24/7 Abuse Contact : +49 5424 211 97 22

/

e-mail : abuse@measurement.network

measurement.network

Current Measurements

BTTF-Whois

BTTF-Whois is a bulk whois service allowing you to search for the ASN(s) that announced a prefix at a specific date in the past.

Single usage: whois -h bttf-whois.as59645.net "1.1.1.1/32 20220123" # Date is YYYYMMDD

Bulk usage: cat infile | nc bttf-whois.as59645.net 43 > outfile

Bulk file format:

begin
1.1.1.1/32 20220123
1.1.1.1/32 20110928
8.8.8.8/32 20220123
end


output description:

{
  # Requested IPv4 or IPv6 address
  "IP": "1.1.1.1",
  # Date for which data was requested
  "QDATE": "20210101",
  "results": {
    # First time the most specific prefix for address has been seen
    # first with this specific set of announcing ASes
    "DATA_FIRST": 20180320,
    # Last time this entry was seen, i.e., valid until. If it is
    # null, the most specific is still visible in the most recent
    # dataset (valid NOW).
    "DATA_LAST": null,
    # List of ASNs that announced the most specific prefix for the
    # requested address.
    "asns": [
      13335
    ],
    # The most specific matching prefix from the dataset.
    "prefix": "1.1.1.0/24",
    # AS2ORG mappings for all announcing ASN.
    "as2org": [
      {
        # AS number
        "ASN": 13335,
        # AS name
        "ASNAME": "CLOUDFLARENET-AS",
        # RIR that is the data source in the AS2ORG mappings
        "RIR": "RIPE",
        # Org objects associated with the ASN
        "orgs": [
          {
            # Country code attributed to an organization
            "CC": "US",
            # RIRs that hold an instance of this ORG object
            "RIR": "ARIN,RIPE",
            # Organization name from the ORG object
            "ASORG": "Cloudflare Inc"
          }
        ]
      }
    ]
  }
}

FAQ:

Q: What does this do?
A: This system lets you check who announced an IP address or prefix in the past; Daily granularity, as far back as 2006.

Q: But… why?!
A: So you can accurately bulk-attribute IP addresses to organizations when working with an old dataset.

Q: This all sounds really interesting. Where can i learn more?
A: Here: Streibelt et al., ‘Back-to-the-Future Whois: An IP Address Attribution Service for Working with Historic Datasets’, Passive and Active Measurement Conference, 2023.

Q: Who runs this service?
A: This service is part of measurement.network.

Q: Do you have a privacy policy?
A: Please see the general privacy policy of measurement.network. Everything the BTTF-whois service processes which can be traced back to you is only ephemerally held in memory and not written to disk. You can’t request deletion, correction, or a copy of your data, because there is no data. The data we use to attribute IP addresses to announcing organizations are a public dataset of routing and organizational information, as publicly provided by CAIDA.