231
232

(mail1.trump-email.com) Meet TeaLeaves and his forged DNS logs (self.conspiracy)

FeelTheEmailMistake 投稿

Meet TeaLeaves for the first time

Meet one of six indicators of his forged DNS logs

There are many things I can't share in public, but what I can should be more than enough.

The identity of TeaLeaves is practically certain. As for the forgery, I'm just tying up some loose ends before the final post and seeing whether the final post will have five indicators of forgery or six. I note the following in a comment referring to the unusual (though legal) rd=1 behavior in queries from a BIND9 recursive DNS server to an external authoritative DNS server (marked in the TeaLeaves DNS logs by the '+' character):

I'll be working on a much clearer explanation. I've identified TeaLeaves, but as for the forgery, this post is preliminary in the sense that I need to see whether it can be shot down with something I haven't considered (hence the bold claim). There are way too many variables in play (server implementation, server version, custom vendor patches, configuration, network devices, etc.) for a single person to test this indicator exhaustively. The literature, theory, and a couple of prominent source trees agree with me, but practice too often diverges from the literature and theory.

keywords (requested in comment below for findability): tealeaves, tea leaves

全 98 件のコメント
並べ替え:
ベスト
トップ新着論争中古い順Q&A

[–]LamsSilence 64 ポイント65 ポイント  (6子コメント)

Hey /u/DanteLur help our mate out, he's exposing the anti-trump conspiracy.

He says logs of Trump talking with russia are forged:

https://www.reddit.com/r/conspiracy/comments/616ypb/mail1trumpemailcom_meet_tealeaves_and_his_forged/dfc8t8p/

[–]Sandbargirl 40 ポイント41 ポイント  (5子コメント)

Thank you all for doing this. I was infuriated when smug Hillary looked at the camera during the debates, smirking, while she asked her 'millions of fact checkers' to investigate President Trump.

What goes around...

[–]spacemonkeey 27 ポイント28 ポイント  (2子コメント)

And to go to her website to get the right facts...

[–]Tootenbacher 15 ポイント16 ポイント  (0子コメント)

But buy her book first!

[–]folderol [スコア非表示]  (0子コメント)

Well you don't expect her to tell you what they are in person do you? Someone could ask her a tough question and we can't have that.

[–]djfo77 1 ポイント2 ポイント  (1子コメント)

https://www.youtube.com/watch?v=NK9TsDb8aS8

[–]Ninjakick666 41 ポイント42 ポイント  (34子コメント)

Over my head on a technical level... but if yer gonna try to reignite the whole Trump server talking to a Russian bank thing then ya better get out in front of the idea that maybe trump-email.com is not a domain actually owned by anyone connected to Trump.

I think it was a couple weeks back that it was circulated around here that someone else registered that domain as part of the "set-up". You should start there, cause that is what anyone is gonna use to dismiss whatever you say about the communications.

[–]FeelTheEmailMistake[S] 64 ポイント65 ポイント  (32子コメント)

trump-email.com is a legitimate Trump Org domain that's been around since 2009. The Emily McMullin appearing in some records for the domain has no connection to Evan McMullin.

It's used for hotel marketing. The Intercept was able to obtain copies of some of the marketing communications, thereby debunking the story in its own way. For months I've been happy to leave it at that, but after CNN tried recently to reignite the story, I decided to examine this in much more detail.

Those who have been highly skeptical of the story have assumed that the logs are genuine but that they're not necessarily indicative of nefarious activity and could mean any number of innocuous things. I can demonstrate with very high confidence that the logs have been forged.

[–]Simi510 28 ポイント29 ポイント  (5子コメント)

is this Proof Why Trump's Email Server had fake pings to Russia, and was this used to make Wiretap Surveillance of Trump Tower by the NSA/CIA/FBI ?

[–]Haurboss 46 ポイント47 ポイント  (1子コメント)

Possibly. Plant fake evidence. Use it as reason to spy on Trump for actual evidence of a crime.

