Maps IP addresses to cloud providers, ASNs, and organizations via WHOIS
Map discovered IP addresses to cloud providers, Autonomous System Numbers (ASNs), and organizations through WHOIS lookups and cloud IP range matching.
Resolve domain names to IP addresses.
Command:
dig +short A {domain}
dig +short AAAA {domain}
Process:
Output:
{
"domain": "example.com",
"ipv4": ["93.184.216.34"],
"ipv6": ["2606:2800:220:1:248:1893:25c8:1946"],
"cname_chain": ["example.com", "cdn.example.net"]
}
Query WHOIS for IP ownership information.
Command:
whois {ip_address} | grep -iE "OrgName|Organization|NetName|Country|CIDR|ASN"
Fields to Extract:
Example Output:
{
"ip": "93.184.216.34",
"organization": "Edgecast Inc.",
"net_name": "EDGECAST",
"country": "US",
"cidr": "93.184.216.0/24",
"asn": "AS15133"
}
Identify the Autonomous System Number for an IP.
Command:
dig +short {reversed_ip}.origin.asn.cymru.com TXT
Process:
Response Format:
"15133 | US | arin | 2007-03-01 | EDGECAST"
Match IP against known cloud provider IP ranges.
Cloud Provider IP Sources:
AWS:
URL: https://ip-ranges.amazonaws.com/ip-ranges.json
Fields: ip_prefix, region, service
GCP:
URL: https://www.gstatic.com/ipranges/cloud.json
Fields: ipv4Prefix, ipv6Prefix, scope
Azure:
URL: https://www.microsoft.com/en-us/download/details.aspx?id=56519
Note: Weekly updated JSON files
Cloudflare:
URL: https://www.cloudflare.com/ips-v4
URL: https://www.cloudflare.com/ips-v6
Matching Process:
{
"skill": "ip_attribution",
"domain": "string",
"results": {
"ip_mappings": [
{
"domain": "example.com",
"ip": "93.184.216.34",
"ip_version": "ipv4",
"attribution": {
"cloud_provider": "AWS|GCP|Azure|Cloudflare|Other",
"cloud_region": "us-east-1",
"cloud_service": "CloudFront",
"organization": "Amazon.com, Inc.",
"asn": "AS16509",
"asn_name": "AMAZON-02",
"country": "US",
"cidr": "93.184.216.0/24"
},
"is_cloud": true,
"is_cdn": true
}
],
"summary": {
"unique_ips": "number",
"cloud_hosted": "number",
"cdn_fronted": "number",
"providers_detected": ["array"]
}
},
"evidence": [
{
"type": "dns_resolution",
"domain": "string",
"ip": "string",
"timestamp": "ISO-8601"
},
{
"type": "whois",
"ip": "string",
"organization": "string"
},
{
"type": "cloud_ip_match",
"ip": "string",
"provider": "string",
"range": "string"
}
]
}
| Provider | IP Range Pattern | ASN Pattern |
|---|---|---|
| AWS | From ip-ranges.json | AS16509, AS14618 |
| GCP | From cloud.json | AS15169, AS396982 |
| Azure | From ServiceTags | AS8075 |
| Cloudflare | 104.16.0.0/12, 172.64.0.0/13 | AS13335 |
| Fastly | 151.101.0.0/16 | AS54113 |
| Akamai | Various | AS20940, AS16625 |
| DigitalOcean | Various | AS14061 |
| Linode | Various | AS63949 |
| Vultr | Various | AS20473 |
| Heroku | AWS ranges | (Uses AWS) |
| Vercel | Various | AS209242 |
| Netlify | Various | AS205948 |