GreyNoise launches free scanner to check if you're part of a botnet

News

Featured
Latest

GreyNoise launches free scanner to check if you're part of a botnet

The Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus Deals

Microsoft to secure Entra ID sign-ins from script injection attacks

New ShadowV2 botnet malware used AWS outage as a test opportunity

French Football Federation discloses data breach after cyberattack

1TB of Koofr lifetime cloud storage is at an all-time low on Black Friday

Prepare for CISSP certification with this training bundle for $20

Malicious LLMs empower inexperienced hackers with advanced tools

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Virus Removal Guides

Latest
Most Viewed
Ransomware

Remove the Theonlinesearch.com Search Redirect

Remove the Smartwebfinder.com Search Redirect

How to remove the PBlock+ adware browser extension

Remove the Toksearches.xyz Search Redirect

Remove Security Tool and SecurityTool (Uninstall Guide)

How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo

How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller

How to remove Antivirus 2009 (Uninstall Instructions)

Locky Ransomware Information, Help Guide, and FAQ

CryptoLocker Ransomware Information Guide and FAQ

CryptorBit and HowDecrypt Information Guide and FAQ

CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ

Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Startup Database
Uninstall Database
Glossary
Chat on Discord
Send us a Tip!
Welcome Guide

HomeNewsSecurityGreyNoise launches free scanner to check if you're part of a botnet

GreyNoise launches free scanner to check if you're part of a botnet

By Bill Toulas

November 27, 2025
10:11 AM
0

GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks.
The threat monitoring firm that tracks internet-wide activity via a global sensor network says this problem has grown significantly over the past year, with many users unknowingly helping malicious online activity.
"Over the past year, residential proxy networks have exploded and have been turning home internet connections into exit points for other people's traffic," explains GreyNoise.

"Sometimes folks knowingly install software that does this in exchange for a few dollars. More often, malware sneaks onto devices, usually via nefarious apps or browser extensions, and quietly turns them into nodes in someone else's infrastructure."
While there are ways to determine if someone has become part of malicious botnet activity, like examining device logs, configurations, network traffic, and activity patterns, a tool that simply checks the IP address is the least intrusive method
People visiting the scanner's webpage will get one of the three possible results:
Clean: No malicious scanning activity detected.
Malicious/Suspicious: The IP has shown scanning behavior. Users should investigate devices on their network.
Common Business Service: The IP belongs to a VPN, corporate network, or cloud provider, and the scanning activity is normal for those environments.

Clean scan resultSource: BleepingComputer
When any activity is correlated with the provided IP address, the platform will also include a 90-dayhistorical timeline, which may help pinpoint a potential infection point.
For example, when the installation of a bandwidth-sharing client or a shady application precedes malicious scanning, strong correlations can be made that enable remediation action.

Historic activity dataSource: GreyNoise
For more technical users, GreyNoise also provides an unauthenticated, rate-limit-free JSON API accessible via curl, which can be integrated into scripts or checking systems.
If your scan results show 'Malicious/Suspicious,' it's a good idea to start the investigation by running malware scans on all devices on the same network, especially focusing on devices like routers and smart TVs.
Users are advised to update their devices to the latest available firmware, change admin credentials, and disable remote access features if they're not needed.

Secrets Security Cheat Sheet: From Sprawl to Control
Whether you're cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.
Download Now

Related Articles:
Massive brute force attack uses 2.8 million IPs to target VPN devicesMassive multi-country botnet targets RDP services in the USNew ShadowV2 botnet malware used AWS outage as a test opportunityGlobalProtect VPN portals probed with 2.3 million scan sessionsRondoDox botnet malware now hacks servers using XWiki flaw

Botnet
GreyNoise
IP Address
Proxy
Residential
Scanner

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment
Not a member yet? Register Now

You may also like:

Popular Stories

Microsoft: Exchange Online outage blocks access to Outlook mailboxes

Code beautifiers expose credentials from banks, govt, tech orgs

Microsoft is speeding up the Teams desktop client for Windows

Sponsor Posts

WSUS can’t keep up in a remote-first world. Cloud-native patching fixes what VPNs never could

Review of Passwork: Affordable Enterprise-Grade Password Manager

CMMC Made Simple. Get audit-ready with Huntress—faster, easier, and more affordable.

Overdue a password health-check? Audit your Active Directory for free

  Upcoming Webinar

Follow us:

Main Sections

News
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now

Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

GreyNoise Labs has launched a free online scanner, the GreyNoise IP Check, designed to determine if a user’s IP address has been observed within malicious scanning operations, such as those associated with botnets and residential proxy networks. The firm’s ongoing monitoring efforts reveal a significant increase in these activities over the past year, with many users unknowingly contributing to malicious online operations. This often occurs due to the proliferation of residential proxy networks, where home internet connections are utilized as exit points for other people’s traffic, frequently facilitated by users installing software for a few dollars or by malware silently infecting devices.

The scanner’s functionality is straightforward, providing one of three possible results: “Clean,” indicating no malicious scanning activity, “Malicious/Suspicious,” suggesting scanning behavior has been detected and requiring further investigation, or “Common Business Service” flagging the IP address as belonging to a VPN, corporate network, or cloud provider, where such scanning is typically normal. Regardless of the result, the platform offers a 90-day historical timeline of activity correlated with the IP address, which can assist in pinpointing potential infection points, particularly when correlating the IP address with the installation of bandwidth-sharing clients or questionable applications.

For more technically inclined users, GreyNoise also provides an unauthenticated, rate-limit-free JSON API accessible via curl, allowing for integration into scripts or monitoring systems. A “Malicious/Suspicious” result warrants a thorough investigation, typically beginning with malware scans across all devices on the same network, with particular attention to routers and smart TVs. Recommended remediation steps include updating device firmware, changing admin credentials, and disabling remote access features if they are not required. Essentially, the tool provides a readily available method for individuals to assess their potential involvement in malicious network activity, emphasizing the importance of proactive security measures.