Introduction to Pin The Tale on the Donkey

Welcome to Pin the Tale on the Donkey !

This is an unabashedly liberal webpage, but I am introducing all of you to facts and correlations that I have found regarding the misinformation and bald-faced lies that have been circulating for far too long.

The first topic addresses the so-called "hacking" by Russia of the American Internet, for which I have found evidence by collecting the Raw Access files that my Internet Provider collects and has saved at my request for more than ten years. Those Russian miscreants were not active in these files until September of 2016, a couple of months before the 2016 election. The activity peaked in January of 2017 and continues to the present day. For example, here are the data for April, 2018 in a large, detailed webpage.

The analysis of Topic One is contained in the following pages:
Mode (this page); History; Patterns; Operation; Examples (AS9123); Examples (AS24940); Timing - Simultaneous Arrival of HEAD / HTTP requests; and the complete data set of HEAD / HTTP/1.1 requests from September 2016 through December 2017. The timing method is illuminated here. The potential for even greater harm is illustrated here. For those in a hurry, here are some graphs of what's going on. The data for January through August 2018 (which is a slow-loading, large file) indicate that the efforts to compromise our Internet continue.

There is another branch to the hacking business: Exploitation of weaknesses in the software of the popular website-creation program WordPress, including weak passwords, in order to take over the Internet servers on which the affected domains reside. See my analysis of the associated Raw Access Files of MiDomane.com for May 2018.

Direct your constructive comments & questions to:

Topic One; Mode of Russian Interference:

Meddling by certain individuals, particularly a couple of people in Russia and another person claiming an address in the Seychelles, has been ongoing since
September, 2016; the tables presented for just two days in December of 2017 below shows how these few folks have been hammering away at MiDomane.com
(anonymized with a generic domain name, of course), trying to uncover personal data and/or infiltrate Internet servers in the USA so as to capture these
servers to function as robots to disseminate false information and Me-Too opinions within Social Media.

The request that they are making is termed "HEAD /HTTP/1.1" of which the following is an example, anonymized:

HEAD http://www.MiDomane.com/pub/WWW/index.htm HTTP/1.1
406 Not Acceptable
Connection: close
Date: Sun, 17 Dec 2017 17:35:31 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1
Client-Date: Sun, 17 Dec 2017 17:35:30 GMT
Client-Peer: [MiDomane's IPv4 address & port number]
Client-Response-Num: 1

These requests & their requestors are blocked from access to MiDomane.com, so they cannot get any data from MiDomane.com, but they continue anyway,
because the requests are issued through an as-yet-unidentified robot which is likely to be trying this tactic on virtually all the domain names that they can
find. The requesters show no other interest in MiDomane.com and never request any of the HTM or JPG content of those webpages.

Here's the puzzle: The tables below show just two days worth of HEAD / HTTP attacks on MiDomane. Originally spreadsheets sorted strictly according to
the time stamps of the individual access requests, I have added spaces between some rows to delineate the groups, within each of which I can attribute the
requests to a specific person who is controlling all of the grouped servers.

Here are the functions of the columns in the first table:

Column 1 - IPv4 address of the requestor
Column 2 - Canonical name of the requestor's server
Column 3 - IPv4 address range in CIDR format for the requestor's server
Column 4 - Autonymous System Number for the requestor's server
Column 5 - Date & time stamp of the request
Column 6 - Protocol of the request
Column 7 - Error code (i.e. Forbidden)
Column 8 - Bytes transmitted to the requestor - null
Column 9 - URL of the Intermediary Domain through which the request was made
Column 10 - Country code of the Intermediary Domain (RU = Russia; UA = Ukraine; DE = Germany)
Column 11 - IPv4 address of the Intermediary Domain
Column 12 - IPv4 address range in CIDR format of the Intermediary Domain's hosting server
Column 13 - Autonymous System Number of the Intermediary Domain's server
Column 14 - User Agent claimed for the request

Note that Column 14 lists various versions of Microsoft Internet Explorer and of the Windows operating system; that suggests that the individuals controlling
the access requests in the first column are attempting to exploit flaws in the MSIE/Windows environment.

What is noticeable in Column 5 is that the individuals initiating each group of access requests are executing those requests through a select group of
Intermediary Domains (listed in Column 9) within one or two seconds during each flurry of access requests. That suggests to me that there is a master IPv4
address from which each flurry of access requests is initiated.

Note also that the few persons (three or four, it seems) are sharing intermediary [compromised] domains, many (but not all) hosted in the .RU or .UA
country code, so the same AS numbered servers are showing up in different flurries of HEAD / HTTP requests controlled by the three or four different persons.