Sounds like something the CIA would do

[–]bcboncs 17 ポイント18 ポイント  (0子コメント)

Based on what OP provided so far, he's essentially saying that the pioneers of the Trump-Russia analysis used spoof trafficking which can be proven.

[–]NoUseForAName123 11 ポイント12 ポイント  (1子コメント)

The first surveillance request - the one that named President Trump - was rejected last June.

The second surveillance request was approved last October on the basis of this server having "contacts" with that bank.

If these "contacts" were faked or induced by a third party, then the entire basis for the surveillance is exposed as a forgery. It would mean someone faked the evidence used to get surveillance.

It is also now known from the Wikileaks "Vault 7" release that the CIA has the capability of faking thes exact sort of "contacts."

If OP's work checks out, this is the sort of thing that will be written in history books and taught in school. Think of Woodward and Bernstein (the Watergate reporters) for the modern era. Possibly even more impressive, imho.

[–]OPTCgod 2 ポイント3 ポイント  (0子コメント)

Trump-email.com is registered to Trump Orgainzation (note the misspelling) and the whois still shows this but the registrant's name has since been scrubbed.

[–]Ninjakick666 7 ポイント8 ポイント  (7子コメント)

Yeah... but anyone partisan enough to really care isn't gonna have the technical know how to actually understand any proof that anyone provides so the whole thing is kind of an exercise in futility unless ya think that Quantico doesn't have the manpower to decipher it all on their own and need your help. 95% of people already made up their minds about the whole server situation without looking at any evidence... and confirmation bias is a hell of a drug. A bunch of tech mumbo jumbo ain't gonna change any minds.

[–]Big-Westerman 19 ポイント20 ポイント  (6子コメント)

I'm a network engineer. You provide the data, I will provide your analysis.

[–]sthh [スコア非表示]  (5子コメント)

http://www.ljean.com/NetworkData.php

I also have the data from the original i2p site if you want it for some reason

[–]Big-Westerman [スコア非表示]  (0子コメント)

I'm looking at the DNS lookup log. It is peripheral to the point of almost being laughable. It has null effect on any communication or data transfer between servers. I mean sht, I almost have to laugh. Here is what you get, you can try it for yourself --> https://www.ultratools.com/tools/dnsLookup You get

-MX records which are the named address of the mail servers.

  • Domain Name Servers which index .com type names to IP addresses so that your browser knows where to go when you type xyz.com into a browser (Google uses 8.8.8.8 for it's DNS)

-A site verification code which will probably be used for SSL certificates, which put the little HTTPS encrypted lock in your web browser address bar when you have an encrypted HTTP session

-Other text sht like banners and aliases that the server might have as subdomains like spf-a.hotmail.com -- spf-b.hotmail.com --- homebase.hotmail.com etc.

In other words, garbage. Crap. Stupid sht. Idiocy. To think that this kind of network communication - DNS Lookups and NSLookups have any relevance to anything are ridiculous. I mean dumb. Dumb. As in flat out fking ignorant on a level that is almost mind boggling.

They are yanking your chain holmes. This is some major BS. I always thought the FBI were a bunch of retard ever since they could not (or said they could not) root a damn terrorist iPhone. I can do that sht in a couple of hours on the weekend while drunk.

So I am seeing this and thinking that it means nothing. And if it means nothing, then WTF are these guys getting so juiced over? A bunch of standard BS lookups that can be scripted or cron jobbed to run at set intervals to MAKE IT LOOK like "communication" is going on, or connection, or whatever. BUt what is it? It is the functional equivalent of me opening my window and yelling across the street to the neighbors "Yo, what's up?" And that's it. That's all.

TO think this is some National Security BS is just BS. Flat out BS.

So yeah, I think it could have been planted. It could have been possibly hacked and scripted. Some Yoad on lunch break could have gone in with a USB stick and comp-ed it. Some standard routine maintenance could have slipped it in. But at the end of the day, the nature of the communication is inconsequential. Ridiculous even. I mean, it's a level of insulting that so bad to even take this as serious even for a momentary microsecond.

If anyone else has other ideas or interpretations, I would sure like to hear it.

