IP to ASN Mapping Whois Service

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

IP to ASN Mapping Service with History

There are several services on the Internet to map IP addresses to their corresponding BGP AS number like the renowned IP to ASN mapping of Team Cymru.

During incident handling, we were lacking an historical view of IP address announcement evolution over time. It is not uncommon to have IP addresses announced by different BGP AS number over a period of time. We developed a service, freely accessible to the whole community, to look up IP addresses announcements in the past. Currently, the service covers a time span of more than 4 years until today.

How to use the service?

The service can be accessed via WHOIS protocol (TCP 43) or HTTP. The WHOIS service is more convenient for scripting and produces less data overhead.

The WHOIS server is whois.circl.lu. The output format is an aggregated list of each period announcing the queried IP address.

The output format is the following:

  • First time seen
  • Last time see
  • AS number
  • Network block announced
  • IP address queried part of the announced block

WHOIS

You can access the WHOIS server using a standard WHOIS client.

whois -h whois.circl.lu 8.8.8.8
20090922|20140401|15169|8.8.8.0/24|8.8.8.8
20090101|20090921|3356|8.0.0.0/9|8.8.8.8

In the example above, it’s a query for public Google DNS server 8.8.8.8. The server is part of an announce from Google starting from September 2009. Previously, the IP address was part of an announce from Level3.

whois -h whois.circl.lu 176.123.216.32
20130507|20140401|59584|176.123.216.0/22|176.123.216.32
20120821|20120821|9498|160.0.0.0/3|176.123.216.32
20110328|20111127|3303|128.0.0.0/2|176.123.216.32
20100524|20100602|237|176.0.0.0/8|176.123.216.32

HTTP interface

If you don’t have WHOIS access from your location, you can still access the service via a web interface.

http://bgpranking.circl.lu/ip_lookup?ip=8.8.8.8

FAQ

What do you do with announces of less than 1 day?

As the current system is importing BGP dumps daily, the precision is per day. There is ongoing development for keeping track of ephemeral announces of less than a day.

Is the software for this service publicly available?

The software is distributed as free software. The software is available on our GitHub repository.