Finally, questions:

1. Is there any way of finding out from the CIDR's AS numbers whether there are connections between the different but overlapping groups of AS-numbered
    servers in Columns 9 through 13 ?

2. Can one trace the routes between the various servers in Column 9 or the routes between the various servers in Column 1 (all different within each group
    of access requests, by the way, in spite of the similarity betweeen the canonical names) to find if there is another server or IP address common to all the
    servers in each group ?

The table below was prepared from data collected in the Raw Access File of MiDomane.com on December 15, 2017 and is representative of what has been
going on within MiDomane.com ever since September of 2016 and which is continuing to the present day.

Revelation ! During an hour-long conversation with my beloved brother, he came up with the equivalent of the ultimate anti-Internet weapon: After
accumulating the URLs of just about every page of every domain on the US Internet, the attacker will make a near-simultaneous request for each and
every one of those HTML files and JPG images at the key moment when Internet connectivity is most important to the US economy and/or security ...

Beware: There is every reason to believe that the URLs listed in the URL columns are not safe to visit ... but they and
others like them are likely to be the origins from which this ultimate Internet attack will be coming.

Searcher IP

Canonical Name

Server CIDR Range

AS Number

Column5

Column6

Col7

Col8

Do not visit these URL's if you have a Windows Operating System !

CC

Intermediary IP

Intermediary CIDR

Intermediary AS#

Column14

195.133.201.163

ptr.ruvds.com

195.133.201.0/24

AS48347

[15/Dec/2017:00:23:30

HEAD / HTTP/1.1

403

-

http://kabinet-online-sberbank.ru

RU

193.124.93.100

193.124.93.0/24

AS197695

Mozilla/4.0 (compatible; MSIE3.00; Windows 2003)

195.133.145.199

ptr.ruvds.com

195.133.144.0/22

AS48347

[15/Dec/2017:00:23:30

HEAD / HTTP/1.1

403

-

https://it36rus.ru/remont-noutbukov/samsung

RU

185.5.249.36

185.5.248.0/22

AS48666

Mozilla/2.0 (compatible; MSIE3.00; Windows 2004)

194.87.94.251

ptr.ruvds.com

194.87.92.0/22

AS48347

[15/Dec/2017:00:23:30

HEAD / HTTP/1.1

403

-

https://pamjatnik.com.ua/statji-o-pamjatnikah/66-instrukciya-po-ustanovke

UA

185.68.16.245

185.68.16.0/22

AS200000

Mozilla/5.0 (compatible; MSIE5.00; Windows 2003)

195.133.147.6

ptr.ruvds.com

195.133.144.0/22

AS48347

[15/Dec/2017:00:23:31

HEAD / HTTP/1.1

403

-

http://pitall.ru/

UA

31.131.18.85

31.131.18.0/24

AS56851

Mozilla/5.0 (compatible; MSIE4.00; Windows 2008)

194.87.236.223

unspecified.mtw.ru

194.87.236.0/22

AS48347

[15/Dec/2017:00:23:31

HEAD / HTTP/1.1

403

-

https://voronezh.spec-nout.ru/remont_noutbukov/remont_noutbukov_semiluki

RU

194.67.200.183

194.67.200.0/21

AS48666

Mozilla/7.0 (compatible; MSIE4.00; Windows 2002)

62.210.80.21

mx1.heimdall.net

62.210.0.0/16

AS12876

[15/Dec/2017:02:11:57

HEAD / HTTP/1.1

403

-

http://www.MiDomane.com

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28

62.210.80.21

mx1.heimdall.net

62.210.0.0/16

AS12876

[15/Dec/2017:02:12:01

HEAD / HTTP/1.1

403

-

http://www.MiDomane.com

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28

62.210.80.21

mx1.heimdall.net

62.210.0.0/16

AS12876

[15/Dec/2017:02:12:05

HEAD / HTTP/1.1

403

-

http://www.MiDomane.com

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28

52.0.75.78

...amazonaws.com

52.0.0.0/11

AT-88-Z

[15/Dec/2017:06:23:52

HEAD / HTTP/1.0

403

-

-

User-Agent: Drupal (+http://drupal.org/)

52.0.75.78

...amazonaws.com

52.0.0.0/11

AT-88-Z

[15/Dec/2017:06:24:02

HEAD / HTTP/1.0

403

-

-

User-Agent: Drupal (+http://drupal.org/)

194.87.94.251

ptr.ruvds.com

194.87.92.0/22

AS48347

[15/Dec/2017:18:53:40

HEAD / HTTP/1.1

403

-

http://uytdom.com.ua/respekt/

UA

185.68.16.182

185.68.16.0/22

AS200000

Mozilla/5.0 (compatible; MSIE2.00; Windows 2008)

