Latest News › Forums › Discussion Forum › Wikispooks has vanished
- This topic has 82 replies, 1 voice, and was last updated 2 years, 3 months ago by Fat Jon.
-
AuthorPosts
-
Fat Jon
I see nothing about this online (I don’t expect the ignorant MSM to mention it), but the Wikispooks website has been unavailable for a few days now.
A very sinister development, I might suggest.
ClarkSeems to be failing DNS lookup:
clark@Old-HP:~$
whois wikispooks.com
Domain Name: WIKISPOOKS.COM
Registry Domain ID: 1591113666_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.joker.com
Registrar URL: http://www.joker.com
Updated Date: 2022-08-25T08:01:03Z
Creation Date: 2010-04-01T15:18:34Z
Registry Expiry Date: 2027-04-01T15:18:34Z
Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com
Registrar IANA ID: 113
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +49.21186767447
Domain Status: clientHold https://icann.org/epp#clientHold
Name Server: X.NS.JOKER.COM
Name Server: Y.NS.JOKER.COM
Name Server: Z.NS.JOKER.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/>>> Last update of whois database: 2022-08-29T12:42:53Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the registrar’s sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant’s agreement with the sponsoring registrar. Users may consult the sponsoring registrar’s Whois database to view the registrar’s reported date of expiration for this registration.
ClarkFat Jon:
– “the Wikispooks website has been unavailable for a few days now.”
whois output line 5:
– Updated Date: 2022-08-25T08:01:03Z
So maybe it went offline on the 25th, Thursday? The regular domain renewal date is April 1, so I don’t see what the update on Aug 25 was for.
ClarkI managed to get the IP address from the nameservers listed in the whois output:
clark@Old-HP:~$
nslookup wikispooks.com - Z.NS.JOKER.COM
Server: Z.NS.JOKER.COM
Address: 144.217.81.63#53Name: wikispooks.com
Address: 198.199.127.59clark@Old-HP:~$
nslookup wikispooks.com - Y.NS.JOKER.COM
Server: Y.NS.JOKER.COM
Address: 23.88.49.189#53Name: wikispooks.com
Address: 198.199.127.59clark@Old-HP:~$
nslookup wikispooks.com - X.NS.JOKER.COM
Server: X.NS.JOKER.COM
Address: 194.245.103.12#53Name: wikispooks.com
Address: 198.199.127.59clark@Old-HP:~$
ClarkBy adding the line:
198.199.127.59 wikispooks.com
to my /etc/hosts file I can access the site.
According to the main page, the latest edit was on Aug 24. That turns out to be when former diplomat Patrick Haseldine made an edit to his new page about Natalya Vovk. From that page:
– “Natalya Pavlovna Vovk (née Shaban) is a Ukrainian national who has been designated as the main suspect of murdering the Russian journalist Darya Dugina on 20 August 2022.”
Incidentally, I see that Patrick Haseldine has been sanitised from Wikipedia.
ClarkNote whois output line 12:
– Domain Status: clientHold https://icann.org/epp#clientHold
From the link in that line:
– Client Status Codes are Set by Your Domain’s Registrar
– clientHold – client hold
– This status code tells your domain’s registry to not activate your domain in the DNS and as a consequence, it will not resolve. It is an uncommon status that is usually enacted during legal disputes, non-payment, or when your domain is subject to deletion.
– Often, this status indicates an issue with your domain that needs resolution. If so, you should contact your registrar to resolve the issue. If your domain does not have any issues, but you need it to resolve, you must first contact your registrar and request that they remove this status code.
ClarkSo it looks like Wikispook’s domain registrar CSL Computer Service Langenbach GmbH (joker.com) disabled DNS lookup to the site on Aug 25. The site’s server is up and running but joker.com’s nameservers won’t tell our browsers its IP address.
Fat Jon“By adding the line:
198.199.127.59 wikispooks.com
to my /etc/hosts file I can access the site.”This didn’t work for me, or at least I saw the page for a split second before it came up with the error ‘page not found message’. I tried various routes through Tor but still no luck.
It would appear that some bullies in their bunkers don’t want us to know that the prime suspect for the murder of Darya Dugina is Ukrainian. We must all love the wonderful law abiding Ukrainians – apparently.
OscarOn reddit the subject has been discussed but nobody knows anything about it.
If there had been “non-payment” to CSL/Yoker, the hosting would have fallen, not the domain (it can be said that it is a kind of “domain hijacking”).
@Clark, as you has said, the three DNS servers do not seem to be responding: two are in Germany (one belongs to CSL -yoker.com- which is the company with which they have the domain and hosting, and the other to Hetzner) and one in Canada (OVH). The address you propose does not correspond to any of these three IPs.The IP address you propose is from Amsterdam (Netherlands), and it seems to be a MIRROR SITE. As far as I know, we cannot know if this site is reliable and legitimate or not. Could you tell us where you got it from and whether it is reliable?
