Wikispooks has vanished


Latest News Forums Discussion Forum Wikispooks has vanished

Viewing 25 posts - 1 through 25 (of 83 total)
  • Author
    Posts
  • #87858 Reply
    Fat Jon

      I see nothing about this online (I don’t expect the ignorant MSM to mention it), but the Wikispooks website has been unavailable for a few days now.

      A very sinister development, I might suggest.

      #87859 Reply
      Clark

        Seems to be failing DNS lookup:

        clark@Old-HP:~$ whois wikispooks.com

        Domain Name: WIKISPOOKS.COM
        Registry Domain ID: 1591113666_DOMAIN_COM-VRSN
        Registrar WHOIS Server: whois.joker.com
        Registrar URL: http://www.joker.com
        Updated Date: 2022-08-25T08:01:03Z
        Creation Date: 2010-04-01T15:18:34Z
        Registry Expiry Date: 2027-04-01T15:18:34Z
        Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com
        Registrar IANA ID: 113
        Registrar Abuse Contact Email: [email protected]
        Registrar Abuse Contact Phone: +49.21186767447
        Domain Status: clientHold https://icann.org/epp#clientHold
        Name Server: X.NS.JOKER.COM
        Name Server: Y.NS.JOKER.COM
        Name Server: Z.NS.JOKER.COM
        DNSSEC: unsigned
        URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

        >>> Last update of whois database: 2022-08-29T12:42:53Z <<<

        For more information on Whois status codes, please visit https://icann.org/epp

        NOTICE: The expiration date displayed in this record is the date the registrar’s sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant’s agreement with the sponsoring registrar. Users may consult the sponsoring registrar’s Whois database to view the registrar’s reported date of expiration for this registration.

        #87860 Reply
        Clark

          Fat Jon:

          “the Wikispooks website has been unavailable for a few days now.”

          whois output line 5:

          Updated Date: 2022-08-25T08:01:03Z

          So maybe it went offline on the 25th, Thursday? The regular domain renewal date is April 1, so I don’t see what the update on Aug 25 was for.

          #87861 Reply
          Clark

            I managed to get the IP address from the nameservers listed in the whois output:

            clark@Old-HP:~$ nslookup wikispooks.com - Z.NS.JOKER.COM

            Server: Z.NS.JOKER.COM
            Address: 144.217.81.63#53

            Name: wikispooks.com
            Address: 198.199.127.59

            clark@Old-HP:~$ nslookup wikispooks.com - Y.NS.JOKER.COM

            Server: Y.NS.JOKER.COM
            Address: 23.88.49.189#53

            Name: wikispooks.com
            Address: 198.199.127.59

            clark@Old-HP:~$ nslookup wikispooks.com - X.NS.JOKER.COM

            Server: X.NS.JOKER.COM
            Address: 194.245.103.12#53

            Name: wikispooks.com
            Address: 198.199.127.59

            clark@Old-HP:~$

            • This reply was modified 2 years, 3 months ago by modbot.
            • This reply was modified 2 years, 3 months ago by modbot.
            • This reply was modified 2 years, 3 months ago by modbot.
            #87868 Reply
            Clark

              By adding the line:

              198.199.127.59 wikispooks.com

              to my /etc/hosts file I can access the site.

              According to the main page, the latest edit was on Aug 24. That turns out to be when former diplomat Patrick Haseldine made an edit to his new page about Natalya Vovk. From that page:

              “Natalya Pavlovna Vovk (née Shaban) is a Ukrainian national who has been designated as the main suspect of murdering the Russian journalist Darya Dugina on 20 August 2022.”

              Incidentally, I see that Patrick Haseldine has been sanitised from Wikipedia.

              #87869 Reply
              Clark

                Note whois output line 12:

                Domain Status: clientHold https://icann.org/epp#clientHold

                From the link in that line:

                – Client Status Codes are Set by Your Domain’s Registrar

                – clientHold – client hold

                – This status code tells your domain’s registry to not activate your domain in the DNS and as a consequence, it will not resolve. It is an uncommon status that is usually enacted during legal disputes, non-payment, or when your domain is subject to deletion.

