><th>Status</th><th>Domain</th><th>Modus</th><th>Req/min</th><th>Bans</th></tr></thead><tbody id="serverShopsTable"></tbody></table></div></div></div></div>
+    <div class="modal-overlay" id="ipDetailModal"><div class="modal" style="max-width:500px"><h3 class="modal-title"><span>🔍 IP Details</span><button class="btn btn-secondary" onclick="closeModal('ipDetailModal')">✕</button></h3><div id="ipDetailContent"><div style="text-align:center;padding:20px;color:var(--text-secondary)">Lade WHOIS-Daten...</div></div></div></div>
     <div class="toast-container" id="toastContainer"></div>
     <script>
         let ws=null,agents={},shops={},currentLogsShop=null,currentSortBy='req_per_min',currentDetailShop=null,currentDetailServer=null;
@@ -1712,7 +1732,7 @@ def get_dashboard_html() -> str:
         function updateClock(){document.getElementById('clock').textContent=new Date().toLocaleTimeString('de-DE');}
         setInterval(updateClock,1000);updateClock();
         function connect(){const p=location.protocol==='https:'?'wss:':'ws:';ws=new WebSocket(p+'//'+location.host+'/ws/dashboard');ws.onopen=()=>{document.getElementById('wsStatus').classList.add('connected');document.getElementById('wsStatusText').textContent='Verbunden';};ws.onclose=()=>{document.getElementById('wsStatus').classList.remove('connected');document.getElementById('wsStatusText').textContent='Getrennt';setTimeout(connect,3000);};ws.onmessage=e=>handleMessage(JSON.parse(e.data));}
-        function handleMessage(msg){switch(msg.type){case'initial_state':case'refresh':agents={};msg.data.agents.forEach(a=>agents[a.id]=a);shops={};msg.data.shops.forEach(s=>shops[s.domain]=s);updateStats(msg.data.stats);renderAgents();renderShops();renderTopShops();break;case'agent.online':case'agent.update':case'agent.pending':const a=msg.data;if(!agents[a.agent_id])agents[a.agent_id]={};Object.assign(agents[a.agent_id],{id:a.agent_id,hostname:a.hostname,status:a.status||'online',approved:a.approved,shops_total:a.shops_summary?.total||0,shops_active:a.shops_summary?.active||0,load_1m:a.system?.load_1m,memory_percent:a.system?.memory_percent,last_seen:new Date().toISOString()});scheduleRender();break;case'agent.offline':if(agents[msg.data.agent_id]){agents[msg.data.agent_id].status='offline';scheduleRender();}break;case'agent.approved':if(agents[msg.data.agent_id]){agents[msg.data.agent_id].status='online';agents[msg.data.agent_id].approved=true;scheduleRender();toast('Agent freigegeben','success');}break;case'shop.full_update':msg.data.shops.forEach(s=>{shops[s.domain]={...s,agent_id:msg.data.agent_id,agent_hostname:msg.data.hostname};});scheduleRender();break;case'shop.stats':if(shops[msg.data.domain]){shops[msg.data.domain].stats=msg.data.stats;scheduleRender();}break;case'shop_history':updateBotChart(msg.data);updateCountryChart(msg.data);break;case'top_shops':case'all_shops_sorted':renderAllShopsTable(msg.data.shops,msg.data.sort_by);break;case'log.entry':if(msg.data.shop===currentLogsShop)addLogEntry(msg.data.line);break;case'bot.banned':toast('🚫 '+msg.data.bot_name+' gebannt','warning');break;case'command.result':toast(msg.data.message,msg.data.status==='success'?'success':'error');break;case'livestats.result':renderLiveStats(msg.data);break;}}
