ASN & Network Intelligence
Map autonomous systems, IP prefixes, and network relationships for infrastructure analysis
Understanding network ownership and routing is essential for threat attribution, peering analysis, and infrastructure mapping. EdgeDNS provides detailed ASN lookups, prefix announcements, IP range data, and WHOIS information to build complete network intelligence profiles.
The Challenge
Attributing attacks to specific networks, understanding peering relationships, and mapping infrastructure ownership requires querying multiple registries (ARIN, RIPE, APNIC) and BGP data sources. This information is fragmented across different formats and APIs, making automated analysis difficult. Security teams need unified network intelligence for threat hunting and infrastructure analysis.
The Solution
Use EdgeDNS network intelligence APIs to get unified ASN data, IP prefix announcements, IP range ownership, and WHOIS details through a single consistent API. Map the network footprint of organizations, identify hosting patterns used by threat actors, and automate network-level threat attribution.
Endpoints Used
Combine these EdgeDNS endpoints to build this solution.
/v1/network/asnTry in PlaygroundASN Lookup: Get AS number, organization name, and registry for any IP
/v1/network/asn/prefixesTry in PlaygroundASN Prefixes: List all IP prefixes (v4 and v6) announced by an ASN
/v1/ip/rangeTry in PlaygroundIP Range: Get CIDR range, organization, and allocation details for an IP
/v1/ip/whoisTry in PlaygroundIP WHOIS: Full WHOIS data for an IP including RIR allocation history
/v1/network/macTry in PlaygroundMAC Vendor: Identify device manufacturer from MAC address OUI
/v1/ip/geolocationTry in PlaygroundIP Geolocation: Geographic and organizational context for network analysis
Results You Can Achieve
Unified network intelligence
Query ARIN, RIPE, APNIC, and LACNIC data through one consistent API
Threat attribution
Map IP addresses to organizations and ASNs for attack source identification
Infrastructure mapping
Enumerate all IP prefixes belonging to an organization for complete asset inventory
Code Example
Build network intelligence profile
async function networkIntelProfile(targetIP) {
const headers = { 'Authorization': 'Bearer YOUR_API_KEY' };
const [asn, geo, ipWhois] = await Promise.all([
fetch(`https://api.edgedns.dev/v1/network/asn?ip=${targetIP}`, { headers }),
fetch(`https://api.edgedns.dev/v1/ip/geolocation?ip=${targetIP}`, { headers }),
fetch(`https://api.edgedns.dev/v1/ip/whois?ip=${targetIP}`, { headers }),
].map(p => p.then(r => r.json())));
// Get all prefixes announced by this ASN
const prefixes = await fetch(
`https://api.edgedns.dev/v1/network/asn/prefixes?asn=${asn.data.asn.number}`, { headers }
).then(r => r.json());
return {
ip: targetIP,
network: {
asn: asn.data.asn.number,
organization: asn.data.asn.organization,
rir: ipWhois.data.rir,
cidr: ipWhois.data.range?.cidr,
netName: ipWhois.data.name,
},
location: {
country: geo.data.country,
city: geo.data.city,
organization: geo.data.organization
},
infrastructure: {
totalPrefixesV4: prefixes.data.prefixes_v4?.length || 0,
totalPrefixesV6: prefixes.data.prefixes_v6?.length || 0,
totalIPs: prefixes.data.total_ips,
},
// Useful for threat hunting: identify all IPs in the same network
relatedRanges: prefixes.data.prefixes_v4?.slice(0, 10) || []
};
}Learn More
Explore industry standards and best practices related to this use case.
Hurricane Electric BGP Toolkit
Widely used BGP looking glass and ASN/prefix analysis toolkit for network research
RIPEstat - Internet Data Analytics
RIPE NCC's platform for IP, ASN, and routing data analysis with comprehensive APIs
Team Cymru: IP to ASN Mapping
Industry-standard IP to ASN mapping service used by security researchers worldwide
Ready to build ASN & Network Intelligence?
Get started with 200 free API requests per month. No credit card required.