1/ A thread on the curious tale of dcleaks.com. To which I have no firm answers, just some anomalies and leads I'd like to share. 
2/ The spooks are sure about dcleaks in 2017:
dcleaks.com and Guccifer2.0 were named with "High Confidence" as key outlets for stolen DNC data in the 6th January 2017 Intelligence Community reports on Russian interference.
FBI's Priestep testified a direct link
dcleaks.com and Guccifer2.0 were named with "High Confidence" as key outlets for stolen DNC data in the 6th January 2017 Intelligence Community reports on Russian interference.
FBI's Priestep testified a direct link
3/ But by 2018 the DNC forgets all about them:
In the recent *DNC Vs Everybody* lawfare suit dcleaks.com is curiously absent. Why is that?
G2.0. is helped along by a conveniently timed article in the Daily Beast. Their parent company is directed by Ms C Clinton
In the recent *DNC Vs Everybody* lawfare suit dcleaks.com is curiously absent. Why is that?
G2.0. is helped along by a conveniently timed article in the Daily Beast. Their parent company is directed by Ms C Clinton
4/ So. The intelligence community has "High Confidence" that dcleaks.com is the recipient of hacked emails from the DNC and others, yet the DNC omits them from their suit.
Why would they do that?
Why miss such an obvious target?
Why would they do that?
Why miss such an obvious target?
5/ Origins of dcleaks.com.
dcleaks.com (and electionleaks.com) can be traced back to October 2012, an election year. It never went live but at that time Romney was battling stories about his tax returns (familiar?).
F-GPS were working for the Dems
dcleaks.com (and electionleaks.com) can be traced back to October 2012, an election year. It never went live but at that time Romney was battling stories about his tax returns (familiar?).
F-GPS were working for the Dems
6/ The registration of dcleaks.com and electionleaks.com were registered to Ronald Vanyur of Huntington Beach, California.
To be clear; that's California, USA, not California, Russia.
To be clear; that's California, USA, not California, Russia.
7/ After having battled the issue for all of 2012, Romney, eventually, releases some details about his tax returns in September.
dcleaks never goes live in 2012. Perhaps Vanyur (& friends?) sense they've missed their opportunity and the registration appears to lapse.
dcleaks never goes live in 2012. Perhaps Vanyur (& friends?) sense they've missed their opportunity and the registration appears to lapse.
8/ In November 2015 it's now legal to hide the registered name of a website, and dcleaks.com's registration moves to a privacy service "Registrations by Proxy LLC". The registrar is still Go Daddy as Vanyur has used previously.
9/ Then on 19th April 2016, dcleaks is re-registered to another privacy service; privacyprotect via publicdomainregistry.com.
The address is a PO box in a sleepy beachside town in Queensland, Australia, called Nobby Beach. It is an actual PO box.
The address is a PO box in a sleepy beachside town in Queensland, Australia, called Nobby Beach. It is an actual PO box.
10/ THC Servers in Romania provide the service, and are paid via bitcoins. The original Guccifer was Romanian, so I imagine we are meant to infur a link. (Fessing-up: I was guilty of doing that at first).
To the AP they say no law-enforcement service has bothered to contact them
To the AP they say no law-enforcement service has bothered to contact them
11/ Incidentally, privacyprotect are pretty private. But not totally private. In another, unrelated, case they were sued by Tata Inc, as one of their sites infringed a trademark.
**They gave up the name of the registrant**.
But Mueller's team hasn't done the same. Why?
**They gave up the name of the registrant**.
But Mueller's team hasn't done the same. Why?
12/ In a strange "Russian Doll" type twist, even though Publicdomainregistry, and privacyprotect are owned by the Endurance Group - a large multinational they register the publicdomainregistry site with a small one-man-band service provider in Romania called ...
...
THC Servers
...
THC Servers
13/ The "A" records for dcleaks start on 17th December 2010 at
67.23.129.87 (the Endurance Group), then move to
66.96.160.141 (the Endurance Group),
then to Confluence Networks (owned by the Endurance Group),
then finally ... in 2016 ...