+        function handleMessage(msg){switch(msg.type){case'initial_state':case'refresh':agents={};msg.data.agents.forEach(a=>agents[a.id]=a);shops={};msg.data.shops.forEach(s=>shops[s.domain]=s);updateStats(msg.data.stats);renderAgents();renderShops();renderTopShops();break;case'agent.online':case'agent.update':case'agent.pending':const a=msg.data;if(!agents[a.agent_id])agents[a.agent_id]={};Object.assign(agents[a.agent_id],{id:a.agent_id,hostname:a.hostname,status:a.status||'online',approved:a.approved,shops_total:a.shops_summary?.total||0,shops_active:a.shops_summary?.active||0,load_1m:a.system?.load_1m,memory_percent:a.system?.memory_percent,last_seen:new Date().toISOString()});scheduleRender();break;case'agent.offline':if(agents[msg.data.agent_id]){agents[msg.data.agent_id].status='offline';scheduleRender();}break;case'agent.approved':if(agents[msg.data.agent_id]){agents[msg.data.agent_id].status='online';agents[msg.data.agent_id].approved=true;scheduleRender();toast('Agent freigegeben','success');}break;case'shop.full_update':msg.data.shops.forEach(s=>{shops[s.domain]={...s,agent_id:msg.data.agent_id,agent_hostname:msg.data.hostname};});scheduleRender();break;case'shop.stats':if(shops[msg.data.domain]){shops[msg.data.domain].stats=msg.data.stats;scheduleRender();}break;case'shop_history':updateBotChart(msg.data);updateCountryChart(msg.data);break;case'top_shops':case'all_shops_sorted':renderAllShopsTable(msg.data.shops,msg.data.sort_by);break;case'log.entry':if(msg.data.shop===currentLogsShop)addLogEntry(msg.data.line);break;case'bot.banned':toast('🚫 '+msg.data.bot_name+' gebannt','warning');break;case'command.result':toast(msg.data.message,msg.data.status==='success'?'success':'error');break;case'livestats.result':renderLiveStats(msg.data);break;case'whois_result':renderWhoisResult(msg.data);break;}}
         function getAgentRpm(agentId){const agentShops=Object.values(shops).filter(s=>s.agent_id===agentId);let humanRpm=0,botRpm=0;agentShops.forEach(s=>{const st=s.stats||{};humanRpm+=(st.human_rpm||0);botRpm+=(st.bot_rpm||0);});return {humanRpm,botRpm};}
         function getAgentLink11(agentId){const agentShops=Object.values(shops).filter(s=>s.agent_id===agentId);const link11Count=agentShops.filter(s=>s.link11).length;return {link11:link11Count,total:agentShops.length};}
         function renderAgents(){const t=document.getElementById('agentsTable'),l=getSortedAgents();document.getElementById('agentCount').textContent=l.length+' Agents';document.getElementById('agentCountDropdown').textContent=l.length;t.innerHTML=l.map(a=>{const rpm=getAgentRpm(a.id);const l11=getAgentLink11(a.id);return '<tr><td><span class="status-badge status-'+(a.status||'offline')+'">'+(a.status==='online'?'🟢':a.status==='pending'?'🟡':'🔴')+' '+(a.status==='pending'?'Warte':a.status==='online'?'Online':'Offline')+'</span></td><td><span class="domain-link" onclick="openServerDetailModal(\\''+a.id+'\\')"><strong>'+a.hostname+'</strong></span></td><td>'+(a.shops_active||0)+'/'+(a.shops_total||0)+'</td><td>'+l11.link11+'/'+l11.total+'</td><td class="success">'+rpm.humanRpm.toFixed(1)+'</td><td class="warning">'+rpm.botRpm.toFixed(1)+'</td><td>'+(a.load_1m!=null?a.load_1m.toFixed(2):'-')+'</td><td>'+(a.memory_percent!=null?a.memory_percent.toFixed(1)+'%':'-')+'</td><td>'+(a.last_seen?formatTime(a.last_seen):'-')+'</td><td>'+(a.status==='pending'?'<button class="btn btn-primary" onclick="approveAgent(\\''+a.id+'\\')">✓</button>':'')+'</td></tr>';}).join('');}
@@ -1752,15 +1772,20 @@ def get_dashboard_html() -> str:
         function changeStatsWindow(w){currentStatsWindow=w;requestLiveStats();}
         function requestLiveStats(){if(!currentLogsShop||!ws||ws.readyState!==1)return;ws.send(JSON.stringify({type:'command.livestats',data:{shop:currentLogsShop,window:currentStatsWindow}}));}
