ASN Lookup
free/v1/network/asnReturns Autonomous System (AS) information for an IP address, including ASN, organization name, country of registration, network classification (ISP, hosting, enterprise, education, government), and RPKI Route Origin Validation status (RFC 6811) for the announced prefix. Organization and type populate for every allocated ASN globally — not just a curated subset — via a Team Cymru AS-description fallback when the ASN isn't in our curated database. Built on RFC 4271 (BGP-4) and RFC 6793 (4-byte ASN).
What It Does
Identifies the Autonomous System Number (ASN) responsible for routing traffic for an IP address. Returns the AS number, AS name (e.g., CLOUDFLARENET), organization (e.g., Cloudflare, Inc.), registration country, network type classification (ISP, hosting provider, enterprise, education, or government), `type_source` so callers know whether the type came from a curated list or was inferred from the AS description, and the prefix's RPKI ROA validity (valid / invalid_asn / invalid_length / unknown) — the canonical signal for detecting BGP hijacks. Cloudflare edge-level ASN data is supplemented with a curated database of major global networks plus a Team Cymru fallback that covers every allocated AS.
Why It's Useful
ASN data reveals the organization behind an IP address, which is more reliable than reverse DNS or WHOIS. It's essential for threat intelligence enrichment, abuse reporting, traffic segmentation, and understanding whether visitors come from residential ISPs, cloud hosting, or enterprise networks. Network type classification helps distinguish legitimate users from potential automated threats originating from hosting infrastructure. RPKI status flags prefixes that are being announced by an unauthorized AS — the bedrock signal for BGP hijack and route-leak detection (RFC 6811).
Use Cases
Threat Intelligence Enrichment
Enrich IOCs (Indicators of Compromise) with ASN data to identify malicious hosting providers, bulletproof hosters, and attacker infrastructure patterns across autonomous systems.
Build comprehensive threat profiles with network ownership context and identify clusters of malicious activity by ASN.
Bot & Fraud Detection
Classify traffic by ASN type to detect automated requests originating from hosting/cloud providers vs legitimate user traffic from residential ISPs.
Reduce false positives in bot detection by combining ASN type with behavioral signals.
Traffic Analysis & Segmentation
Analyze website traffic by ASN to identify visitor organizations (B2B enterprise visitors vs residential consumers vs cloud crawlers).
Segment traffic by organization type for account-based marketing, lead scoring, and accurate analytics.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
ip | string | Required | The IPv4 or IPv6 address to lookup ASN forExample: 8.8.8.8 |
Response Fields
| Field | Type | Description |
|---|---|---|
ip | string | The queried IP address |
ip_version | number | IP version (4 or 6) |
asn.number | number | Autonomous System Number (e.g., 13335) |
asn.name | string | AS name identifier (e.g., CLOUDFLARENET) |
asn.organization | string | Organization name (e.g., Cloudflare, Inc.) |
asn.country | string | Country code of AS registration (ISO 3166-1 alpha-2) |
asn.type | string | Network type: isp, hosting, enterprise, education, or government |
asn.type_source | string | Source of the type classification: curated (hardcoded list) or inferred (heuristic from Team Cymru AS description) |
asn.peer_asns | array | Additional origin ASNs from Team Cymru when the prefix has multiple announcers (empty array for the common single-origin case). Multi-origin is legitimate at IXPs / during transit changeovers, suspicious otherwise — a hijack indicator. |
network.cidr | string | CIDR notation of the IP's network block |
network.start_ip | string | First IP address in the BGP prefix |
network.end_ip | string | Last IP address in the BGP prefix |
rir | string | Regional Internet Registry (ARIN, RIPE, APNIC, AFRINIC, LACNIC) |
allocated | string | Date the IP block was allocated (from Team Cymru) |
rpki.status | string | RPKI Route Origin Validation status: valid, invalid_asn, invalid_length, or unknown (RFC 6811) |
rpki.roa_count | number | Number of ROAs covering this prefix |
rpki.max_length | number | Smallest max_length across matching ROAs (when status is valid) |
Code Examples
curl "https://api.edgedns.dev/v1/network/asn" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "ip=8.8.8.8"const response = await fetch(
'https://api.edgedns.dev/v1/network/asn?ip=8.8.8.8',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/network/asn',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'ip': '8.8.8.8'
}
)
data = response.json()
print(data)Read the full ASN Lookup guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.