🔍 Possible Spoofed Traffic Detection
Your IP may have appeared in scanning activity that used spoofed source addresses.
What this means: Your IP was likely used as a fake source address in network scanning, not actual scanning from your network.
Don't Panic!
This detection suggests your IP address was likely used as a "fake return address" in network scanning activities, similar to how spam emails might use fake sender addresses.
What this means:
- The scanning traffic probably didn't actually come from your network
- Attackers may have used your IP as a decoy source address
- This is typically not a sign of compromise on your end
Recommended Actions:
- Monitor your network for any unusual outbound traffic
- Ensure your firewall and router are properly configured
- If you notice actual suspicious activity, contact your ISP
What/Who is GreyNoise?
GreyNoise watches the internet's background radiation—the constant storm of scanners, bots, and probes hitting every IP address on Earth. We've cataloged billions of these interactions to answer one critical question: is this IP a real threat, or just internet noise? Security teams trust our data to cut through the chaos and focus on what actually matters.
Find out more on our website.
Monitor Your IP's Reputation 24/7
Set up automatic alerts to get notified if your IP address starts behaving badly—like if it gets compromised and begins scanning for vulnerabilities, or if it shows up associated with threats. You'll get an email or webhook notification so you can investigate immediately, rather than finding out weeks later from an angry sysadmin.
Learn more about how to configure alerts in our documentation.