GreyNoise Intelligence · Example Payload

Greynoise Internet Scanner Intelligence Example

idslugnamecategoryintentiondescriptionreferencesrecommend_blockcvescreated_atupdated_at

Greynoise Internet Scanner Intelligence Example is an example object payload from GreyNoise Intelligence, with 16 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

ipseenclassificationfirst_seenlast_seenlast_seen_timestampfoundactorspoofablecvestorvpnvpn_servicemetadatatagsraw_data

Example Payload

Raw ↑ 
{
  "ip": "71.6.135.131",
  "seen": true,
  "classification": "benign",
  "first_seen": "2018-01-28",
  "last_seen": "2018-02-28",
  "last_seen_timestamp": "2025-01-15T12:30:45Z",
  "found": true,
  "actor": "Shodan.io",
  "spoofable": true,
  "cves": [
    "CVE-2020-1234",
    "CVE-2021-2345"
  ],
  "tor": false,
  "vpn": true,
  "vpn_service": "IPVANISH_VPN",
  "metadata": {
    "mobile": false,
    "source_country": "United States",
    "source_country_code": "US",
    "source_city": "Seattle",
    "region": "Seattle",
    "organization": "DigitalOcean, LLC",
    "rdns": "crawl-66-249-79-17.googlebot.com",
    "asn": "AS521",
    "category": "education",
    "os": "Windows 7/8",
    "destination_countries": [
      "string"
    ],
    "destination_country_codes": [
      "US"
    ],
    "destination_cities": [
      "string"
    ],
    "destination_asns": [
      "string"
    ],
    "single_destination": true,
    "carrier": "AIS",
    "datacenter": "us-west-1",
    "domain": "example.com",
    "rdns_parent": "example.com",
    "rdns_validated": true,
    "latitude": 37.7749,
    "longitude": -122.4194,
    "sensor_count": 10,
    "sensor_hits": 10
  },
  "tags": {
    "id": "ef0cc90d-d80c-436f-92c5-3d8f8665c9ac",
    "slug": "mirai",
    "name": "Mirai",
    "category": "worm",
    "intention": "malicious",
    "description": "This IP address exhibits behavior that indicates it is infected with Mirai or a Mirai-like variant of malware.",
    "references": [
      "string"
    ],
    "recommend_block": false,
    "cves": [
      "CVE-2021-44228"
    ],
    "created_at": "2020-04-07",
    "updated_at": "2020-04-07"
  },
  "raw_data": {
    "scan": [
      {
        "port": 80,
        "protocol": "TCP"
      }
    ],
    "ja3": [
      {
        "fingerprint": "c3a6cf0bf2e690ac8e1ecf6081f17a50",
        "port": 443
      }
    ],
    "hassh": [
      {
        "fingerprint": "51cba57125523ce4b9db67714a90bf6e",
        "port": 2222
      }
    ],
    "http": {
      "md5": "9764955b67107eeb9edfae76f429e783",
      "cookie_keys": [
        "expremotekey"
      ],
      "request_authorization": [
        "Bearer exampletoken",
        "Basic username:password"
      ],
      "request_cookies": [
        "session_id=1234567890"
      ],
      "request_header": [
        "Content-Type: application/json",
        "Accept: application/json"
      ],
      "method": [
        "GET",
        "POST",
        "PUT",
        "DELETE"
      ],
      "request_origin": [
        "111.111.1.1"
      ],
      "host": [
        "example.com",
        "example.com:8080"
      ],
      "uri": [
        "string"
      ],
      "path": [
        "/HNAP1/"
      ],
      "useragent": [
        "Mozilla/5.0 (compatible; GoogleBot/2.1; +http://www.google.com/bot.html)"
      ],
      "ja4h": [
        "ge11cn060000_4e59edc1297a_4da5efaf0cbd"
      ]
    },
    "tls": {
      "cipher": "TLS_AES_128_GCM_SHA256",
      "ja4": [
        "t13d1516h2_8daaf6152771_02713d6af862"
      ]
    },
    "ssh": {
      "key": [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1234567890"
      ],
      "ja4ssh": [
        "c76s76_c71s59_c0s0"
      ]
    },
    "tcp": {
      "ja4t": [
        "64240_2-1-3-1-1-4_1460_8"
      ],
      "ja4l": "1460_64"
    },
    "source": "string"
  }
}