Блокировка doxajournal.ru на ТСПУ

Internet censorship all around the world Russia
1

Сайт блокируют на ТСПУ, причем только по HTTPS: в отличие от блокировки, например, the insider, соединение не разрывается, а висит бесконечно долго (как в случае с Twitter/Facebook).
При HTTPS-запросе со SNI doxajournal.ru на другой, не заблокированный IP-адрес, соединение разрывается.

Кроме блокировки, кто-то угнал сайт около 15 минут назад: сначала была страница-заглушка сервиса Tilda, позже сменившаяся текстом «здесь был фокси». Похоже на domain takeover в самом сервисе. DNS при этом по прежнему указывают на Cloudflare.

% curl http://doxajournal.ru -v
*   Trying 172.67.42.88:80...
* Connected to doxajournal.ru (172.67.42.88) port 80 (#0)
> GET / HTTP/1.1
> Host: doxajournal.ru
> User-Agent: curl/7.80.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Date: Mon, 28 Feb 2022 13:50:56 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Mon, 28 Feb 2022 14:50:56 GMT
< Location: https://doxajournal.ru/
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 6e4a1ff06d06169f-DME
< 
* Connection #0 to host doxajournal.ru left intact

% curl https://doxajournal.ru -v
*   Trying 172.67.42.88:443...
* Connected to doxajournal.ru (172.67.42.88) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
^C

% curl https://doxajournal.ru --connect-to ::31.220.5.43 -v
* Connecting to hostname: 31.220.5.43
*   Trying 31.220.5.43:443...
* Connected to 31.220.5.43 (31.220.5.43) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: Connection reset by peer in connection to doxajournal.ru:443 
* Closing connection 0
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to doxajournal.ru:443

doxajournal.ru_28.02.2022.pcapng (9.7 KB)

2

For me, https://doxajournal.ru/ (archive) still shows the message “Брух! тут был фокси”. But https://news.doxajournal.ru/novosti/ (archive) and https://doxajournal.org/ (archive) look OK.

It’s strange the the doxajournal.ru page should be broken for so long. I checked their Twitter to see if they say anything about it. I only found a tweet from 2022-02-28 that mentions RKN.

https://twitter.com/doxa_journal/status/1498282317000945665

РКН потребовал удалить наш гайд о том, как разговаривать с родственниками и коллегами о войне. За нескольков часов с публикации его прочитали уже 270 тысяч раз.
doxajournal.ru/anti_war_handbook

RKN demanded that our guide on how to talk to relatives and colleagues about the war be removed. Within hours of its publication, it had already been read 270,000 times.
doxajournal.ru/anti_war_handbook

3

Yes, it seems that they did not care about old domain or, more likely, had to link new domain to an existing website account on Tilda, it probably doesn’t allow a single website on many domains, so they had to disconnect it. That’s just my speculation.

4

Aha, I see it now.

https://twitter.com/doxa_journal/status/1498586803732946944

Мы переехали на новый домен!

doxajournal.org/

Если у вас не открываются наши материалы, замените «.ru» и «.com» в ссылках на «.org».

❌.ru
❌.com
✅.org

Поддержать DOXA: patreon.com/doxajournal

Где найти антивоенный гайд, мы напишем совсем скоро. Stay tuned.

We have moved to a new domain!

doxajournal.org/

If you can’t open our content, replace “.ru” and “.com” in the links with “.org”.

❌.ru
❌.com
✅.org

Support DOXA: patreon.com/doxajournal

Where to find the anti-war guide, we will write very soon. Stay tuned.