         function renderLiveStats(data){if(!data.success||!data.stats)return;const st=data.stats;document.getElementById('topIpsList').innerHTML=renderTopIps(st.top_ips||[]);document.getElementById('suspiciousIpsList').innerHTML=renderSuspiciousIps(st.suspicious_ips||[]);document.getElementById('topRequestsList').innerHTML=renderRequests(st.top_requests||[]);document.getElementById('topBlockedList').innerHTML=renderRequests(st.top_blocked||[],'blocked');}
-        function renderTopIps(ips){if(!ips.length)return '<div style="color:#666;padding:8px">Keine Daten</div>';return ips.slice(0,10).map(ip=>'<div class="ip-item"><div class="ip-info"><a class="ip-addr" href="https://www.whois.com/whois/'+ip.ip+'" target="_blank">'+ip.ip+'</a><span class="ip-meta">'+getCountryName(ip.country)+' | '+(ip.org||ip.asn||'-')+'</span></div><span class="ip-count">'+ip.count+'x</span><div class="ip-actions"><button class="btn-ban" onclick="quickBan(\\''+ip.ip+'\\')">🚫</button><button class="btn-whitelist" onclick="quickWhitelist(\\''+ip.ip+'\\')">✓</button></div></div>').join('');}
-        function renderSuspiciousIps(ips){if(!ips.length)return '<div style="color:#666;padding:8px">Keine verdächtigen IPs</div>';return ips.slice(0,5).map(ip=>'<div class="ip-item suspicious-item"><div class="ip-info"><a class="ip-addr" href="https://www.whois.com/whois/'+ip.ip+'" target="_blank">'+ip.ip+'</a><span class="ip-meta">'+getCountryName(ip.country)+' | '+ip.reason+(ip.errors?' | '+ip.errors+' Errors':'')+'</span></div><span class="ip-count">'+ip.count+'x</span><div class="ip-actions"><button class="btn-ban" onclick="quickBan(\\''+ip.ip+'\\')">🚫</button></div></div>').join('');}
+        function renderTopIps(ips){if(!ips.length)return '<div style="color:#666;padding:8px">Keine Daten</div>';return ips.slice(0,10).map(ip=>'<div class="ip-item"><div class="ip-info"><span class="ip-addr" style="cursor:pointer" onclick="showIpDetail(\\''+ip.ip+'\\')">'+ip.ip+'</span><span class="ip-meta">'+getCountryName(ip.country)+' | '+(ip.org||ip.asn||'-')+'</span></div><span class="ip-count">'+ip.count+'x</span><div class="ip-actions"><button class="btn-ban" onclick="quickBan(\\''+ip.ip+'\\')">🚫</button><button class="btn-whitelist" onclick="quickWhitelist(\\''+ip.ip+'\\')">✓</button></div></div>').join('');}
+        function renderSuspiciousIps(ips){if(!ips.length)return '<div style="color:#666;padding:8px">Keine verdächtigen IPs</div>';return ips.slice(0,5).map(ip=>'<div class="ip-item suspicious-item"><div class="ip-info"><span class="ip-addr" style="cursor:pointer" onclick="showIpDetail(\\''+ip.ip+'\\')">'+ip.ip+'</span><span class="ip-meta">'+getCountryName(ip.country)+' | '+ip.reason+(ip.errors?' | '+ip.errors+' Errors':'')+'</span></div><span class="ip-count">'+ip.count+'x</span><div class="ip-actions"><button class="btn-ban" onclick="quickBan(\\''+ip.ip+'\\')">🚫</button></div></div>').join('');}
         function renderRequests(reqs,type){if(!reqs.length)return '<div style="color:#666;padding:8px">Keine Daten</div>';return reqs.slice(0,10).map(r=>'<div class="request-item'+(type==='blocked'?' blocked':'')+'"><span class="request-path" title="'+r.path+'">'+r.path+'</span><span class="request-count">'+r.count+'x</span></div>').join('');}
-        function renderDetailTopIps(ips){if(!ips||!ips.length)return '<div style="color:var(--text-secondary);padding:8px">Keine Daten</div>';return ips.map(ip=>'<div class="ip-list-item"><div class="ip-info"><a class="ip-addr" href="https://www.whois.com/whois/'+ip.ip+'" target="_blank">'+ip.ip+'</a><span class="ip-meta">'+getCountryName(ip.country)+' | '+(ip.org||ip.asn||'-')+'</span></div><span class="ip-count">'+ip.count+'x</span><div class="ip-actions"><button class="btn btn-danger" onclick="detailQuickBan(\\''+ip.ip+'\\')">🚫</button><button class="btn btn-success" onclick="detailQuickWhitelist(\\''+ip.ip+'\\')">✓</button></div></div>').join('');}