                – Often, this status indicates an issue with your domain that needs resolution. If so, you should contact your registrar to resolve the issue. If your domain does not have any issues, but you need it to resolve, you must first contact your registrar and request that they remove this status code.

                #87873 Reply
                Clark

                  So it looks like Wikispook’s domain registrar CSL Computer Service Langenbach GmbH (joker.com) disabled DNS lookup to the site on Aug 25. The site’s server is up and running but joker.com’s nameservers won’t tell our browsers its IP address.

                  #87879 Reply
                  Fat Jon

                    @Clark

                    “By adding the line:
                    198.199.127.59 wikispooks.com
                    to my /etc/hosts file I can access the site.”

                    This didn’t work for me, or at least I saw the page for a split second before it came up with the error ‘page not found message’. I tried various routes through Tor but still no luck.

                    It would appear that some bullies in their bunkers don’t want us to know that the prime suspect for the murder of Darya Dugina is Ukrainian. We must all love the wonderful law abiding Ukrainians – apparently.

                    #87883 Reply
                    Oscar

                      On reddit the subject has been discussed but nobody knows anything about it.

                      If there had been “non-payment” to CSL/Yoker, the hosting would have fallen, not the domain (it can be said that it is a kind of “domain hijacking”).


                      @Clark
                      , as you has said, the three DNS servers do not seem to be responding: two are in Germany (one belongs to CSL -yoker.com- which is the company with which they have the domain and hosting, and the other to Hetzner) and one in Canada (OVH). The address you propose does not correspond to any of these three IPs.

                      The IP address you propose is from Amsterdam (Netherlands), and it seems to be a MIRROR SITE. As far as I know, we cannot know if this site is reliable and legitimate or not. Could you tell us where you got it from and whether it is reliable?

                      #87884 Reply
                      Oscar

                        ASSUMING that it really is a mirror site, and is TRUSTWORTHY, we can conclude several things:

                        (1) The last modification to the wiki before its “disappearance” is an article dedicated to

                        – Natalya Vovk, “a Ukrainian national who has been designated as the main suspect of murdering the Russian journalist Darya Dugina on 20 August 2022”.

                        (2) There have been two article modifications on the 29th. This is important: it tooks place ON THAT MIRROR SITE. Again we face the question of whether it is reliable. The articles in question modified ON THAT MIRROR SITE are:

                        – Darya Dugin, “the daughter of Aleksandr Dugin and, according to the CCM, a journalist for Russian state-sponsored news agencies (…) assassinated in Moscow via a car-bomb or some other incendiary device planted in the Toyota Land Cruiser she had been driving”, and

                        – Myrotvorets, “a Kyiv-based, allegedly ‘NATO-backed’ (see section Technical aspects) website, that publishes an Ukrainian kill list which contains personal information, including addresses, of people who are considered ‘enemies of Ukraine'”.

                        I have contacted the site administrator but have not received a reply. We need to know what has happened, if it will be back online and if the address Clark has given us is reliable.

                        In any case, what seems certain is that we are dealing with an intelligence issue related to the current war in Ukraine.

                        #87887 Reply
                        Oscar

                          @Clark, I can’t (or don’t know how to) replicate your actions in the command terminal, neither on Linux nor on Windows. There is no way I can get the IP address that everything seems to point to. Could you give me a hand? Thanks.

                          #87889 Reply
                          Clark

                            Fat Jon:

                            adding an entry to file /etc/hosts is a trick that works on GNU/Linux systems. It’s still working for me today. I’m using an old version of Ubuntu Studio. If you post what system you’re using I’ll try to figure out why it works only momentarily for you.

                            TOR can’t help – my success reaching the site shows that internet access to the site has not been restricted or blocked; the site just can’t be looked up by the DNS system, like removing someone’s entry from the telephone directory.

