I made a script to generate WHOIS queries and the results say that the victim machines are located mainly in Australia, China, Philippines, India, Japan, Korea, Malta, Malaysia, Taiwan, and Vietnam. There are only some machines in France, UK, and USA.
It’s very interesting that there is an IP from Microsoft too – a Wget machine with IP address 18.104.22.168. The Wget version is 1.10.2.
OrgName: Microsoft Corp
Address: One Microsoft Way
NetRange: 22.214.171.124 – 126.96.36.199
There are several Wget UA’s included, one with the version number Wget/1.8.2 too.
I recommend that Redmon guys patch that machine ASAP 😉