+        function renderDetailTopIps(ips){if(!ips||!ips.length)return '<div style="color:var(--text-secondary);padding:8px">Keine Daten</div>';return ips.map(ip=>'<div class="ip-list-item"><div class="ip-info"><span class="ip-addr" style="cursor:pointer" onclick="showIpDetail(\\''+ip.ip+'\\')">'+ip.ip+'</span><span class="ip-meta">'+getCountryName(ip.country)+' | '+(ip.org||ip.asn||'-')+'</span></div><span class="ip-count">'+ip.count+'x</span><div class="ip-actions"><button class="btn btn-danger" onclick="detailQuickBan(\\''+ip.ip+'\\')">🚫</button><button class="btn btn-success" onclick="detailQuickWhitelist(\\''+ip.ip+'\\')">✓</button></div></div>').join('');}
         function detailQuickBan(ip){if(!currentDetailShop)return;const duration=prompt('Ban-Dauer auswählen:\\n\\n900 = 15 Minuten\\n3600 = 1 Stunde\\n21600 = 6 Stunden\\n86400 = 24 Stunden\\n604800 = 7 Tage\\n-1 = Permanent','3600');if(duration===null)return;ws.send(JSON.stringify({type:'command.ban',data:{shop:currentDetailShop,ip:ip,duration:parseInt(duration),reason:'Manual ban from dashboard'}}));toast('IP '+ip+' wird gebannt...','success');}
         function detailQuickWhitelist(ip){if(!currentDetailShop)return;const desc=prompt('Beschreibung (optional):','');if(desc===null)return;ws.send(JSON.stringify({type:'command.whitelist',data:{shop:currentDetailShop,ip:ip,description:desc}}));toast('IP '+ip+' wird gewhitelisted...','success');}
+        let currentWhoisIp=null;
+        function showIpDetail(ip){currentWhoisIp=ip;document.getElementById('ipDetailContent').innerHTML='<div style="text-align:center;padding:20px;color:var(--text-secondary)">Lade WHOIS-Daten für '+ip+'...</div>';document.getElementById('ipDetailModal').classList.add('open');ws.send(JSON.stringify({type:'command.whois',data:{ip:ip,command_id:'whois_'+Date.now()}}));}
+        function renderWhoisResult(data){if(!data.success){document.getElementById('ipDetailContent').innerHTML='<div style="padding:16px;color:var(--danger)">Fehler: '+(data.error||'Unbekannter Fehler')+'</div>';return;}const ip=data.ip||currentWhoisIp;const html='<div style="padding:4px 0"><table style="width:100%;border-collapse:collapse"><tr><td style="padding:8px 0;color:var(--text-secondary);width:120px">IP-Adresse</td><td style="padding:8px 0;font-weight:bold;font-family:monospace">'+ip+'</td></tr><tr><td style="padding:8px 0;color:var(--text-secondary)">Organisation</td><td style="padding:8px 0">'+(data.org||'-')+'</td></tr><tr><td style="padding:8px 0;color:var(--text-secondary)">Netname</td><td style="padding:8px 0">'+(data.netname||'-')+'</td></tr><tr><td style="padding:8px 0;color:var(--text-secondary)">ASN</td><td style="padding:8px 0">'+(data.asn||'-')+'</td></tr><tr><td style="padding:8px 0;color:var(--text-secondary)">Land</td><td style="padding:8px 0">'+(data.country?getCountryName(data.country)+' ('+data.country+')':'-')+'</td></tr><tr><td style="padding:8px 0;color:var(--text-secondary)">IP-Range</td><td style="padding:8px 0;font-family:monospace;font-size:12px">'+(data.range||'-')+'</td></tr><tr><td style="padding:8px 0;color:var(--text-secondary)">Abuse-Kontakt</td><td style="padding:8px 0">'+(data.abuse?'<a href="mailto:'+data.abuse+'" style="color:var(--accent)">'+data.abuse+'</a>':'-')+'</td></tr></table></div><div style="margin-top:16px;padding-top:16px;border-top:1px solid var(--border);display:flex;gap:8px;flex-wrap:wrap">'+(currentDetailShop?'<button class="btn btn-danger" onclick="ipDetailBan(\\''+ip+'\\')">🚫 Bannen</button><button class="btn btn-success" onclick="ipDetailWhitelist(\\''+ip+'\\')">✓ Whitelist</button>':'')+'<a class="btn btn-secondary" href="https://www.whois.com/whois/'+ip+'" target="_blank">🔗 WHOIS.com</a></div>';document.getElementById('ipDetailContent').innerHTML=html;}