194.87.236.223

unspecified.mtw.ru

194.87.236.0/22

AS48347

[15/Dec/2017:18:53:40

HEAD / HTTP/1.1

403

-

https://voronezh.spec-nout.ru/remont_noutbukov/ne_rabotaet_blyutuz

RU

194.67.200.183

194.67.200.0/21

AS48666

Mozilla/7.0 (compatible; MSIE2.00; Windows 2006)

195.133.201.163

ptr.ruvds.com

195.133.201.0/24

AS48347

[15/Dec/2017:18:53:40

HEAD / HTTP/1.1

403

-

http://kabinet-online-sberbank.ru

RU

193.124.93.100

193.124.93.0/24

AS197695

Mozilla/5.0 (compatible; MSIE3.00; Windows 2008)

195.133.147.6

ptr.ruvds.com

195.133.144.0/22

AS48347

[15/Dec/2017:18:53:41

HEAD / HTTP/1.1

403

-

http://xn----dtbbjn3acd8j.xn--p1ai/shop/shkafy-wity-boksy-korpusa/

RU

188.225.47.230

188.225.47.0/24

AS9123

Mozilla/5.0 (compatible; MSIE2.00; Windows 2004)

77.220.213.173

example.com

77.220.213.0/24

AS24875

[15/Dec/2017:21:18:52

HEAD / HTTP/1.1

403

-

http://o-ws.ru

RU

37.140.192.8

37.140.192.0/24

AS197695

Mozilla/2.0 (compatible; MSIE4.00; Windows 2002)

185.154.13.6

irobert.ballard.example.com

185.154.13.0/24

AS21100

[15/Dec/2017:21:18:53

HEAD / HTTP/1.1

403

-

http://expert-find.ru/mastera-po-remontu-holodilnikov

RU

194.67.194.12

194.67.194.0/23

AS48666

Mozilla/2.0 (compatible; MSIE3.00; Windows 2005)

178.159.43.212

piterskiyua.example.com.

178.159.43.0/24

AS50979

[15/Dec/2017:21:18:53

HEAD / HTTP/1.1

403

-

http://tekhno-remont.ru/kosmeticheskii-remont-kvartir

RU

87.236.19.96

87.236.19.0/24

AS198610

Mozilla/7.0 (compatible; MSIE5.00; Windows 2003)

185.209.20.147

example.com

185.209.20.0/24

AS24875

[15/Dec/2017:21:18:53

HEAD / HTTP/1.1

403

-

http://gugus.ru/catalog/velosipedy/

RU

90.156.201.42

90.156.192.0/19

AS25532

Mozilla/4.0 (compatible; MSIE6.00; Windows 2003)

178.159.39.237

kosromole1.example.com

178.159.39.0/24

AS21100

[15/Dec/2017:21:18:53

HEAD / HTTP/1.1

403

-

http://xn--80aabcsc3bqirlt.xn--p1ai/live-prognoz/

DE

85.25.95.149

85.25.0.0/16

AS8972

Mozilla/6.0 (compatible; MSIE4.00; Windows 2005)

193.124.131.168

ptr.5x00.com

193.124.128.0/22

AS48347

[15/Dec/2017:21:34:04

HEAD / HTTP/1.1

403

-

http://boltushkiclub.ru/vybiraem-teni-dlya-vek-pod-tsvet-glaz/

RU

193.124.179.252

193.124.176.0/20

AS48666

Mozilla/4.0 (compatible; MSIE2.00; Windows 2002)

194.87.103.12

unspecified.mtw.ru

194.87.102.0/23

AS48347

[15/Dec/2017:21:34:04

HEAD / HTTP/1.1

403

-

http://fotosuvenir-spb.ru/uslugi/kalendari-nastennye/

RU

5.101.152.142

5.101.152.0/24

AS198610

Mozilla/7.0 (compatible; MSIE5.00; Windows 2009)

195.133.145.199

ptr.ruvds.com

195.133.144.0/22

AS48347

[15/Dec/2017:21:34:04

HEAD / HTTP/1.1

403

-

https://it36rus.ru/opinions

RU

185.5.249.36

185.5.248.0/22

AS48666

Mozilla/3.0 (compatible; MSIE7.00; Windows 2008)

185.5.249.185

ih530199.vds.myihor.ru

185.5.248.0/22

AS48666

[15/Dec/2017:21:52:23

HEAD / HTTP/1.1

403

-

http://otzovikotdbix.ru/plyazhnyiy-otdyih-na-more-v-avguste-2016/

DE

94.130.91.36

94.130.0.0/16

AS24940

Mozilla/4.0 (compatible; MSIE4.00; Windows 2006)

