Get more information about a set of IP addresses. Returns time ranges, IP metadata (network owner, ASN, reverse DNS pointer, country), associated actors, activity tags, and raw port scan and web request information.
Inputs
Outputs
Expand All
Whether or not the IP address has been observed by the GreyNoise sensor network.
The classification of the IP address, either "benign", "malicious", or "unknown", based on the activity observed by GreyNoise.
Allowed enum values: benign,malicious,unknown
The earliest date GreyNoise observed any activity from this IP.
The most recent date GreyNoise observed any activity from this IP.
The overt actor this IP is associated with.
A list of activity/malware tags GreyNoise has applied to this IP.
This IP address has been opportunistically scanning the Internet, however has failed to complete a full TCP connection. Any reported activity could be spoofed.
A list of CVEs associate with this IP.
This IP is associated with a VPN service. Activity, malicious or otherwise, should not be attributed to the VPN service provider.
Name of associated VPN Service.
The country where the device is geographically located.
The two-letter (ISO 3166-1 alpha-2) country code where the device is geographically located.
The city where the device is geographically located.
The region where the device is geographically located.
The name of organization that owns the IP address.
The autonomous system identification number.
Whether or not the device is a known Tor exit node.
The subset of network types the IP address belongs to.
Allowed enum values: isp,business,hosting,mobile,education
An approximate guess of the operating system of the device, based on the TCP stack fingerprint.
Raw data observed directly by GreyNoise.
JA3 hash fingerprint string
TCP port connection that the SSL/TLS communication occurred over
HASSH hash fingerprint string
TCP port connection where the HASSH hash was identified
