Get information about a set of IP addresses, including time ranges, IP metadata, associated actors, activity tags and raw network data (port scans and web requests).

Note: Available only with enterprise plan’s Core Intelligence package.

External Documentation

To learn more, visit the GreyNoise documentation.

Parameters

ParameterDescription
IP ListA comma-separated list of IPv4 addresses for noise lookup, limited to 1000 addresses.

Example Output

{
	"data": [
		{
			"ip": "203.0.113.42",
			"seen": true,
			"classification": "malicious",
			"first_seen": "2023-08-15",
			"last_seen": "2024-02-28",
			"actor": "APT41",
			"tags": [
				"SSH Bruteforcer",
				"Web Scanner",
				"CVES2023",
				"Cryptocurrency Miner"
			],
			"spoofable": false,
			"cve": [
				"CVE-2023-1671",
				"CVE-2023-3519"
			],
			"vpn": false,
			"vpn_service": null,
			"metadata": {
				"country": "China",
				"country_code": "CN",
				"city": "Beijing",
				"region": "Beijing",
				"organization": "China Unicom",
				"rdns": "scan-42.example.net",
				"asn": "AS4837",
				"tor": false,
				"category": "hosting",
				"os": "Linux 3.11+",
				"destination_countries": [
					"United States",
					"Japan",
					"Germany"
				],
				"source_country": "China",
				"destination_country_codes": [
					"US",
					"JP",
					"DE"
				],
				"source_country_code": "CN"
			},
			"raw_data": {
				"scan": [
					{
						"port": 22,
						"protocol": "TCP"
					},
					{
						"port": 443,
						"protocol": "TCP"
					}
				],
				"web": {
					"paths": [
						"/wp-login.php",
						"/admin"
					],
					"useragents": [
						"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
					]
				},
				"ja3": [
					{
						"fingerprint": "e7d705a3286e19ea42f587b344ee6865",
						"port": 443
					}
				],
				"hassh": [
					{
						"fingerprint": "6ad536c4276fb923e6c588c53f3fa279",
						"port": 22
					}
				]
			}
		},
		{
			"ip": "198.51.100.73",
			"seen": true,
			"classification": "benign",
			"first_seen": "2023-11-03",
			"last_seen": "2024-02-15",
			"actor": "Censys",
			"tags": [
				"Internet Scanner",
				"Research"
			],
			"spoofable": false,
			"cve": [],
			"vpn": false,
			"vpn_service": null,
			"metadata": {
				"country": "United States",
				"country_code": "US",
				"city": "Ann Arbor",
				"region": "Michigan",
				"organization": "Censys, Inc.",
				"rdns": "scanner-73.censys.io",
				"asn": "AS398324",
				"tor": false,
				"category": "business",
				"os": "Linux 4.10+",
				"destination_countries": [
					"Global"
				],
				"source_country": "United States",
				"destination_country_codes": [
					"GLOBAL"
				],
				"source_country_code": "US"
			},
			"raw_data": {
				"scan": [
					{
						"port": 80,
						"protocol": "TCP"
					},
					{
						"port": 443,
						"protocol": "TCP"
					}
				],
				"web": {
					"paths": [
						"/"
					],
					"useragents": [
						"censys/0.0.1 (+https://censys.io/scanning)"
					]
				},
				"ja3": [
					{
						"fingerprint": "c4da061c4025ae52c2036495a30e2b33",
						"port": 443
					}
				],
				"hassh": []
			}
		}
	],
	"message": "Query successful",
	"results": 2
}

Workflow Library Example

Multi Ip Context with Greynoise and Send Results Via Email

Preview this Workflow on desktop