[–]Big-Westerman [スコア非表示]  (2子コメント)

If you have it, yes please. I will look at this and get back

[–]sthh [スコア非表示]  (1子コメント)

The data on hte ljean site appears to be it just rehosted, but I'll upload it

here ya go

[–]Bilbo_Phaggins [スコア非表示]  (0子コメント)

Bump

[–]sthh 4 ポイント5 ポイント  (11子コメント)

Those who have been highly skeptical of the story have assumed that the logs are genuine but that they're not necessarily indicative of nefarious activity and could mean any number of innocuous things.

Eh, they could have just been tunneling ipv4 through DNS

I can demonstrate with very high confidence that the logs have been forged.

Put your money where your mouth is then and do it. Put up or shut up.

Data on the ljean website isn't the original source of those logs. Logs were on gdd.i2p

[–]FeelTheEmailMistake[S] 20 ポイント21 ポイント  (7子コメント)

Eh, they could have just been tunneling ipv4 through DNS

I would caution you not to toss out whatever buzzwords sound good unless (i) you truly understand those buzzwords; (ii) you're aware what the "researchers" in question have already concluded about the traffic and why.

Data on the ljean website isn't the original source of those logs. Logs were on gdd.i2p

And who put the logs on gdd.i2p? TeaLeaves. The first portion of my picture is from an archived copy of gdd.i2p.xyz, which was the Web-accessible i2p mirror site. His name was on the very site. ljean claimed TeaLeaves was an anonymous source. Funny then that her colleague Timothy Kelley has an ancient Wordpress account named t34k3ttl3. I think the proper knee-jerk response is to call it a nothingburger coincidence.

[–]SourceStar 4 ポイント5 ポイント  (1子コメント)

t34k3ttl3

https://www.sbir.gov/sbirsearch/detail/879589

[–]Kalshebikalim 1 ポイント2 ポイント  (0子コメント)

Should be added to the main post

[–]sthh 2 ポイント3 ポイント  (4子コメント)

I would caution you not to toss out whatever buzzwords sound good (i) you truly understand those buzzwords; (ii) you're aware what the "researchers" in question have already concluded about the traffic and why.

I understand being skeptical but my understanding of what you are saying is that it is doing recursive DNS lookups that, basically shouldn't work right? The data on the ljean thing and what I've seen a couple people claim is that the lookups looked like communication, especially when looked at at a time.

I am just saying I have heard the theory that it was DNS tunneling through something like iodine. Is there a way to tell one way or another if someone was doing that as a means to obfuscate what was going on?

Usually this stuff is buried in this subreddit so this is the first I've actually had to talk about it with anyone here.

There is also the fact that it is basically just text logs people are posting on the internet. Since it is gone now no one has anything to go off but that data, which like you said could easily be forged?

edit: basically I wish to understand it better, so whatever you have is interesting

[–]FeelTheEmailMistake[S] 17 ポイント18 ポイント  (3子コメント)

Thanks for the reasonable reply. I saw you doing the Trump-bashing thing on /r/politics and may have jumped to some hasty conclusions about you.

I understand being skeptical but my understanding of what you are saying is that it is doing recursive DNS lookups that, basically shouldn't work right?

It's fine for a recursive DNS server (that is, a DNS server receiving recursive DNS queries from a client) to send recursive queries itself to external DNS servers (whether honored or not), but I'm still trying to find a DNS server implementation that actually does so. All the literature says the recursive DNS server will send iterative queries, the BIND9 source code indicates the same, the few people who've tested it for me with sniffers have indicated the same -- but I'd like to examine a few obscure corner cases tomorrow before doing my ultimate post.

I am just saying I have heard the theory that it was DNS tunneling through something like iodine. Is there a way to tell one way or another if someone was doing that as a means to obfuscate what was going on?

The "researchers" themselves have accepted it as benign DNS traffic. I will say this: I have a lingering doubt in the sense that if they were going to forge the logs, they could've just gone the whole distance and forged something more damning.

