Get detailed information about an IP address, including time ranges, IP metadata, associated actors, activity tags and raw network data (port scans and web requests).

Note: Available only with enterprise plan’s Core Intelligence package.

External Documentation

To learn more, visit the GreyNoise documentation.

Parameters

ParameterDescription
IP AddressThe IP address to search.

Example Output

{
	"ip": "203.0.113.42",
	"seen": true,
	"classification": "malicious",
	"first_seen": "2023-08-15",
	"last_seen": "2024-02-28",
	"actor": "APT41",
	"tags": [
		"SSH Bruteforcer",
		"Web Scanner",
		"CVES2023",
		"Cryptocurrency Miner"
	],
	"spoofable": false,
	"cve": [
		"CVE-2023-1671",
		"CVE-2023-3519"
	],
	"vpn": false,
	"vpn_service": null,
	"metadata": {
		"country": "China",
		"country_code": "CN",
		"city": "Beijing",
		"region": "Beijing",
		"organization": "China Unicom",
		"rdns": "scan-42.example.net",
		"asn": "AS4837",
		"tor": false,
		"category": "hosting",
		"os": "Linux 3.11+",
		"destination_countries": [
			"United States",
			"Japan",
			"Germany",
			"Singapore",
			"Australia"
		],
		"source_country": "China",
		"destination_country_codes": [
			"US",
			"JP",
			"DE",
			"SG",
			"AU"
		],
		"source_country_code": "CN"
	},
	"raw_data": {
		"scan": [
			{
				"port": 22,
				"protocol": "TCP"
			},
			{
				"port": 80,
				"protocol": "TCP"
			},
			{
				"port": 443,
				"protocol": "TCP"
			},
			{
				"port": 8080,
				"protocol": "TCP"
			}
		],
		"web": {
			"paths": [
				"/wp-login.php",
				"/admin",
				"/.env",
				"/wp-content/plugins/",
				"/config.php"
			],
			"useragents": [
				"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
			]
		},
		"ja3": [
			{
				"fingerprint": "e7d705a3286e19ea42f587b344ee6865",
				"port": 443
			}
		],
		"hassh": [
			{
				"fingerprint": "6ad536c4276fb923e6c588c53f3fa279",
				"port": 22
			}
		]
	}
}

Workflow Library Example

Ip Context with Greynoise and Send Results Via Email

Preview this Workflow on desktop

Get detailed information about an IP address, including time ranges, IP metadata, associated actors, activity tags and raw network data (port scans and web requests).

Note: Available only with enterprise plan’s Core Intelligence package.

External Documentation

To learn more, visit the GreyNoise documentation.

Parameters

ParameterDescription
IP AddressThe IP address to search.

Example Output

{
	"ip": "203.0.113.42",
	"seen": true,
	"classification": "malicious",
	"first_seen": "2023-08-15",
	"last_seen": "2024-02-28",
	"actor": "APT41",
	"tags": [
		"SSH Bruteforcer",
		"Web Scanner",
		"CVES2023",
		"Cryptocurrency Miner"
	],
	"spoofable": false,
	"cve": [
		"CVE-2023-1671",
		"CVE-2023-3519"
	],
	"vpn": false,
	"vpn_service": null,
	"metadata": {
		"country": "China",
		"country_code": "CN",
		"city": "Beijing",
		"region": "Beijing",
		"organization": "China Unicom",
		"rdns": "scan-42.example.net",
		"asn": "AS4837",
		"tor": false,
		"category": "hosting",
		"os": "Linux 3.11+",
		"destination_countries": [
			"United States",
			"Japan",
			"Germany",
			"Singapore",
			"Australia"
		],
		"source_country": "China",
		"destination_country_codes": [
			"US",
			"JP",
			"DE",
			"SG",
			"AU"
		],
		"source_country_code": "CN"
	},
	"raw_data": {
		"scan": [
			{
				"port": 22,
				"protocol": "TCP"
			},
			{
				"port": 80,
				"protocol": "TCP"
			},
			{
				"port": 443,
				"protocol": "TCP"
			},
			{
				"port": 8080,
				"protocol": "TCP"
			}
		],
		"web": {
			"paths": [
				"/wp-login.php",
				"/admin",
				"/.env",
				"/wp-content/plugins/",
				"/config.php"
			],
			"useragents": [
				"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36"
			]
		},
		"ja3": [
			{
				"fingerprint": "e7d705a3286e19ea42f587b344ee6865",
				"port": 443
			}
		],
		"hassh": [
			{
				"fingerprint": "6ad536c4276fb923e6c588c53f3fa279",
				"port": 22
			}
		]
	}
}

Workflow Library Example

Ip Context with Greynoise and Send Results Via Email

Preview this Workflow on desktop