193.124.176.156

ih710808.vds.myihor.ru

193.124.176.0/20

AS48666

[15/Dec/2017:21:52:24

HEAD / HTTP/1.1

403

-

http://wren-russia.ru/shop/hydraulic_cylinders/

RU

91.219.194.33

91.219.192.0/22

AS49693

Mozilla/2.0 (compatible; MSIE7.00; Windows 2003)

194.67.210.77

ih532246.vds.myihor.ru

194.67.208.0/20

AS48666

[15/Dec/2017:21:52:24

HEAD / HTTP/1.1

403

-

http://remont-smartwatch.in.ua/products/akb-smart-baby-watch

UA

185.68.16.103

185.68.16.0/22

AS200000

Mozilla/2.0 (compatible; MSIE4.00; Windows 2007)

193.124.190.64

ih507910.vds.myihor.ru

193.124.176.0/20

AS48666

[15/Dec/2017:21:52:24

HEAD / HTTP/1.1

403

-

https://masterskiboard.ru/fotogalereya

RU

109.120.162.1

109.120.128.0/18

AS30968

Mozilla/4.0 (compatible; MSIE2.00; Windows 2007)

More data, This time from the Recent Visitors log for December 18th: The timing is improving at AS48347 !

IPv4 Address	Canonical Name	Server CDIR	AS Number	Date Stamp 3	Error	Intermediary URL - Don't visit from a Windows operating system !	CC	Interm.IPv4	Interm.CIDR	Interm.AS No.	User Agent

178.159.39.237	kosromole1.example.com	178.159.39.0/24	AS21100	12/18/17, 5:01PM	403	http://www.rabota-biznes.com/category/kreditu-zaumu-mikrozaimu	DE	78.46.76.45	78.46.0.0/15	AS24940	... To Be Added ...
185.154.13.6	irobert.ballard.example.com	185.154.13.0/24	AS21100	12/18/17, 5:01PM	403	http://www.beton-area.com/category/postroyki	DE	78.46.76.45	78.46.0.0/15	AS24940	... To Be Added ...
185.209.20.147	example.com	185.209.20.0/24	AS24875	12/18/17, 5:01PM	403	https://flyontime.ru/tours/kupit-tur-v-tunis/	RU	92.53.114.107	92.53.114.0/24	AS9123	... To Be Added ...

194.87.94.251	ptr.ruvds.com	194.87.92.0/22	AS48347	12/18/17, 5:11PM	403	https://dinki.ru/brands/janome/	RU	37.140.192.234	37.140.192.0/24	AS197695	... To Be Added ...
193.124.131.168	ptr.5x00.com	193.124.128.0/22	AS48347	12/18/17, 5:11PM	403	http://dvervmoskvu.ru/Belie/	RU	80.87.200.224	80.87.200.0/23	AS29182	... To Be Added ...
195.133.201.163	ptr.ruvds.com	195.133.201.0/24	AS48347	12/18/17, 5:11PM	403	http://raithai-shop.ru/catalog/pantolety/	RU	89.108.122.49	89.108.122.0/24	AS43146	... To Be Added ...
194.87.103.12	unspecified.mtw.ru	194.87.102.0/23	AS48347	12/18/17, 5:11PM	403	https://gk-kvazar.ru/category/met/sst/	RU	31.31.203.77	31.31.203.0/24	AS39792	... To Be Added ...
195.133.145.199	ptr.ruvds.com	195.133.144.0/22	AS48347	12/18/17, 5:11PM	403	https://nashkomp.ru/category/telegram	RU	188.225.15.206	188.225.15.0/24	AS9123	... To Be Added ...
194.87.236.223	unspecified.mtw.ru	194.87.236.0/22	AS48347	12/18/17, 5:11PM	403	https://vseprobrak.ru/esli-muzh-pet-kazhduyu-pyatnitsu-s-druzyami-sovetyi-psihologa	RU	176.57.209.92	176.57.209.0/24	AS9123	... To Be Added ...
195.133.147.6	ptr.ruvds.com.	195.133.144.0/22	AS48347	12/18/17, 5:11PM	403	https://24sc-plus.ru/monoblok/47-udalenie-razlichnykh-virusov-s-kompyutera.html	RU	194.67.197.50	194.67.196.0/22	AS48666	... To Be Added ...

On the next page are the histories of this form of Russian interference carried on by the
three principal malefactors who account for most of this activity on MiDomane.com.

Topic Two - Examples of the Practice of Projection:

Webster's definition: The attribution of one's own ideas, feelings, or attitudes to other people or to objects; especially: the externalization of blame, guilt, or responsibility as a defense against anxiety.

In the political arena, it's the practice of attributing to one's opponent one's own asocial behavior.

Continue on the next page