Note that on http://gdd53.wordpress.com (which I didn't mention, because it's difficult for me to establish the link to gdd.i2p in a public manner), there's the following:

"ts": "1475005735",
"src_ip": "217.12.97.15",
"qname": "trump1.contact-client.com",
"node_id": "ams-ix23",
"qdcount": 1,
"qtype": 1,
"rd": 0

The "ams-ix23" is a node on the Amsterdam Internet Exchange. This is one of the Russian DNS servers in question (217.12.97.15) sending a query to a root server. In this case, the 'rd' bit is clear, which is what one would expect. But with everything that goes on at the AIE, there's not really anything that can be concluded from that as-is, so I can't use it as evidence.

There is also the fact that it is basically just text logs people are posting on the internet. Since it is gone now no one has anything to go off but that data, which like you said could easily be forged?

gdd.i2p.xyz has been archived in several places, and the raw data, as you note, has been copied to ljean's site.

[–]sthh 1 ポイント2 ポイント  (2子コメント)

Okay yeah I get what you're saying now. A lot of this was already discredited from various other sources like krypt3ia too. What I do find interesting is that krypt3ia claims to be one of the slate sources and laments how he was quoted in that article on their blog as well. I know there are many ways crap can be tunneled through DNS however I don't think there is any way to prove it other than looking at the traffic for something like "human patterns". But I am not really an expert on it.

Tealeaves also makes the claim that that mail1.Trump-Email.com somehow restricts access to only the ip addresses in the data, but as far as I know provides no evidence of it, and it cannot be verified at all now because the server was allegedly killed after someone asked for a comment.

what I do find interesting is krypt3ia does seem pretty convinced about Trump being tied to russia but for various other reasons.

[–]FeelTheEmailMistake[S] 10 ポイント11 ポイント  (1子コメント)

Tealeaves also makes the claim that that mail1.Trump-Email.com somehow restricts access to only the ip addresses in the data, but as far as I know provides no evidence of it, and it cannot be verified at all now because the server was allegedly killed after someone asked for a comment.

Yeah, people have been skeptical of that claim, but it's too late for me to test it directly, unfortunately.

[–]sthh 0 ポイント1 ポイント  (0子コメント)

but it's too late for me to test it directly, unfortunately.

Yeah. It surely is more sinister if it was configured in that way, but surprise surprise no one can verify that right now. hahah

[–]wordmyninja 3 ポイント4 ポイント  (2子コメント)

Eh, they could have just been tunneling ipv4 through DNS

Eh, because nothing screams "important data" like sending it over UDP.

[–]sthh 0 ポイント1 ポイント  (1子コメント)

You can use DNS in a lot of ways. what about base64 encoding? There is tons of proof of concepts of ways to use it to mask stuff.

The issue I see is more that the data is just plaintext so it is easily tampered with, and no one has been able to provide any evidence to corroborate some of the stuff tealeaves said-- like it only ever recieving traffic from the ip for alfabank and the health place.

[–]hillarityclinton -4 ポイント-3 ポイント  (4子コメント)

Contact the FBI.

[–]Haurboss 16 ポイント17 ポイント  (3子コメント)

lol hell no. The FBI is in on it

[–]jbaum517 5 ポイント6 ポイント  (0子コメント)

This is true. Send it to Gowdy and Nunes instead for their investigation

[–]10111011011101110 5 ポイント6 ポイント  (1子コメント)

This definitely appears to be true - perhaps send it to wikileaks' secure dropbox?

[–]sthh 4 ポイント5 ポイント  (0子コメント)

The source of these logs is i2p not this ljean link. The ljean data is just rehosted. you can look at it here: http://www.ljean.com/NetworkData.php

[–]bottomlines 2 ポイント3 ポイント  (0子コメント)

Hahaha seriously? Not owned by anybody close to Trump? That's beautiful if true.

It does sound fake though. Remember Hillary's was Clinton-email.com. Seems fitting they would set up an identical Trump one to attack for with.

[–]Damean1 11 ポイント12 ポイント  (3子コメント)

It was all a cover so Clinton could go public with the info passed to her from the illegal monitoring of the Trump campaign. Blatantly clear at this point.

