Multi IP Context

Get information about a set of IP addresses, including time ranges, IP metadata, associated actors, activity tags and raw network data (port scans and web requests).

Note: Available only with enterprise plan’s Core Intelligence package.

External Documentation

To learn more, visit the GreyNoise documentation.

Parameters

Parameter	Description
IP List	A comma-separated list of IPv4 addresses for noise lookup, limited to 1000 addresses.

Example Output

{
	"data": [
		{
			"ip": "203.0.113.42",
			"seen": true,
			"classification": "malicious",
			"first_seen": "2023-08-15",
			"last_seen": "2024-02-28",
			"actor": "APT41",
			"tags": [
				"SSH Bruteforcer",
				"Web Scanner",
				"CVES2023",
				"Cryptocurrency Miner"
			],
			"spoofable": false,
			"cve": [
				"CVE-2023-1671",
				"CVE-2023-3519"
			],
			"vpn": false,
			"vpn_service": null,
			"metadata": {
				"country": "China",
				"country_code": "CN",
				"city": "Beijing",
				"region": "Beijing",
				"organization": "China Unicom",
				"rdns": "scan-42.example.net",
				"asn": "AS4837",
				"tor": false,
				"category": "hosting",
				"os": "Linux 3.11+",
				"destination_countries": [
					"United States",
					"Japan",
					"Germany"
				],
				"source_country": "China",
				"destination_country_codes": [
					"US",
					"JP",
					"DE"
				],
				"source_country_code": "CN"
			},
			"raw_data": {
				"scan": [
					{
						"port": 22,
						"protocol": "TCP"
					},
					{
						"port": 443,
						"protocol": "TCP"
					}
				],
				"web": {
					"paths": [
						"/wp-login.php",
						"/admin"
					],
					"useragents": [
						"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
					]
				},
				"ja3": [
					{
						"fingerprint": "e7d705a3286e19ea42f587b344ee6865",
						"port": 443
					}
				],
				"hassh": [
					{
						"fingerprint": "6ad536c4276fb923e6c588c53f3fa279",
						"port": 22
					}
				]
			}
		},
		{
			"ip": "198.51.100.73",
			"seen": true,
			"classification": "benign",
			"first_seen": "2023-11-03",
			"last_seen": "2024-02-15",
			"actor": "Censys",
			"tags": [
				"Internet Scanner",
				"Research"
			],
			"spoofable": false,
			"cve": [],
			"vpn": false,
			"vpn_service": null,
			"metadata": {
				"country": "United States",
				"country_code": "US",
				"city": "Ann Arbor",
				"region": "Michigan",
				"organization": "Censys, Inc.",
				"rdns": "scanner-73.censys.io",
				"asn": "AS398324",
				"tor": false,
				"category": "business",
				"os": "Linux 4.10+",
				"destination_countries": [
					"Global"
				],
				"source_country": "United States",
				"destination_country_codes": [
					"GLOBAL"
				],
				"source_country_code": "US"
			},
			"raw_data": {
				"scan": [
					{
						"port": 80,
						"protocol": "TCP"
					},
					{
						"port": 443,
						"protocol": "TCP"
					}
				],
				"web": {
					"paths": [
						"/"
					],
					"useragents": [
						"censys/0.0.1 (+https://censys.io/scanning)"
					]
				},
				"ja3": [
					{
						"fingerprint": "c4da061c4025ae52c2036495a30e2b33",
						"port": 443
					}
				],
				"hassh": []
			}
		}
	],
	"message": "Query successful",
	"results": 2
}

Workflow Library Example

Multi Ip Context with Greynoise and Send Results Via Email

Preview this Workflow on desktop

On this page

Parameters
Example Output
Workflow Library Example

Get information about a set of IP addresses, including time ranges, IP metadata, associated actors, activity tags and raw network data (port scans and web requests).

Note: Available only with enterprise plan’s Core Intelligence package.

External Documentation

To learn more, visit the GreyNoise documentation.

Parameters

Parameter	Description
IP List	A comma-separated list of IPv4 addresses for noise lookup, limited to 1000 addresses.

Example Output

{
	"data": [
		{
			"ip": "203.0.113.42",
			"seen": true,
			"classification": "malicious",
			"first_seen": "2023-08-15",
			"last_seen": "2024-02-28",
			"actor": "APT41",
			"tags": [
				"SSH Bruteforcer",
				"Web Scanner",
				"CVES2023",
				"Cryptocurrency Miner"
			],
			"spoofable": false,
			"cve": [
				"CVE-2023-1671",
				"CVE-2023-3519"
			],
			"vpn": false,
			"vpn_service": null,
			"metadata": {
				"country": "China",
				"country_code": "CN",
				"city": "Beijing",
				"region": "Beijing",
				"organization": "China Unicom",
				"rdns": "scan-42.example.net",
				"asn": "AS4837",
				"tor": false,
				"category": "hosting",
				"os": "Linux 3.11+",
				"destination_countries": [
					"United States",
					"Japan",
					"Germany"
				],
				"source_country": "China",
				"destination_country_codes": [
					"US",
					"JP",
					"DE"
				],
				"source_country_code": "CN"
			},
			"raw_data": {
				"scan": [
					{
						"port": 22,
						"protocol": "TCP"
					},
					{
						"port": 443,
						"protocol": "TCP"
					}
				],
				"web": {
					"paths": [
						"/wp-login.php",
						"/admin"
					],
					"useragents": [
						"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
					]
				},
				"ja3": [
					{
						"fingerprint": "e7d705a3286e19ea42f587b344ee6865",
						"port": 443
					}
				],
				"hassh": [
					{
						"fingerprint": "6ad536c4276fb923e6c588c53f3fa279",
						"port": 22
					}
				]
			}
		},
		{
			"ip": "198.51.100.73",
			"seen": true,
			"classification": "benign",
			"first_seen": "2023-11-03",
			"last_seen": "2024-02-15",
			"actor": "Censys",
			"tags": [
				"Internet Scanner",
				"Research"
			],
			"spoofable": false,
			"cve": [],
			"vpn": false,
			"vpn_service": null,
			"metadata": {
				"country": "United States",
				"country_code": "US",
				"city": "Ann Arbor",
				"region": "Michigan",
				"organization": "Censys, Inc.",
				"rdns": "scanner-73.censys.io",
				"asn": "AS398324",
				"tor": false,
				"category": "business",
				"os": "Linux 4.10+",
				"destination_countries": [
					"Global"
				],
				"source_country": "United States",
				"destination_country_codes": [
					"GLOBAL"
				],
				"source_country_code": "US"
			},
			"raw_data": {
				"scan": [
					{
						"port": 80,
						"protocol": "TCP"
					},
					{
						"port": 443,
						"protocol": "TCP"
					}
				],
				"web": {
					"paths": [
						"/"
					],
					"useragents": [
						"censys/0.0.1 (+https://censys.io/scanning)"
					]
				},
				"ja3": [
					{
						"fingerprint": "c4da061c4025ae52c2036495a30e2b33",
						"port": 443
					}
				],
				"hassh": []
			}
		}
	],
	"message": "Query successful",
	"results": 2
}

Workflow Library Example

Multi Ip Context with Greynoise and Send Results Via Email

Preview this Workflow on desktop

On this page

Parameters
Example Output
Workflow Library Example

Parameters

Example Output

Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

Multi IP Context

Parameters

Example Output

Workflow Library Example

​Parameters

​Example Output

​Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example

Parameters

Example Output

Workflow Library Example