Giters

GreyNoise-Intelligence / pygreynoise

Python3 library and command line for GreyNoise

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

GreyNoise Analyze shows incorrect results based on discrepancies between stats and quick endpoints

andrew-morris opened this issue · comments

commented

Given the following list of IPs:

51.77.200.139
183.62.170.245
159.203.27.98
190.207.73.18
189.4.151.102
183.88.234.24
103.195.5.51
190.107.124.200
59.63.200.97
137.74.132.171
106.12.178.82
192.241.133.33
222.186.42.136
107.175.33.240
113.186.175.218
132.232.30.87
103.91.219.80
185.12.223.54
222.186.30.35
201.174.9.98

There are 20 IPs total

The noise ration is calculated by the quick endpoints, which age data off after 30 days:

╔═══════════════════════════╗
║          Analyze          ║
╚═══════════════════════════╝
Summary:
- IP count: 20
- Noise IP count: 15
- Not noise IP count: 5
- Noise IP ratio: 0.75

Queries:
- 183.88.234.24
- 59.63.200.97
- 190.107.124.200
- 222.186.30.35
- 103.91.219.80
- 183.62.170.245
- 107.175.33.240
- 103.195.5.51
- 106.12.178.82
- 189.4.151.102
- 113.186.175.218
- 190.207.73.18
- 51.77.200.139
- 222.186.42.136
- 159.203.27.98
- 192.241.133.33
- 132.232.30.87
- 201.174.9.98
- 185.12.223.54
- 137.74.132.171

ASNs:
- AS14061  2
- AS16276  2
- AS23650  2
- AS134238 1
- AS136600 1
- AS28573  1
- AS32098  1
- AS36352  1
- AS38365  1
- AS4134   1
- AS45090  1
- AS45758  1
- AS45899  1
- AS64022  1
- AS8048   1

Categories:
- hosting  9
- isp      8
- business 1

Classifications:
- malicious 15
- unknown    3

Countries:
- China         7
- France        2
- United States 2
- Brazil        1
- Canada        1
- Hong Kong     1
- Mexico        1
- Thailand      1
- Venezuela     1
- Vietnam       1

Operating systems:
- Linux 3.11+    11
- Linux 2.2-3.x   2
- Linux 3.1-3.10  2
- Windows 7/8     1
- Windows XP      1

Organizations:
- AS Number for CHINANET jiangsu province backbone      2
- DigitalOcean, LLC                                     2
- OVH SAS                                               2
- Beijing Baidu Netcom Science and Technology Co., Ltd. 1
- Beijing Fengniao Network Technology Co., Ltd          1
- CANTV Servicios, Venezuela                            1
- CHINANET Jiangx province  IDC network                 1
- CHINANET-BACKBONE                                     1
- CLARO S.A.                                            1
- ColoCrossing                                          1
- Kamatera, Inc.                                        1
- Shenzhen Tencent Computer Systems Company Limited     1
- Transtelco Inc                                        1
- Triple T Internet/Triple T Broadband                  1
- VNPT Corp                                             1

Tags:
- SSH Bruteforcer 15
- SSH Scanner     14
- FTP Scanner      1
- MSSQL Scanner    1
- SMB Scanner      1
commented

This is fixed now that all endpoints are using a unified data store