Pin the Tale on the Donkey

Topic One, continued; Timeline of Russian Interference:
  
The three tables below were prepared from data collected in the Raw Access Files of MiDomane.com from 2006 to the end of August 2018 and are representative of what the principal malefactors have been doing within MiDomane.com ever since September of 2016 and which they are continuing to do to the present day. Every one of the counted instances of HEAD /HTTP requests was made through an intermediary [RU, UA, or Cyrillic alphabet] domain, but quite a few of these domains were used in multiple URLs and/or were domains shared by the named requestors. All of these intermediary domains must be blocked to protect MiDomane.com (and yours as well !) from the anticipated Denial of Service attack; there are about 3,000 of them ...
(updated September 2, 2018)
Monthly HEAD / HTTP requests, total, all sourcesThe plot at left shows the monthly total requests from all sources, which peaked in January 2017.

Requesters:
  Bottom: AS48347
  Middle: AS48666
  Top: Michel Clarisse


Alexey Khoroshilov, Administrator:   Links in the IPv4 columns point to Anti-Hacker Alliance data. Port 3389 is the Windows Remote Desktop port. Could the one active IPv4 whose Port 3389 isn't open have been the "Czar" IPv4 (all HEAD / HTTP requests ended by 7/17/2018)?
As of July 14, 2018, some Ports 3389 have been re-opened that were found closed shortly after the associated IPv4 ceased making HEAD / HTTP requests ... now up to some other mischief ?

Administrator

IPv4
Is Port 3389 open ?

