This API is only available for Early Access program users.
If an IP is not found in this API, it means that GreyNoise has either never observed the IP or does not have enough information about that IP to determine similarity.
While comparing GreyNoise records, similarity is determined by having several features matching. This could be a similar set of ports, similar web paths queried, similar JA3 fingerprints, etc. When these are identified, we present which features are similar so the user can investigate the matches further.
- bot_bool: Whether or not this is from a bot network based on GreyNoise inference
- tor_bool: Whether or not this is from a TOR node based on GreyNoise inference
- vpn_bool: Whether or not this is from a VPN based on GreyNoise inference
- spoofable_bool: Whether or not this IP has completed a 3-way handshake. If not, it is potentially spoofed
- web_paths: Path of HTTP requests
- useragents: Useragent provided in request
- mass_scan_bool: Whether or not this IP is performing a mass scan based on GreyNoise inference
- ja3_fp: JA3 fingerprints associated with this IP
- hassh_fp: HASSH fingerprints associated with this IP
- rdns: Reverse DNS found for this IP
- os: OS detected for this IP
- ports: Ports used in traffic from this IP