Re: IPv6 weekly spikes
"Anyone care to postulate a reason?"
"Do Russian bots prefer IPv6?"
Probably not, unless with all of the EXPOSED PORTS on PUBLIC IPv6 ADDRESSES caused by PROMISCUOUSLY INSECURE Windows boxen (especially "Ape" and Win-10-nic, which add several NEW ports to the number of listening things on 'all adaptors' that don't ever change what port they listen on).
Such Windows boxen on IPv6 addresses are as bad as an unfirewalled Windows box on a DIALUP, as far as security is concerned.
And I wouldn't trust any MICRO-SHAFT firewall to block it, either. Not with their SLURP priority.
So the potential for 'Russian bots' on IPv6 would be AMPLIFIED by the "Promiscuous Insecurity" of Windows machines that have services listening ALL OF THE TIME on ALL IP ADDRESSES on KNOWN PORTS, which would be easy to scan for, and relatively easy to CRACK if a zero-day exploit exists for them.
here's a list of listening ports (from a 7 box) using 'netstat -a'
TCP 135, 445, 554, 2869, 3389, 3587, 5357, 10243, 49152, 49153, 49154, 49155, 49156, 49157
UDP 123, 427, 500, 3540, 3702, 4500, 5004, 5005, 5355, 56409, 56410, 58188, 58189
All of these are listening on all IPv4 (and IPv6) addresses, meaning that for IPv6, they're publically visible. Unless you SPECIFICALLY firewall them (like me). Being windows boxen, they're vulnerable "out of the box".