                            We shouldn’t assume that the Darya Dugina article has necessarily motivated a censorship attempt – though I agree that is likely. But the decision to censor might have been taken weeks or months ago. Or it might be just a screw-up.

                            #87890 Reply
                            Clark

                              Oscar, just a mo…

                              #87891 Reply
                              Clark

                                Oscar, please link to the discussion on reddit; maybe copy some of this discussion or post a link to it there.

                                “If there had been “non-payment” to CSL/Yoker, the hosting would have fallen, not the domain…”

                                Yes, that’s what I figure too.

                                #87892 Reply
                                Clark

                                  Look again at the output from the command nslookup which I posted above. Here is the first of those requests which I posted:

                                  nslookup wikispooks.com – Z.NS.JOKER.COM

                                  That command instructs the program nslookup to query the nameserver “Z.NS.JOKER.COM” for the IP address of “wikispooks.com”; the dash “-” is part of the command. You can get instructions for nslookup using the following command:

                                  man nslookup

                                  “man” is the command for “manual” ie. the instruction manual.

                                  Joker.com run three nameservers, prefixed X, Y and Z. That’s why I ran the command three times. In each case, the first IP address returned is the IP address of the nameserver, which is why they’re all different. The second IP address is that of the target, in our case wikispooks.com. You can see that all three nameservers responded, and they all returned the same IP address:

                                  198.199.127.59

                                  That’s where I got the IP address. Possibly Wikispook’s server is in Amsterdam. But it does seem to be the proper site – unless all three of joker.com’s nameservers were changed to point at a mirror, AND the domain was placed in clientHold status to stop it working as well, AND whoever did it left embarrassing information about Ukraine on the copy they made for the mirror.

                                  I’ll now read through the rest of your posts more carefully…

                                  #87894 Reply
                                  ET

                                    “By adding the line:
                                    198.199.127.59 wikispooks.com
                                    to my /etc/hosts file I can access the site.”

                                    That works for me. Whatever program you are using to open the file C:\Windows\System32\drivers\etc\hosts (i.e. Notepad or a Notepad alternative) must be “run as administrator” and also if you had previously set that file to read only you’d have to change that so it can be saved to.

                                    #87896 Reply
                                    Clark

                                      Oscar:

                                      what I actually typed at the terminal was:

                                      nslookup wikispooks.com - Z.NS.JOKER.COM

                                      …and pressed the enter key.

                                      clark@Old-HP:~$

                                      …is just the prompt on my system. I used the command three times, once each for Z.NS.JOKER.COM, Y.NS.JOKER.COM and X.NS.JOKER.COM, the addresses for joker.com’s three nameservers. I got these from my original whois command, as seen in my August 29, 13:52 post.

                                      You can get instructions for commands using “man”. For instance, I thought the command I needed was “lookup”, but that does something else. So I tried:

                                      man -k lookup

                                      “-k” means “about” or “apropos”, so the man program looks through the manuals for all the other commands, and displays a summary of all mentions of “lookup”. That enabled me to find the nslookup program, so I looked up how to use it with this command:

                                      man nslookup

                                      Right near the top it tells us:

                                      SYNOPSIS
                                      nslookup [-option] [name | -] [server]

                                      …and a bit further down, in “ARGUMENTS” it says:

                                      Non-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.

                                      So I see that I actually typed the command wrong – I shouldn’t have included the dash/hyphen/minus sign. But I just ran the commands again without the hyphens and they produced output identical to last time.

                                      I hope that helps!

                                      If you post further queries, please post:

                                      • What you did,
                                      • What you expected to happen,
                                      • What actually happened.
                                      #87900 Reply
                                      Oscar

                                        Thank you very much for the details, my friend.

                                        I’m sorry I was suspicious, but given the subject matter….

                                        I had been doing it from my main laptop, where I use a VPN. Somehow that fact must have played a part, as I basically wrote

                                        oscar@Oscar:~$ nslookup wikispooks.com X.NS.JOKER.COM

                                        … and literally nothing happened. I tried another computer without VPN and it returned the same as you. By the way I have learned more commands and useful things.