[–]HardShadow 13 ポイント14 ポイント  (4子コメント)

kelleyt@indiana.edu

http://www.indiana.edu/~dcnlab/People.html

https://www.mendeley.com/profiles/timothy-kelley/

Some information on 'Timothy Kelley'.

[–]10111011011101110 3 ポイント4 ポイント  (3子コメント)

I'm on my phone and can't figure out how to do a reverse image search from mobile, has anyone done one for his profile pic, just in case it's someone else?

Edit: is it just me or do those two people not look at all alike?

Edit: after pedes help, ran reverse image search, and those are both the one and only copy of each of those images in all of googles index. That is uncommon. Most people re use a profile pic on multiple platforms. Supports theory this is not an actual person.

[–]TTRJN 9 ポイント10 ポイント  (2子コメント)

In Chrome long tap on image -> Search in Google.

[–]10111011011101110 7 ポイント8 ポイント  (0子コメント)

You just changed my life a little bit. Thanks fam :)

[–]DerJayoh 2 ポイント3 ポイント  (0子コメント)

best thing i read today, thanks!

[–]mastigia 10 ポイント11 ポイント  (8子コメント)

Who is tea leaves? Any backstory on this? You caught someone mitm spoofing traffic if I'm understanding this right?

[–]FeelTheEmailMistake[S] 13 ポイント14 ポイント  (7子コメント)

TeaLeaves is singlehandedly responsible for causing the Trump server scandal, which in turn is a large chunk of the foundation of the Russian scandal. He sent DNS logs to multiple news outlets and managed to hook one or two (such as Slate). The public details are quite foggy, but ljean, a professor at Indiana, started raising more noise about the DNS logs and claimed TeaLeaves as her own anonymous source. It turns out, though, that her colleague Tim Kelley, who's written papers with her, has an Internet presence on wordpress.com with the username t34k3ttl3, predating the server scandal by years.

[–]AintGotNoTimeFoThis 5 ポイント6 ポイント  (6子コメント)

Ahhh... So are you hoping to show that the logs were faked?

[–]iknowcisco 4 ポイント5 ポイント  (4子コメント)

Can we get an idiot-proof and easy to follow infographic to meme out? Asking for a friend.

[–]mastigia 5 ポイント6 ポイント  (1子コメント)

I was wondering how the fuck would you meme that?

And now I am picturing an animated gif of a frogger game with russia and trump on either side of the street, and it navigates dns traffic. I guess it could be done.

[–]iknowcisco 2 ポイント3 ポイント  (0子コメント)

Similar to this https://kek.gg/i/7qdYhy not related, but along these lines.

[–]Aluminoti 1 ポイント2 ポイント  (1子コメント)

https://m.imgur.com/RG2suP4 Does this help?

Posted by /u/Never_Trust_Me_

[–]AintGotNoTimeFoThis 0 ポイント1 ポイント  (0子コメント)

That does help, but the middle vertical line is confusing at first. I understand that it is showing us vs Russian logs.

I suggest putting the us circles first and then removing the vertical line (put "us server", "us client" "russian server", "russian client" inside of each circle.

Make the red conclusion at the bottom right left-justified, then follow up with an alternate explanation - if the presumed conclusion is impossible, what is a possible explanation?

If it's possible to show that the results prove there was a fabrication, I'd then show the date of the denied FISA warrant, the date the fabrications began, and the date that we know they began using this as a pretense for spying on Trump.

Keep the minimalist theme and black and white color pattern.

[–]FeelTheEmailMistake[S] 0 ポイント1 ポイント  (0子コメント)

Yes, but failing that, I offer TeaLeaves as an attendance gift.

[–]Archaellon 14 ポイント15 ポイント  (3子コメント)

Didn't the Russian bank say they were prepared to show that Trump was being framed

[–]Haurboss 16 ポイント17 ポイント  (0子コメント)

I would hope that's the case if they have detected forged communications.

Although, you know even if it was 100% proven they are forged communications the left would just say the Russian bank is covering for Trump

[–]slimycoldcuts [スコア非表示]  (0子コメント)

I wish that mattered. The media would spin it as further conspiracy. I'd bet at least one outlet would even call bullshit if it were their precious Hillary and Goldman said, "nothing to see here folks!"