CC

Server address range

ActiveDates

Sep-16

Oct-16

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

Apr-17

May-17

Jun-17

Jul-17

Aug-17

Sep-17

Oct-17

Nov-17
Dec-17
Jan-18
Feb-18
Mar-18
Apr-18
May-18
Jun-18
Jul-18
Aug-18

AS48347-B

194.87.103.12
Not any more

RU

 194.87.102.0 - 194.87.103.255

10-01-2017 to 03-05-2018

0

0

0

0

0

0

0

0

0

0

0

0

0

71

58
59
60
51
12
0
0
0
0
0

AS48347-B

194.87.94.251
Yes

RU

 194.87.92.0 - 194.87.95.255

08-01-2017 to
07-11-2018

0

0

0

0

0

0

0

0

0

0

0

85

63

77

47
62
59
56
78
83
42
77
31
ended 7-11-2018
0

AS48347-B

195.133.201.163
NO!
(corrected 7-2018)

RU

 195.133.201.0 - 195.133.201.255

08-02-2017 to
07-11-2018

0

0

0

0

0

0

0

0

0

0

0

79

63

73

59
69
59
65
73
58
70
75
29
ended 7-11-2018
0

AS48347-B

194.87.236.223
Yes

RU

 194.87.236.0 - 194.87.239.255

07-18-2017 to
07-17-2018

0

0

0

0

0

0

0

0

0

0

30

84

63

73

62
65
59
59
68
54
45
51
31
ended 7-17-2018
0

AS48347-B

195.133.145.199
Yes

RU

 195.133.144.0 - 195.133.147.255

03-03-2017 to
7-11-2018

0

0

0

0

0

0

110

139

133

89

36

86

63

74

60
69
61
61
77
50
61
70
30
ended 7-11-2018
0

AS48347-B

195.133.147.74
Still closed as of July 14, 2018

RU

 195.133.144.0 - 195.133.147.255

03-03-2017 to 06-19-2017

0

0

0

0

0

0

86

139

129

87

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

194.87.238.17
Still closed as of July 14, 2018

RU

 194.87.236.0 - 194.87.239.255

01-04-2017 to 06-19-2017

0

0

0

0

143

145

106

140

132

87

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

195.133.147.89
Still open !

RU

 195.133.144.0 - 195.133.147.255

01-03-2017 to 06-19-2017

0

0

0

0

160

144

102

137

132

89

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

194.87.239.5
Still closed as of July 14, 2018

RU

 194.87.236.0 - 194.87.239.255

01-04-2017 to 03-31-2017

0

0

0

0

119

110

99

1

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

195.133.144.24
Still closed as of July 14, 2018

RU

 195.133.144.0 - 195.133.147.255

01-02-2017 to 03-01-2017

0

0

0

0

159

140

9

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

195.133.145.95
Still open !

RU

 195.133.144.0 - 195.133.147.255

01-03-2017 to 02-03-2017

0

0

0

0

110

10

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

195.133.147.6
Not any more

RU

 195.133.144.0 - 195.133.147.255

12-08-2016 to 03-06-2018

0

0

0

134

174

142

109

136

127

134

80

87

63

73

59
70
59
66
46
0
0
0
0
0

AS48347-B

195.133.48.150
Still closed as of July 14, 2018

RU

 195.133.48.0 - 195.133.49.255

12-07-2016 to 06-19-2017

0

0

0

137

185

142

113

139

131

88

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

195.133.48.121
Still closed as of July 14, 2018

RU

 195.133.48.0 - 195.133.49.255

12-09-2016 to 04-03-2017

0

0

0

104

173

147

108

16

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-A

193.124.131.168
Not any more

RU

 193.124.128.0 - 193.124.131.255

11-03-2016 to 03-26-2018

0

0

161

172

193

145

125

141

132

134

77

84

57

69

49
64
58
54
53
0
0
0
0
0

AS48347-B

194.87.234.246
Still closed as of July 14, 2018

RU

 194.87.234.0 - 194.87.235.255

11-01-2016 to 06-19-2017

0

0

161

174

176

92

112

136

130

89

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

194.87.235.198
Still closed as of July 14, 2018

RU

 194.87.234.0 - 194.87.235.255

10-31-2016 to 11-03-2016

0

0

15

0

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

195.133.201.82
Still open !

RU

 195.133.201.0 - 195.133.201.255

10-26-2016 to 12-25-2016

0

20

167

119

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

194.87.236.125
Still open !

RU

 194.87.236.0 - 194.87.239.255

10-06-2016 to 12-09-2016

0

93

151

33

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-A

193.124.131.27
Still open !

RU

 193.124.128.0 - 193.124.131.255

10-05-2016 to 11-03-2016

0

96

18

0

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

195.133.48.156
Not any more

RU

 195.133.48.0 - 195.133.49.255

10-21-2016 to 10-24-2016

0

25

0

0

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

194.87.238.222
Still closed as of July 14, 2018

RU

 194.87.236.0 - 194.87.239.255

10-19-2016 to 10-22-2016

0

16

0

0

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

194.87.236.152
Still open !

RU

 194.87.236.0 - 194.87.239.255

10-12-2016 to 10-15-2016

0

6

0

0

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

194.87.232.32
Still closed as of July 14, 2018

RU

 194.87.232.0 - 194.87.232.255

10-11-2016 to 10-14-2016

0

5

0

0

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0

AS48347-B

193.124.58.72
Now open as of July 14, 2018

RU

 193.124.56.0 - 193.124.59.255

09-02-2016 to 09-07-2016

4

0

0

0

0

0

0

0

0

0

0

0

0

0

0
0

0

0

0

0

0
0
0
0
 

 



Monthly Totals

4

261

673

873

1592

1217

1079

1124

1046

797

223

505

372


510


394
458
415
(corrected 7-19-2018)
471
(corrected 7-19-2018)
407
(corrected 7-19-2018)
245
(corrected 7-19-2018)
218
(corrected 7-19-2018)
273
(corrected 7-19-2018)
121
ended by 7-17-2018
0
AS48347-A = AS48347, AGR9-RIPE, ORG-RC3-RIPE























AS48347-B = AS48347, AK14258-RIPE, Alexey Khoroshilov

























Unknown Administrator going by the handle MRS1:

Administrator

IPv4

Is Port 3389 open ?

CC

Server address range

ActiveDates

Sep-16

Oct-16

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

Apr-17

May-17

Jun-17

Jul-17

Aug-17

Sep-17

Oct-17

Nov-17
Dec-17
Jan-18
Feb-18
Mar-18
Apr-18
May-18
Jun-18
Jul-18
Aug-18
AS48666, MRS1 185.125.219.13
Yes
RU
194.67.200.0 -
194.67.207.255

07-19-2018 to present
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
25 started 7-19-2018
55
AS48666, MRS1 194.67.207.9
Yes
RU
194.67.200.0 -
194.67.207.255

07-19-2018 to present 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 24 started 7-19-2018
59
AS48666, MRS1 194.67.207.94
Yes
RU
194.67.200.0 -
194.67.207.255

07-19-2018 to present 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 24 started 7-19-2018
59