OscarASSUMING that it really is a mirror site, and is TRUSTWORTHY, we can conclude several things:
(1) The last modification to the wiki before its “disappearance” is an article dedicated to
– Natalya Vovk, “a Ukrainian national who has been designated as the main suspect of murdering the Russian journalist Darya Dugina on 20 August 2022”.
(2) There have been two article modifications on the 29th. This is important: it tooks place ON THAT MIRROR SITE. Again we face the question of whether it is reliable. The articles in question modified ON THAT MIRROR SITE are:
– Darya Dugin, “the daughter of Aleksandr Dugin and, according to the CCM, a journalist for Russian state-sponsored news agencies (…) assassinated in Moscow via a car-bomb or some other incendiary device planted in the Toyota Land Cruiser she had been driving”, and
– Myrotvorets, “a Kyiv-based, allegedly ‘NATO-backed’ (see section Technical aspects) website, that publishes an Ukrainian kill list which contains personal information, including addresses, of people who are considered ‘enemies of Ukraine'”.
I have contacted the site administrator but have not received a reply. We need to know what has happened, if it will be back online and if the address Clark has given us is reliable.
In any case, what seems certain is that we are dealing with an intelligence issue related to the current war in Ukraine.
Oscar@Clark, I can’t (or don’t know how to) replicate your actions in the command terminal, neither on Linux nor on Windows. There is no way I can get the IP address that everything seems to point to. Could you give me a hand? Thanks.
ClarkFat Jon:
adding an entry to file /etc/hosts is a trick that works on GNU/Linux systems. It’s still working for me today. I’m using an old version of Ubuntu Studio. If you post what system you’re using I’ll try to figure out why it works only momentarily for you.
TOR can’t help – my success reaching the site shows that internet access to the site has not been restricted or blocked; the site just can’t be looked up by the DNS system, like removing someone’s entry from the telephone directory.
We shouldn’t assume that the Darya Dugina article has necessarily motivated a censorship attempt – though I agree that is likely. But the decision to censor might have been taken weeks or months ago. Or it might be just a screw-up.
ClarkOscar, just a mo…
ClarkOscar, please link to the discussion on reddit; maybe copy some of this discussion or post a link to it there.
– “If there had been “non-payment” to CSL/Yoker, the hosting would have fallen, not the domain…”
Yes, that’s what I figure too.
ClarkLook again at the output from the command nslookup which I posted above. Here is the first of those requests which I posted:
nslookup wikispooks.com – Z.NS.JOKER.COM
That command instructs the program nslookup to query the nameserver “Z.NS.JOKER.COM” for the IP address of “wikispooks.com”; the dash “-” is part of the command. You can get instructions for nslookup using the following command:
man nslookup
“man” is the command for “manual” ie. the instruction manual.
Joker.com run three nameservers, prefixed X, Y and Z. That’s why I ran the command three times. In each case, the first IP address returned is the IP address of the nameserver, which is why they’re all different. The second IP address is that of the target, in our case wikispooks.com. You can see that all three nameservers responded, and they all returned the same IP address:
198.199.127.59
That’s where I got the IP address. Possibly Wikispook’s server is in Amsterdam. But it does seem to be the proper site – unless all three of joker.com’s nameservers were changed to point at a mirror, AND the domain was placed in clientHold status to stop it working as well, AND whoever did it left embarrassing information about Ukraine on the copy they made for the mirror.
I’ll now read through the rest of your posts more carefully…
ET“By adding the line:
198.199.127.59 wikispooks.com
to my /etc/hosts file I can access the site.”That works for me. Whatever program you are using to open the file C:\Windows\System32\drivers\etc\hosts (i.e. Notepad or a Notepad alternative) must be “run as administrator” and also if you had previously set that file to read only you’d have to change that so it can be saved to.
ClarkOscar:
what I actually typed at the terminal was:
nslookup wikispooks.com - Z.NS.JOKER.COM
…and pressed the enter key.
clark@Old-HP:~$
…is just the prompt on my system. I used the command three times, once each for Z.NS.JOKER.COM, Y.NS.JOKER.COM and X.NS.JOKER.COM, the addresses for joker.com’s three nameservers. I got these from my original whois command, as seen in my August 29, 13:52 post.
You can get instructions for commands using “man”. For instance, I thought the command I needed was “lookup”, but that does something else. So I tried:
man -k lookup
“-k” means “about” or “apropos”, so the man program looks through the manuals for all the other commands, and displays a summary of all mentions of “lookup”. That enabled me to find the nslookup program, so I looked up how to use it with this command:
man nslookup
Right near the top it tells us:
SYNOPSIS
nslookup [-option] [name | -] [server]…and a bit further down, in “ARGUMENTS” it says:
Non-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
So I see that I actually typed the command wrong – I shouldn’t have included the dash/hyphen/minus sign. But I just ran the commands again without the hyphens and they produced output identical to last time.
I hope that helps!
If you post further queries, please post:
- What you did,
- What you expected to happen,
- What actually happened.
OscarThank you very much for the details, my friend.
I’m sorry I was suspicious, but given the subject matter….
