About the ASN View
The Investigate Autonomous System Number (ASN) view includes the current information about an Autonomous System (AS) and the current routes that show the subnets assigned to an AS. Investigate displays the ASN view when you use the Smart Search and provide an AS number, or when you link to an ASN from the Domain or IP address view that shows the AS for the primary site. When you search for AS information, specify the AS number without the AS prefix, for example, search for 36692, but not AS36692.
Table of Contents
Prerequisites
- A minimum of Investigate Only access to the Umbrella dashboard. See Manage the Investigate Only User Role.
Current Information
The AS Current Information view includes the time period when the AS was published, the creation date when the AS routes were published, the Regional Internet Registry (RIR) for the ASN, and the description of the network owner.
Investigate lists the registry information with the appropriate regional registry. The registries and associated regions are:
- AfriNIC—Africa
- APNIC—Asia, Australia, New Zealand, and neighboring countries
- ARIN—United States, Canada, several parts of the Caribbean region, and Antarctica
- LACNIC—Latin America and parts of the Caribbean region
- RIPE NCC—Europe, Russia, the Middle East, and Central Asia
Note: If no registry is available, Investigate displays Unknown / Not Available.
Current Routes
The AS Current routes view displays the subnets assigned to each AS, including any suspicious sites associated with the subnets within the last seven days. Note that the domains listed as suspicious have the IP for the route as part of their DNS records, but that does not indicate that you should add the subnet or the ASN to a block list.
The number of suspicious domains as a percentage of benign domains varies based on the AS and the subnet, but it is unlikely that any one AS or subnet is entirely malicious. The ASN view can help to investigate suspicious activity originating toward subnets associated with other malicious traffic. Looking at the associated domains and the geographic location of the AS and associated subnets is a way to build a framework for investigation.
Research AS From IP Address View
You can research an AS number by providing an IP address to the Investigate Smart Search, for example: 82.208.40.8. Investigate returns a list of 66 malicious domains hosted by this IP address for the past week.
The ASN for the IP address, 82.208.40.8, is AS15685, and the network owner is CASABLANCA-AS. AS15685 is part of RIPE-NIC, which includes Europe. The description of the network owner provides geolocation details about the AS.
From the IP address view > Autonomous Systems tab, click the number of the AS to display the Investigate ASN view > Current routes for AS. The Current routes for AS lists the suspicious domains associated with a route for the last seven days.
WHOIS Data FAQ < About the ASN View
Updated 5 months ago