Generally the /english/online.php language file.
Although that looks like a hack. Not sure which one, or if it even used language files. There's been a number of the who's online boxes around here. If it didn't use language files then it's probably hardcoded in ubbt.inc.php
But to ask about the hack, best to ask in the thread where you got the hack, as then we'd know exactly what it was.