[–]WarOf2016Veteran [スコア非表示]  (0子コメント)

Source?

[–]hillarityclinton 13 ポイント14 ポイント  (0子コメント)

Good find. I was wondering when these would be looked into further.

[–]Dorfaladin 9 ポイント10 ポイント  (1子コメント)

http://boards.4chan.org/pol/thread/118059984

They are still talking about it on this thread at 4chan. some concise layouts of what happened from what we can tell.

[–]FeelTheEmailMistake[S] 9 ポイント10 ポイント  (0子コメント)

Lot to go through there, but there's a good point in there: These recursive queries are supposedly being sent from all DNS servers involved (including American ones with no immediate connection to Alfa Bank), so it's hard to take it as some simple customization of the Russian BIND9 servers.

[–]Haurboss 7 ポイント8 ポイント  (1子コメント)

Couldn't you just make a throw away real quick and post it in the Donald?

I'd message the mods for you but I know nothing will happen. I really want to see what you have though and the Donald would give it the most exposure

[–]FeelTheEmailMistake[S] 5 ポイント6 ポイント  (0子コメント)

It's all good now. More people are looking into it, and I'm going to piece together something more involved.

[–]DerJayoh 2 ポイント3 ポイント  (0子コメント)

i have no idea of most technical aspects of your work here but came to say that you are doing a great and important job.

[–]J2daEWW 1 ポイント2 ポイント  (1子コメント)

You sir deserve gold

[–]FeelTheEmailMistake[S] 1 ポイント2 ポイント  (0子コメント)

Not yet. This whole forgery thing could end up falling under, notwithstanding the bold claim (100% certainty is never going to be possible). But the TeaLeaves identity is something at least.

[–]Aro2220 2 ポイント3 ポイント  (1子コメント)

It's frightening that the CIA or whomever keep pushing this Russia narrative. Either they are insane, or they know that they're placing so much cognitive dissonance between fake-Americans and reality that they'll never be able to come around to accepting the truth even when it hits them square in the face.

[–]FartinLutherKingJr 6 ポイント7 ポイント  (2子コメント)

Man, you've got to post more. Please post an explanation that a layman might understand.

[–]FeelTheEmailMistake[S] 8 ポイント9 ポイント  (1子コメント)

I'll be working on a much clearer explanation. I've identified TeaLeaves, but as for the forgery, this post is preliminary in the sense that I need to see whether it can be shot down with something I haven't considered (hence the bold claim). There are way too many variables in play (server implementation, server version, custom vendor patches, configuration, network devices, etc.) for a single person to test this indicator exhaustively. The literature, theory, and a couple of prominent source trees agree with me, but practice too often diverges from the literature and theory.

[–]FartinLutherKingJr [スコア非表示]  (0子コメント)

Great. Thank you. I hope your theory pans out, if only because of the work you put into it! I wish I was a networking expert so I could validate it myself.

[–]LamsSilence 5 ポイント6 ポイント  (0子コメント)

I'm assuming you're pro-Trump? If so, let me summon /u/ANONTXFAN

OP says logs of Trump talking with russia are forged:

https://www.reddit.com/r/conspiracy/comments/616ypb/mail1trumpemailcom_meet_tealeaves_and_his_forged/dfc8t8p/

[–]HardShadow 6 ポイント7 ポイント  (3子コメント)

Timothy Kelley is unlikely to be a real person.

His interests/subject matters are too disparate and unconnected. It is doubtful whether or not someone who could be this technically proficient in network-engineering could also have a keen and profound interest and insight into human medical practices and economic theories.

My guess is that this 'Timothy Kelley' is an amalgamation of various individuals writing under a pseudonym. It is most likely a government-run operation.

