An ASN WHOIS lookup retrieves the registration record for an Autonomous System Number, returning the network operator that owns the AS, the IP prefixes (CIDR blocks) it announces via BGP, the country of registration, the Regional Internet Registry (RIR) that allocated it, and abuse-contact details. Every major ISP, cloud provider, CDN, and large enterprise operates one or more ASNs - so an ASN lookup is the fastest way to map an organization's full announced IP footprint in a single query.
Feature: Live queries against RIR databases (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) for current ASN registration
Feature: Returns the complete list of IP prefixes (routes) currently announced by the ASN
Feature: Accepts both ASN formats: AS-prefixed (AS15169) or numeric-only (15169)
Feature: Free tool covers individual ASN lookups; bulk processing is available through the API
For BGP monitoring pipelines, threat-intelligence workflows, and network-policy automation, the ASN WHOIS API returns parsed JSON for ASN attribution at scale with full prefix lists and RIR-source confirmation.
ASN WHOIS shows up in four very different work patterns - from BGP route troubleshooting at midnight to building threat-intel blocklists by network operator. Each of the use cases below has its own pivot point, but they all start with the same query: "who controls this AS, and what does it announce?"
When troubleshooting BGP routing anomalies - route leaks, hijacks, or unexpected path changes - ASN WHOIS is the starting point. It confirms which organization is authoritative for an ASN, what prefixes they're supposed to announce, and who to contact if something is wrong. Pair with IP WHOIS Lookup to verify individual IP allocations within the AS.
Many threat actors operate or abuse specific ASNs - particularly bulletproof hosting providers that ignore abuse reports and knowingly host malicious infrastructure. Tracking malicious ASNs across campaigns is a core threat intel technique. Knowing the full IP prefix list of a suspect ASN lets analysts build comprehensive blocklists.
Organizations that need to restrict traffic by geographic region or network operator use ASN WHOIS to build accurate allowlists and blocklists. A single ASN lookup returns the complete list of IP prefixes announced by that AS - enabling precise firewall rules based on network operator rather than individual IPs.
Security teams use ASN lookups to map the complete IP footprint of cloud providers (AWS, Google, Cloudflare, Akamai) for network policy enforcement. Combine with our Reverse DNS Lookup to identify specific hostnames within those IP ranges.
WhoisFreaks queries the five Regional Internet Registries (ARIN, RIPE NCC, APNIC, LACNIC, AFRINIC) in real time, returning the current ASN registration plus the full list of IP prefixes the AS is currently announcing via BGP. Output is parsed into a normalized JSON schema with consistent field names regardless of which RIR responded.
Key features:
For reverse IP lookups (finding all domain names hosted on an IP), use the Reverse DNS Lookup alongside IP WHOIS. To find the physical location of an IP rather than its registration, use the IP Geolocation Lookup - WHOIS returns who owns the IP, geolocation returns where it is being used.
Enter either the ASN number (e.g., AS15169) or just the number (15169) - WhoisFreaks handles both formats automatically.
