IP Data

ip

The IP address of the scanning device IP

cve

A list of cves the device has been assigned over the past 90 days

classification

Whether the device has been categorized as unknown, benign, or malicious

first_seen

The date the device was first observed by GreyNoise

last_seen

The date the device was most recently observed by GreyNoise

actor

The benign actor the device has been associated with, such as Shodan, GoogleBot, BinaryEdge, etc

tags

A list of the tags the device has been assigned over the past 90 days

Metadata

category

Whether the device is a business, isp, or hosting provider

country

The full name of the country the device is geographically located in

country_code

The two-character country code of the country the device is geographically located in

city

The city the device is geographically located in

organization

The organization that owns the network that the IP address belongs to

region

The region the device is geographically located in

rdns

The reverse DNS pointer of the IP

asn

The autonomous system the IP address belongs to

tor

Whether or not the device is a known Tor exit node

Raw Data

scan.port

The port number(s) the devices has been observed scanning

scan.protocol

The protocol of the port the device has been observed scanning

web.paths

Any HTTP paths the device has been observed crawling the Internet for

web.useragents

Any HTTP user-agents the device has been observed using while crawling the Internet

ja3.fingerprint

The JA3 TLS/SSL fingerprint

ja3.port

The corresponding TCP port for the given JA3 fingerprint