                                        So thank you very, very much also for allowing us to find the key to access the website. 🙂

                                        The domain status is very unusual, what do you think could have happened?

                                        Let’s hope that Wikispooks will be back soon… Anyway, what happened was to be expected.. And what we have left…

                                        Cheer up everyone. We are only drops in a vast ocean… but a multitude of drops can generate real tsunamis.

                                        #87903 Reply
                                        Oscar
                                          #87909 Reply
                                          Clark

                                            Suspicion is entirely justified, always in foreign policy matters but especially now with the war. It’s just important to keep an open mind, especially about precisely what may have been censored. For instance, it may not be the Darya Dugina article at all; that might be just coincidence and the real motivation is something else entirely on the site. Or it might be just the site’s general angle on the war.

                                            “The domain status is very unusual, what do you think could have happened?”

                                            Setting the domain to clientHold status looks to me like a way of censoring the site temporarily without going through legal channels. Wikispooks have paid for their domain registration, and that carries weight in the courts; if joker.com just cancel the registration they’re in breach of contract. From its description from ICANN (see my comment of Aug 29, 15:14), clientHold is usually temporary. Joker.com could just claim that they imposed clientHold because they couldn’t find records of Wikispooks’ payment.
                                            – – – – – –

                                            On your VPNed laptop, did the prompt get displayed on the next line after you pressed Enter? If not, maybe nslookup went into interactive mode, and was waiting for further input. I’d expect nslookup to produce some output, VPN or none, but I’m not experienced in these things, just winging it.

                                            #87910 Reply
                                            Clark

                                              Oscar, thanks for the link to the reddit thread.

                                              As it mentions there, there is also wikispooks.org and I just checked, it is still working. So if this is a censorship attempt, it’s highly inept – but then the pro-war parties are bloated and drunk on their own influence.

                                              clark@Old-HP:~$ <code>whois wikispooks.org

                                              Domain Name: wikispooks.org
                                              Registry Domain ID: a65fa8ed68fb4bea9012977232853ce7-LROR
                                              Registrar WHOIS Server: whois.meshdigital.com
                                              Registrar URL: http://www.domainmonster.com
                                              Updated Date: 2022-06-01T23:28:19Z
                                              Creation Date: 2010-05-27T11:08:13Z
                                              Registry Expiry Date: 2023-05-27T11:08:13Z
                                              Registrar: Mesh Digital Limited
                                              Registrar IANA ID: 1390
                                              Registrar Abuse Contact Email: [email protected]
                                              Registrar Abuse Contact Phone: +44.1483304030
                                              Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
                                              Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
                                              Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
                                              Registry Registrant ID: REDACTED FOR PRIVACY
                                              Registrant Name: REDACTED FOR PRIVACY
                                              Registrant Organization: identity-secured.com
                                              Registrant Street: REDACTED FOR PRIVACY
                                              Registrant City: REDACTED FOR PRIVACY
                                              Registrant State/Province:
                                              Registrant Postal Code: REDACTED FOR PRIVACY
                                              Registrant Country: GB
                                              Registrant Phone: REDACTED FOR PRIVACY
                                              Registrant Phone Ext: REDACTED FOR PRIVACY
                                              Registrant Fax: REDACTED FOR PRIVACY
                                              Registrant Fax Ext: REDACTED FOR PRIVACY
                                              Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
                                              Registry Admin ID: REDACTED FOR PRIVACY
                                              Admin Name: REDACTED FOR PRIVACY
                                              Admin Organization: REDACTED FOR PRIVACY
                                              Admin Street: REDACTED FOR PRIVACY
                                              Admin City: REDACTED FOR PRIVACY
                                              Admin State/Province: REDACTED FOR PRIVACY
                                              Admin Postal Code: REDACTED FOR PRIVACY
                                              Admin Country: REDACTED FOR PRIVACY
                                              Admin Phone: REDACTED FOR PRIVACY
                                              Admin Phone Ext: REDACTED FOR PRIVACY
                                              Admin Fax: REDACTED FOR PRIVACY
                                              Admin Fax Ext: REDACTED FOR PRIVACY
                                              Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
                                              Registry Tech ID: REDACTED FOR PRIVACY
                                              Tech Name: REDACTED FOR PRIVACY
                                              Tech Organization: REDACTED FOR PRIVACY
                                              Tech Street: REDACTED FOR PRIVACY
                                              Tech City: REDACTED FOR PRIVACY
                                              Tech State/Province: REDACTED FOR PRIVACY
                                              Tech Postal Code: REDACTED FOR PRIVACY
                                              Tech Country: REDACTED FOR PRIVACY
                                              Tech Phone: REDACTED FOR PRIVACY
                                              Tech Phone Ext: REDACTED FOR PRIVACY
                                              Tech Fax: REDACTED FOR PRIVACY
                                              Tech Fax Ext: REDACTED FOR PRIVACY
                                              Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
                                              Name Server: ns45.domaincontrol.com
                                              Name Server: ns46.domaincontrol.com
                                              DNSSEC: unsigned
                                              URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
                                              >>> Last update of WHOIS database: 2022-08-30T15:45:45Z <<<