[–]partyon 2 ポイント3 ポイント  (0子コメント)

It would make sense the individual is on staff at IU. It's little known IU is a big research center with lots of individuals with high level cross disciplinary knowledge. Perhaps the deepest field of talent in the USA really, doing actual real world research work that isn't purely theoretical. When you want real research by smart people; governments, companies, and all kinds of organizations hire IU researchers. For research purposes it's like a more practically minded Harvard.

Also this guy fits the bill perfectly. https://www.mendeley.com/profiles/timothy-kelley/

[–]Letterbocks 0 ポイント1 ポイント  (1子コメント)

Isn't that a bit absurd. Plenty of people are polymaths

[–]HardShadow [スコア非表示]  (0子コメント)

In those three very disparate fields?

It's highly doubtful, unless he's conflating his expertise.

[–]Dorfaladin 3 ポイント4 ポイント  (2子コメント)

TeaLeaves kicked off the whole Russia-Trump server thing with his DNS logs.... this server has been mentioned in connection to investigations... nobody knew who TeaLeaves was... some speculated it was L Jean Camp herself which is the closest guess... it turned out to be a colleague of hers... see the /r/conspiracy thread for the damning proof... tealeaves... and her colleague has a years-old wordpress account coincidentally named in leetspeak teakettle... i dont think so... thats him... btw i dont believe that emailmistake guy found it the way he says... i think he had to present it in a more eh public safe manner if you get my drift... based on some other posts of his i think this guy is into some seriously heavy shit...and think about the timing of all this the dns logs contain + signs... meaning recursive nameserver-nameserver queries which just doesnt happen... even if we say the russian nameservers have some weird setup... well the american medical nameservers have the same weird setup... every damn nameserver has the same weird setup... terribly unlikely... the guy mentions 6 indicators of forgery... says hes only 'reasonably confident' based on the indicator above... but its pretty fucking damning all by itself... my suspicion is that another indicator is based on meticulous analysis of ttls and cache behavior

this is what an anon on the board I mentioned earlier.

http://boards.4chan.org/pol/thread/118059984

[–]FeelTheEmailMistake[S] 3 ポイント4 ポイント  (0子コメント)

That's accurate, except I did indeed find him in the way shown, and I'm just a bored nerd.

[–]sthh [スコア非表示]  (0子コメント)

This anon is probably the fakeemails guy he posted the exact same wording as the original op in both places

[–]This_There 0 ポイント1 ポイント  (0子コメント)

OP and several others are doing God's work here. I follow the general theme but not the details of a highly suspicious electronic "link" between our President's campaign and the Russians. With what we've learned from Wikileaks Vault7, we have more reason to suspect anything electronic.

Have my upvote and energy for this great work. I look forward to the non-tech explanation that reporters from Breitbart and Fox can follow, as we all know no one else is interested.

[–]martini-meow 1 ポイント2 ポイント  (1子コメント)

Please include "tea leaves" and "tealeaves" in your post? Reddit search is shit & most mentions I've seen have the space, but yours is the latest, and new news.

[–]LamsSilence 6 ポイント7 ポイント  (1子コメント)

If you're pro-Trump can we get some help from /u/AnonPaul_Deviantart ?

OP says logs of Trump talking with russia are forged:

https://www.reddit.com/r/conspiracy/comments/616ypb/mail1trumpemailcom_meet_tealeaves_and_his_forged/dfc8t8p/

[–]lookatmeimwhite 6 ポイント7 ポイント  (0子コメント)

Pro trump or not people should just want the truth.

[–]Kareeda 0 ポイント1 ポイント  (0子コメント)

Look what happens when you have a big ego and want your name on everything you do. Perhaps that should be reserved for honest work.

[–]D_trumpisaretard 0 ポイント1 ポイント  (0子コメント)

Tari Gand huge bhadva. Everything is huge.

[–]MarinaraAddict 0 ポイント1 ポイント  (4子コメント)

Just go to /pol/

[–]Simi510 8 ポイント9 ポイント  (3子コメント)

i came here from /pol/

[–]mikespimpin 4 ポイント5 ポイント  (1子コメント)

I came here from down under

[–]mrwafflepants16 0 ポイント1 ポイント  (0子コメント)

I came here from a marsupial's spawn sack.