historic SWIP (or rwhois) data?

Hello,

I'm working on a forensics problem rather than a network operations issue.

I've got a /28 that I can see is currently assigned to a certain company
via rwhois.

What I want to do is see this block's history over the last five years. It
was involved in some problematic behavior back in 2012, I'd really like to
know whose name was on it then.

It would be ideal if this data were available in some sort of flat file
format, or if a sensible API to it exists.

I've been searching a little bit, just found this, not really seeing any
place to download any of this data though.

https://gist.github.com/NetwarSystem/eed78b65d881d0d384664ab713cf5e1f

ARIN's WhoWas service?

Well @ RIPE ist is quite simple to query historical data:

https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-database-documentation/types-of-queries/16-12-historical-queries

I don't know if other registries offer similar services.

Mit freundlichen Grüssen

-Benoît Panizzon-

APNIC has whowas also
https://www.apnic.net/static/whowas-ui/

For RWhois, check with the organization operating rwhoisd? They might
have the information beyond RWhois.

Yang

An interesting answer to this problem:

whois --list-versions w.x.y.z/prefix - gotta know the object size, so some
hunt & peck might be needed.

And for the princely sum of $45/mo this site seems to have all sorts of
info, and an API, but mysteriously there is no Maltego transform yet.

https://myip.ms/