+        function ipDetailBan(ip){if(!currentDetailShop){toast('Kein Shop ausgewählt','warning');return;}const duration=prompt('Ban-Dauer auswählen:\\n\\n900 = 15 Minuten\\n3600 = 1 Stunde\\n21600 = 6 Stunden\\n86400 = 24 Stunden\\n604800 = 7 Tage\\n-1 = Permanent','3600');if(duration===null)return;ws.send(JSON.stringify({type:'command.ban',data:{shop:currentDetailShop,ip:ip,duration:parseInt(duration),reason:'Manual ban from IP detail'}}));toast('IP '+ip+' wird gebannt...','success');closeModal('ipDetailModal');}
+        function ipDetailWhitelist(ip){if(!currentDetailShop){toast('Kein Shop ausgewählt','warning');return;}const desc=prompt('Beschreibung (optional):','');if(desc===null)return;ws.send(JSON.stringify({type:'command.whitelist',data:{shop:currentDetailShop,ip:ip,description:desc}}));toast('IP '+ip+' wird gewhitelisted...','success');closeModal('ipDetailModal');}
         function quickBan(ip){if(!currentLogsShop)return;const duration=prompt('Ban-Dauer auswählen:\\n\\n900 = 15 Minuten\\n3600 = 1 Stunde\\n21600 = 6 Stunden\\n86400 = 24 Stunden\\n604800 = 7 Tage\\n-1 = Permanent','3600');if(duration===null)return;ws.send(JSON.stringify({type:'command.ban',data:{shop:currentLogsShop,ip:ip,duration:parseInt(duration),reason:'Manual ban from dashboard'}}));toast('IP '+ip+' wird gebannt...','success');}
         function quickWhitelist(ip){if(!currentLogsShop)return;const desc=prompt('Beschreibung (optional):','');if(desc===null)return;ws.send(JSON.stringify({type:'command.whitelist',data:{shop:currentLogsShop,ip:ip,description:desc}}));toast('IP '+ip+' wird gewhitelisted...','success');}
-        function addLogEntry(line){const c=document.getElementById('logsContent');if(c.querySelector('div[style*="color:#666"]'))c.innerHTML='';const e=document.createElement('div');e.className='log-entry'+(line.includes('BANNED')?' banned':'');const ipRegex=/\\b(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\\b/g;e.innerHTML=line.replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(ipRegex,'<a href="https://www.whois.com/whois/$1" target="_blank" class="log-ip">$1</a>');c.insertBefore(e,c.firstChild);while(c.children.length>100)c.removeChild(c.lastChild);}
+        function addLogEntry(line){const c=document.getElementById('logsContent');if(c.querySelector('div[style*="color:#666"]'))c.innerHTML='';const e=document.createElement('div');e.className='log-entry'+(line.includes('BANNED')?' banned':'');const ipRegex=/\\b(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\\b/g;e.innerHTML=line.replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(ipRegex,'<span class="log-ip" style="cursor:pointer" onclick="showIpDetail(\\'$1\\')">$1</span>');c.insertBefore(e,c.firstChild);while(c.children.length>100)c.removeChild(c.lastChild);}
         function formatTime(iso){return new Date(iso).toLocaleTimeString('de-DE');}
         function formatRuntime(activated){if(!activated)return'-';const start=new Date(activated);const now=new Date();const m=(now-start)/60000;if(m<=0)return'-';if(m<60)return Math.round(m)+'m';const h=m/60;if(h<24)return Math.round(h)+'h';return Math.round(h/24)+'d';}
         function toast(msg,type='info'){const c=document.getElementById('toastContainer'),t=document.createElement('div');t.className='toast '+type;t.innerHTML='<span>'+msg+'</span>';c.appendChild(t);setTimeout(()=>t.remove(),4000);addNotification(msg,type);}