If an IP is not found in this API, it means that GreyNoise has either
never observed the IP or does not have enough information about that
IP to determine similarity.

While comparing GreyNoise records, similarity is determined by having
several features matching. This could be a similar set of ports, similar
web paths queried, similar JA3 fingerprints, etc. When these are
identified, we present which features are similar so the user can
investigate the matches further.

  • bot_bool: Whether or not this is from a bot network based on
    GreyNoise inference
  • tor_bool: Whether or not this is from a TOR node based on
    GreyNoise inference
  • vpn_bool: Whether or not this is from a VPN based on
    GreyNoise inference
  • spoofable_bool: Whether or not this IP has completed a 3-way
    handshake. If not, it is potentially spoofed
  • web_paths: Path of HTTP requests
  • useragents: Useragent provided in request
  • mass_scan_bool: Whether or not this IP is performing a mass
    scan based on GreyNoise inference
  • ja3_fp: JA3 fingerprints associated with this IP
  • hassh_fp: HASSH fingerprints associated with this IP
  • rdns: Reverse DNS found for this IP
  • os: OS detected for this IP
  • ports: Ports used in traffic from this IP

Search Usage: This endpoint consumes one Search per API request.

License: This endpoint requires an additional subscription
license to use.

Click Try It! to start a request and see the response here!