AS48666, MRS1

193.124.176.156
Yes

RU

 193.124.176.0 -
193.124.183.255

07-10-2017 to present

0

0

0

0

0

0

0

0

0

0

0

0

0

55

42
46
32
46
57
37
24
22
49
51

AS48666, MRS1

193.124.179.180
Yes

RU

 193.124.176.0 -
193.124.183.255

06-23-2017 to present

0

0

0

0

0

0

0

0

0

19

62

84

55

52

36
36
19
46
30
19
7
15
25
26

AS48666, MRS1

194.67.210.77
Yes

RU

194.67.208.0 -
194.67.223.255

05-16-2017 to present

0

0

0

0

0

0

0

0

74

118

70

80

62

69

47
51
42
48
59
42
31
26
49
62

AS48666, MRS1

185.5.249.185
Yes

RU

185.5.249.0 -
185.5.249.255

05-16-2017 to present

0

0

0

0

0

0

0

0

69

127

73

81

60

67

49
51
48
53
59
48
33
30
53
61

AS48666, MRS1

185.125.219.134
Yes

RU

 185.125.218.0 -
185.125.219.255

04-23-2017 to present

0

0

0

0

0

0

0

37

113

129

72

85

43

60

40
37
21
42
40
27
16
17
32
43

AS48666, MRS1

193.124.190.64
Yes

RU

 193.124.184.0 -
193.124.191.255

04-24-2017 to  present

0

0

0

0

0

0

0

33

114

127

74

85

62

61

43
43
32
46
55
36
21
29
45
52
  All nine of the above 3389's were still open as of July 14, 2018 
 

Monthly Totals

0

0

0

0

0

0

0

70

446

520

351

415

282

364

257
264
194
281
300
209
132
139
328
468

Michel Clarisse, Administrator:

Administrator

IPv4

Is Port 3389 open ?

CC

Server address range

ActiveDates

Sep-16

Oct-16

Nov-16

Dec-16

Jan-17

Feb-17

Mar-17

Apr-17

May-17

Jun-17

Jul-17

Aug-17

Sep-17

Oct-17

Nov-17
Dec-17
Jan-18
Feb-18
Mar-18
Apr-18
May-18
Jun-18
Jul-18
Aug-18
AS204601, MC31466-RIPE 77.220.213.63
No - ten others
NL
77.220.213.0 -
77.220.213.127

08-23-2018 to present
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
AS204601, MC31466-RIPE 77.220.215.153
Yes
NL 77.220.215.128 -
77.220.215.255
07-19-2018 to present 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
25 started 7-19-2018
58
AS204601, MC31466-RIPE 185.203.240.129
Yes
NL 185.203.240.128 - 185.203.240.255
07-19-2018 to present 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
35 started 7-19-2018
61
AS204601, MC31466-RIPE 212.86.109.31
NO ! (22 & 5900)
NL 212.86.109.0 -
212.86.109.127
07-19-2018 to present 0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
27 started 7-19-2018
63
AS204601, MC31466-RIPE
77.220.214.180
Yes
NL
77.220.214.128 -
77.220.214.255
03-29-2018 to 07-31-2018
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2
39
43
46
79
0

AS24875, MC31466-RIPE

185.209.20.147
Yes

NL

 185.209.20.128 -
185.209.20.255

06-20-2017 to present

0

0

0

0

0

0

0

0

0

38

72

83

63

64

53
57
49
54
64
47
45
38
58
63

AS21100, MC31466-RIPE

178.159.39.237
Yes

NL

 178.159.39.128 -
178.159.39.255

04-07-2017 to present

0

0

0

0

0

0

0

100

108

115

77

86

65

69

61
55
51
53
70
44
39
38
59
64

AS24875, MC31466-RIPE

77.220.213.173
Yes

NL

 77.220.213.128 -
77.220.213.255

04-05-2017 to present

0

0

0

0

0

0

0

108

115

117

76

88

64

75

59
59
54
56
66
52
44
43
60
64

AS21100, MC31466-RIPE=

185.154.13.6
Yes

NL

185.154.13.0 -
185.154.13.255

12-13-2016 to present

0

0

0

97

150

130

98

132

115

118

78

84

64

71

60
56
51
53
77
47
40
34
59
63

AS50979, MC31466-RIPE

178.159.43.212
Yes

LV

 178.159.43.128 -
178.159.43.255

12-08-2016 to present

0

0

0

117

147

99

107

128

121

121

78

88

65

71

61
59
53
53
64
45
38
34
58
59
  All but two of the above 3389's  are open

 

Monthly Totals:

0

0

0

214

297

229

205

468

459

509

381

429

321

350

294
286
258
269
343
274
249
233
460
497
Note: Michel Clarisse's intermediary domains are mostly in Russia, Ukraine, or use the Cyrillic alphabet, just like those used by AS48347 & AS48666.
On the next page is an analysis of the patterns of Russian interference that suggest active efforts to infect US websites with malware to influence US opinion or to deny Internet services in the US.
To keep track of the various combinations of Sortie Participants, their sometimes generic hostnames, and their actual IPv4 Internet addresses, see this text file, current as of the end of August, 2018.