After almost 7 months, I (finally) published another (personal) blog post: antoinevastel.com/bot/2022/09/24.
As you may know, I maintain some bad bot/proxy IPs list in my spare time (github.com/antoinevastel/).
(1/6)
Conversation
These lists are stored on Github. In this blog post, I show how you can use Git-Python and Matplotlib to explore the "Avastel all infected IPs 7d blocklist" and extract some insights.
(2/6)
1
The main findings are the following:
- There are ~70K distinct IP addresses in the list at a given time;
- 800,000 malicious IP addresses have been flagged in 8 months;
- 10.3% of the IPs have been included in the list for > 1 month;
(3/6)
1
- The top 3 autonomous systems whose IP addresses are the most frequently flagged as proxies or used by bots are 1) Korea Telecom, 2) AS Coloam and 3) Chinanet;
(4/6)
1
- We also observe a long tail of data-center and residential autonomous systems from which we originate a significant volume of malicious traffic, such as M247 Ltd, HKT Limited, and Telefonica Brasil.
(5/6)
Replying to
Bonus: bar chart the top autonomous systems whose IP addresses are the most frequently flagged as proxies/used by bots.
(6/6)
1
Link of the blog post since apparently Twitter decided to show my Github repo in the Tweet preview 😅
antoinevastel.com/bot/2022/09/24