I had been doing it from my main laptop, where I use a VPN. Somehow that fact must have played a part, as I basically wrote
oscar@Oscar:~$
nslookup wikispooks.com X.NS.JOKER.COM
… and literally nothing happened. I tried another computer without VPN and it returned the same as you. By the way I have learned more commands and useful things.
So thank you very, very much also for allowing us to find the key to access the website. 🙂
The domain status is very unusual, what do you think could have happened?
Let’s hope that Wikispooks will be back soon… Anyway, what happened was to be expected.. And what we have left…
Cheer up everyone. We are only drops in a vast ocean… but a multitude of drops can generate real tsunamis.
OscarReddit r/conspiracy: Is Wikispooks down for good?
ClarkSuspicion is entirely justified, always in foreign policy matters but especially now with the war. It’s just important to keep an open mind, especially about precisely what may have been censored. For instance, it may not be the Darya Dugina article at all; that might be just coincidence and the real motivation is something else entirely on the site. Or it might be just the site’s general angle on the war.
– “The domain status is very unusual, what do you think could have happened?”
Setting the domain to clientHold status looks to me like a way of censoring the site temporarily without going through legal channels. Wikispooks have paid for their domain registration, and that carries weight in the courts; if joker.com just cancel the registration they’re in breach of contract. From its description from ICANN (see my comment of Aug 29, 15:14), clientHold is usually temporary. Joker.com could just claim that they imposed clientHold because they couldn’t find records of Wikispooks’ payment.
– – – – – –On your VPNed laptop, did the prompt get displayed on the next line after you pressed Enter? If not, maybe nslookup went into interactive mode, and was waiting for further input. I’d expect nslookup to produce some output, VPN or none, but I’m not experienced in these things, just winging it.
ClarkOscar, thanks for the link to the reddit thread.
As it mentions there, there is also wikispooks.org and I just checked, it is still working. So if this is a censorship attempt, it’s highly inept – but then the pro-war parties are bloated and drunk on their own influence.
clark@Old-HP:~$
<code>whois wikispooks.org
Domain Name: wikispooks.org
Registry Domain ID: a65fa8ed68fb4bea9012977232853ce7-LROR
Registrar WHOIS Server: whois.meshdigital.com
Registrar URL: http://www.domainmonster.com
Updated Date: 2022-06-01T23:28:19Z
Creation Date: 2010-05-27T11:08:13Z
Registry Expiry Date: 2023-05-27T11:08:13Z
Registrar: Mesh Digital Limited
Registrar IANA ID: 1390
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +44.1483304030
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: identity-secured.com
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: GB
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
Name Server: ns45.domaincontrol.com
Name Server: ns46.domaincontrol.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2022-08-30T15:45:45Z <<<For more information on Whois status codes, please visit https://icann.org/epp
ClarkDifferent registrar, different nameservers, and not on clientHold status.
Patrick Haseldine seemed to be editing quite busily until wikispooks.com became unavailable. I wonder if he knows that he can access the site via wikispooks.org instead?
ClarkOops. Me, 16:49
– “…there is also wikispooks.org and I just checked, it is still working.”
Wikispooks.org just redirects to wikispooks.com/wiki/Main_Page, so it’s only working for me because of the line I added to my /etc/hosts file.
ClarkI have used the Wikispooks’ “Request account” page/form to try to alert them to the outage. I gave my real e-mail address; the confirmation e-mail had arrived when I checked minutes later, I clicked the confirmation link in the e-mail which led to a confirmation page at wikispooks.com. I’ll post here if I get any e-mail from Wikispooks. Here’s what I wrote:
– PLEASE DO NOT CREATE AN ACCOUNT FOR ME!
– I am merely using this form to contact you. Do you know that the site has become inaccessible? DNS Lookup is failing, see discussion here:
with a link to this page.
OscarRegarding my laptop with VPN, as you can see in the following image (i.imgur.com/sMApozN.jpg), absolutely nothing happened and I was returned to the prompt. When I took the screenshot with the three servers I saw that one (the one belonging to CSL/Joker) returned a message and sent me back to the prompt. As I say, the only difference between the computer whose command line returned the same as yours and the one that doesn’t is the use of VPN. I don’t know why (I use Linux but I’m not a “pro”).
Forgive my ignorance, but…. who is Patrick Haseldine? You’ve quoted him a couple of times already… and you said he was active.
I wasn’t a regular visitor to Wikispooks, although I regularly downloaded the latest backup… It’s a repository of information that I was going to start using profusely from September onwards.
I confess too that this is the first time I have visited this website and it was because I was looking for Wikispooks.
Let’s hope to have some answer about what happened soon.
By the way… do you know ISGP (isgp-studies.com)? I don’t share many of the views of the author and webmaster, but it certainly makes an interesting mapping of world power and important issues.
Hopefully the domain will be up and running as soon as possible. Failing that, let’s hope the site stays online and people know how to access it…
Thanks for everything @Clark.
C.
-
AuthorPosts