                                              For more information on Whois status codes, please visit https://icann.org/epp

                                              #87911 Reply
                                              Clark

                                                Different registrar, different nameservers, and not on clientHold status.

                                                Patrick Haseldine seemed to be editing quite busily until wikispooks.com became unavailable. I wonder if he knows that he can access the site via wikispooks.org instead?

                                                #87912 Reply
                                                Clark

                                                  Oops. Me, 16:49

                                                  “…there is also wikispooks.org and I just checked, it is still working.”

                                                  Wikispooks.org just redirects to wikispooks.com/wiki/Main_Page, so it’s only working for me because of the line I added to my /etc/hosts file.

                                                  #87914 Reply
                                                  Clark

                                                    I have used the Wikispooks’ “Request account” page/form to try to alert them to the outage. I gave my real e-mail address; the confirmation e-mail had arrived when I checked minutes later, I clicked the confirmation link in the e-mail which led to a confirmation page at wikispooks.com. I’ll post here if I get any e-mail from Wikispooks. Here’s what I wrote:

                                                    – PLEASE DO NOT CREATE AN ACCOUNT FOR ME!

                                                    – I am merely using this form to contact you. Do you know that the site has become inaccessible? DNS Lookup is failing, see discussion here:

                                                    with a link to this page.

                                                    #87920 Reply
                                                    Oscar

                                                      Regarding my laptop with VPN, as you can see in the following image (i.imgur.com/sMApozN.jpg), absolutely nothing happened and I was returned to the prompt. When I took the screenshot with the three servers I saw that one (the one belonging to CSL/Joker) returned a message and sent me back to the prompt. As I say, the only difference between the computer whose command line returned the same as yours and the one that doesn’t is the use of VPN. I don’t know why (I use Linux but I’m not a “pro”).

                                                      Forgive my ignorance, but…. who is Patrick Haseldine? You’ve quoted him a couple of times already… and you said he was active.

                                                      I wasn’t a regular visitor to Wikispooks, although I regularly downloaded the latest backup… It’s a repository of information that I was going to start using profusely from September onwards.

                                                      I confess too that this is the first time I have visited this website and it was because I was looking for Wikispooks.

                                                      Let’s hope to have some answer about what happened soon.

                                                      By the way… do you know ISGP (isgp-studies.com)? I don’t share many of the views of the author and webmaster, but it certainly makes an interesting mapping of world power and important issues.

                                                      Hopefully the domain will be up and running as soon as possible. Failing that, let’s hope the site stays online and people know how to access it…

                                                      Thanks for everything @Clark.

                                                      C.

                                                    Viewing 25 posts - 1 through 25 (of 83 total)
                                                    Reply To: Wikispooks has vanished
                                                    Your information: