GreyNoise
@greynoise.io
GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?"
www.greynoise.io/blog/your-ip...
www.greynoise.io/blog/your-ip...
Your IP Address Might Be Someone Else's Problem (And Here's How to Find Out)
Your home network might be part of someone else’s attack. GreyNoise IP Check shows if your IP’s been caught scanning the internet—free and private.
www.greynoise.io
November 25, 2025 at 8:25 PM
This holiday season, run our IP Check at your family’s house, a free tool that answers a question we hear constantly: "How do I know if my home network has been compromised?"
www.greynoise.io/blog/your-ip...
www.greynoise.io/blog/your-ip...
LIVE in 8! 🚨
Looking forward to seeing folks this Thursday at 12 ET for another GreyNoise University LIVE. Join Michael + @itsjordyn.bsky.social for a fun and informative demo + walkthrough of all things GreyNoise. ✨
GreyNoise University LIVE
www.greynoise.io
November 20, 2025 at 4:52 PM
LIVE in 8! 🚨
🚨 Palo Alto GlobalProtect scanning surged 40X in 24hrs...a 90-day high.
2.3M login attempts from concentrated infrastructure (AS200373/AS208885).
Block these IPs now ⬇️
2.3M login attempts from concentrated infrastructure (AS200373/AS208885).
Block these IPs now ⬇️
Palo Alto Scanning Surges 40X in 24 Hours, Marking 90-Day High
GreyNoise has identified a significant escalation in malicious activity targeting Palo Alto Networks GlobalProtect portals. Beginning on 14 November 2025, activity rapidly intensified, culminating in ...
www.greynoise.io
November 19, 2025 at 9:05 PM
🚨 Palo Alto GlobalProtect scanning surged 40X in 24hrs...a 90-day high.
2.3M login attempts from concentrated infrastructure (AS200373/AS208885).
Block these IPs now ⬇️
2.3M login attempts from concentrated infrastructure (AS200373/AS208885).
Block these IPs now ⬇️
Attackers move fast, so your blocklists should too. GreyNoise now lets you convert any query into a real-time blocklist that updates automatically as attacker infrastructure changes. Start using it today on the GreyNoise platform.
Introducing Query-Based Blocklists: Fully Configurable, Real-Time Threat Blocking in the GreyNoise Platform
GreyNoise customers can turn any GreyNoise query in the platform directly into a real-time blocklist for their firewall, SOAR, or other enforcement points.
www.greynoise.io
November 19, 2025 at 5:31 PM
Attackers move fast, so your blocklists should too. GreyNoise now lets you convert any query into a real-time blocklist that updates automatically as attacker infrastructure changes. Start using it today on the GreyNoise platform.
Looking forward to seeing folks this Thursday at 12 ET for another GreyNoise University LIVE. Join Michael + @itsjordyn.bsky.social for a fun and informative demo + walkthrough of all things GreyNoise. ✨
GreyNoise University LIVE
www.greynoise.io
November 18, 2025 at 9:43 PM
Looking forward to seeing folks this Thursday at 12 ET for another GreyNoise University LIVE. Join Michael + @itsjordyn.bsky.social for a fun and informative demo + walkthrough of all things GreyNoise. ✨
Reposted by GreyNoise
We've hired Colonel Shawn Smagh to up our @greynoise.io intel reporting game and we've started producing weekly intelligence briefs. This week's is a banger.
November 18, 2025 at 7:38 PM
We've hired Colonel Shawn Smagh to up our @greynoise.io intel reporting game and we've started producing weekly intelligence briefs. This week's is a banger.
Reposted by GreyNoise
Who's in Montreal for #Suricon? I'm there speaking and representing @greynoise.io! Come say hi!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
November 18, 2025 at 6:39 PM
Who's in Montreal for #Suricon? I'm there speaking and representing @greynoise.io! Come say hi!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
We also have a very limited special giveaway. Pro tip: if people ask me for it then I don't have to work to give them away, so if you want a cool prototype thing then just ask!
EU sanctioned Stark Industries in May. Leaked docs gave them 12 days warning.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
The Stark Industries Shell Game - When Bulletproof Hosting Proves Bulletproof
EU sanctions hit Stark Industries in May 2025. GreyNoise data shows how the group quietly rebranded to THE.Hosting and kept its malicious infrastructure running.
www.greynoise.io
November 17, 2025 at 8:56 PM
EU sanctioned Stark Industries in May. Leaked docs gave them 12 days warning.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Result: ASN shuffle, rebrand to THE.Hosting. Corporate shells changed, network behavior didn't.
We tracked it: AS44477→AS209847. Packets don't lie.
Hey Canada, we're packed up + headed to #SuriCon25! 🇨🇦 Check out our booth and don't miss @ntkramer.bsky.social + @iagox86.bsky.social talk ...and if you happen to run into them or @hrbrmstr.dev around the con, they might have something special for you 🥧...
November 17, 2025 at 6:23 PM
Hey Canada, we're packed up + headed to #SuriCon25! 🇨🇦 Check out our booth and don't miss @ntkramer.bsky.social + @iagox86.bsky.social talk ...and if you happen to run into them or @hrbrmstr.dev around the con, they might have something special for you 🥧...
🚨 GreyNoise for @microsoft.com Sentinel is here!
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
November 13, 2025 at 4:02 PM
🚨 GreyNoise for @microsoft.com Sentinel is here!
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
Filter out internet background noise automatically. Focus on real threats.
#MicrosoftSentinel #AppAssure
🔗 techcommunity.microsoft.com/blog/Microso...
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
November 6, 2025 at 3:00 PM
We’ve launched At The Edge, a weekly brief for GreyNoise customers highlighting shifts in attacker behavior seen across the Global Observation Grid (GOG).
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
Human-led analysis that turns internet noise into insight defenders can act on.
#ThreatIntel #GreyNoise
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
What GreyNoise Learned from Deploying MCP Honeypots
GreyNoise deployed MCP honeypots to see what happens when AI middleware meets the open internet — revealing how attackers interact with this new layer of AI infrastructure.
www.greynoise.io
November 5, 2025 at 7:15 PM
We deployed MCP honeypots to understand how threat actors engage with AI middleware exposed to the internet. What we observed was unexpected. Full analysis ⬇️
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
#GreyNoise #AI #AISecurity #MCP #MCPSecurity #Cybersecurity #ThreatIntel
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
PHP Cryptomining Campaign: October/November 2025
From Aug–Oct 2025, GreyNoise observed a surge in exploitation attempts against PHP and PHP-based frameworks as attackers deployed cryptominers—driven by rising Bitcoin prices and higher mining payoffs...
www.greynoise.io
November 4, 2025 at 4:36 PM
GreyNoise has observed a surge in PHP exploitation activity since late summer — now peaking as attackers deploy cryptominers at scale. Full analysis ⬇️ #GreyNoise #PHP #ThreatIntel
Headed to #FalConEurope2025 this week? Come by booth 45 and chat with the team. On Wednesday, continue the conversation at our joint happy hour with Cribl + NetBuilder from 7-?? at Nobu Barcelona, sign up today! ⬇️
GreyNoise - Dinner and Drinks at Fal.Con
Join GreyNoise, Cribl, and Netbuilder on Wednesday, 5 November, for dinner and drinks after a long day at Fal.Con Europe.
info.greynoise.io
November 3, 2025 at 6:40 PM
Headed to #FalConEurope2025 this week? Come by booth 45 and chat with the team. On Wednesday, continue the conversation at our joint happy hour with Cribl + NetBuilder from 7-?? at Nobu Barcelona, sign up today! ⬇️
Happy Halloween from your fave GreyNerds 🍬🍫
October 31, 2025 at 9:21 PM
Happy Halloween from your fave GreyNerds 🍬🍫
Happy Halloween from the GreyNoise ghouls + goblins! This month's NoiseLetter is packed to the brim with tricks + treats, catch up on all the haunts from this past month and be sure to check back in later for the results of our annual Candy Bracket 🎃
NoiseLetter October 2025
Get GreyNoise updates! Read the October 2025 NoiseLetter for product news, key resources, the latest tags and vulnerabilities, and more.
www.greynoise.io
October 31, 2025 at 4:34 PM
Happy Halloween from the GreyNoise ghouls + goblins! This month's NoiseLetter is packed to the brim with tricks + treats, catch up on all the haunts from this past month and be sure to check back in later for the results of our annual Candy Bracket 🎃
Starting soon! 👽
Tune in for a very spooky GreyNoise University LIVE, tomorrow October 30th @ 12 ET. Sign up today, if you dare! 🕸️
GreyNoise University LIVE
www.greynoise.io
October 30, 2025 at 3:57 PM
Starting soon! 👽
Tune in for a very spooky GreyNoise University LIVE, tomorrow October 30th @ 12 ET. Sign up today, if you dare! 🕸️
GreyNoise University LIVE
www.greynoise.io
October 29, 2025 at 3:56 PM
Tune in for a very spooky GreyNoise University LIVE, tomorrow October 30th @ 12 ET. Sign up today, if you dare! 🕸️
We are excited to sponsor #FalConEurope2025 next week in Barcelona! If you're there come by booth 45, or want to meet up with the team, let us know!
Fal.Con Europe 2025
www.greynoise.io
October 28, 2025 at 9:07 PM
We are excited to sponsor #FalConEurope2025 next week in Barcelona! If you're there come by booth 45, or want to meet up with the team, let us know!
see ya'll Friday 😈
I've just received word that we're preparing for this years annual @greynoise.io halloween candy bracket. Twix won years 1-2. 100 Grand won last year on a complete fluke. I might write a blog post about how last year's candy bracket undermined my faith in the democratic process.
October 27, 2025 at 9:32 PM
see ya'll Friday 😈
Want an inside look at what happens when attackers pop our honeypots + AWS slides into our inbox? 📥 Check out Corey's latest blog ⬇️
We Got Yelled At by Amazon So You Didn’t Have To
At GreyNoise, our sensors attract attackers so you don’t have to. We take the hits, learn from every attack, and share insights so you stay safe.
www.greynoise.io
October 24, 2025 at 4:50 PM
Want an inside look at what happens when attackers pop our honeypots + AWS slides into our inbox? 📥 Check out Corey's latest blog ⬇️
Reposted by GreyNoise
big week in the morris household. we've started tracking ORBs at @greynoise.io and I'm shitposting again btw (h/t @hrbrmstr.dev)
October 23, 2025 at 6:36 PM
big week in the morris household. we've started tracking ORBs at @greynoise.io and I'm shitposting again btw (h/t @hrbrmstr.dev)
Threat Actors Rotating New IPs Daily to Attack Microsoft RDP
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Threat Actors Deploying New IPs Daily to Attack Microsoft RDP
GreyNoise reports attackers using rotating IPs to exploit Microsoft RDP timing vulnerabilities, targeting RD Web Access and RDP login enumeration to evade detection.
www.greynoise.io
October 20, 2025 at 8:40 PM
Threat Actors Rotating New IPs Daily to Attack Microsoft RDP
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
Full Analysis ⬇️
#RDP #GreyNoise #ThreatIntel
GreyNoise's Threat Intelligence Map visualizes network events across the internet, scans, probes, attacks + connects them to geopolitical context. Real-time intelligence, that looks pretty cool too 😎
🗺️ threat-map.greynoise.io
🗺️ threat-map.greynoise.io
October 16, 2025 at 5:38 PM
GreyNoise's Threat Intelligence Map visualizes network events across the internet, scans, probes, attacks + connects them to geopolitical context. Real-time intelligence, that looks pretty cool too 😎
🗺️ threat-map.greynoise.io
🗺️ threat-map.greynoise.io
Amid the security incident involving F5 BIG-IP announced today, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. The anomalies reported in our blog may not necessarily relate to the 15 Oct incident. ⬇️
GreyNoise’s Recent Observations Around F5
Amid the security incident involving F5 BIG-IP announced on 15 October 2025, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing.
www.greynoise.io
October 15, 2025 at 11:35 PM
Amid the security incident involving F5 BIG-IP announced today, GreyNoise is sharing recent insights into activity targeting BIG-IP to aid in defensive posturing. The anomalies reported in our blog may not necessarily relate to the 15 Oct incident. ⬇️