67.23.129.87 (the Endurance Group), then move to
66.96.160.141 (the Endurance Group),
then to Confluence Networks (owned by the Endurance Group),
then finally ... in 2016 ...
12/ A few days after THC Servers re-register dcleaks (via the Endurance Group's order-boxdns), on 29th April 2016 the IP address is moved to flokinet.is
They claim to be a home for whistleblower sites.
The identity of the site's owner is being laundered.
They claim to be a home for whistleblower sites.
The identity of the site's owner is being laundered.
12/ Also registered by THC servers, to this service, and this PO box, are several related sites. Of particular interest is: actblues.com which was implicated in the DCCC "hack". Its SOA (Start of Authority) record shows a registrant name of fisterboks@gmail.com and VPN
13/ Possibly unrelated but several sites linked to the Microsoft Strontium trademark dispute are also registered to Nobby Beach
As are a dozen or so muslim botherhood sites, like ikhwanweb.com (the official English site of the Muslim Brotherhood)
As are a dozen or so muslim botherhood sites, like ikhwanweb.com (the official English site of the Muslim Brotherhood)
14/ Also in the same "Strontium" suit are several sites registered to value-domain.com in japan.
It also happens that misdepatrment.com, that was also implicated, like actblues.com in the DCCC "hack is also registered by value-domain.com.
It also happens that misdepatrment.com, that was also implicated, like actblues.com in the DCCC "hack is also registered by value-domain.com.
15/ misdepartment.com (note spelling) were the IT company in charge of the DCCC's IT. In related news their twitter account is dead, and their website is now eviscerated.
Like Stefan Halper, Joseph Misfud, George Nader, and Rob Goldstone, they have **just disappeared**.
Like Stefan Halper, Joseph Misfud, George Nader, and Rob Goldstone, they have **just disappeared**.
16/ The SOA for dcleaks changes sometime in early 2017 to admin@piradius.net. The nameservers still point to THC Servers, but a mailserver has been added: server13.yettamail.com.
Sometime after that I catch the site with it's knickers down. See here: loadedforguccifer.wordpress.com/2018/02/10/dcl…
Sometime after that I catch the site with it's knickers down. See here: loadedforguccifer.wordpress.com/2018/02/10/dcl…
17/ Why the change?
There's no Russian settings listed in a NMAP scan I did at the time. The language settings on it: iso-8859-1 is for Latin (Inc English, not Cyrillic). There's also some internet relay chat ports to chat on, and yettamail mail servers are front and centre.
There's no Russian settings listed in a NMAP scan I did at the time. The language settings on it: iso-8859-1 is for Latin (Inc English, not Cyrillic). There's also some internet relay chat ports to chat on, and yettamail mail servers are front and centre.
18/ Yettamail seems a random choice for a mailserver. The whois gives Vertron corporation as the owner.
Interesting. Vertron is owned by Darrell Hubbard, and is registered in California. That's California USA, not California Russia.
Ronald Vanyur - CA. Darrell Hubbard - CA
Interesting. Vertron is owned by Darrell Hubbard, and is registered in California. That's California USA, not California Russia.
Ronald Vanyur - CA. Darrell Hubbard - CA
19/ Where is Darrell Hubbard now? Has anyone been asking?
Wasn't Daniel Jones of Penn Quarter Group said to get his funding from "wealthy Californians"? Vertron's clients include Sony Pictures (California), Time Warner Home Video (California) and Fannie Mae (Washington).
Wasn't Daniel Jones of Penn Quarter Group said to get his funding from "wealthy Californians"? Vertron's clients include Sony Pictures (California), Time Warner Home Video (California) and Fannie Mae (Washington).
20/ Looking closer at the final dcleaks IP addresses we see that the "A" record - where the site is directed to - is 111.90.158.105. This is owned by Shinjiru in Malaysia. Who? Well to cut a long story short, their "A" record points to Belcloud Hosting corporation in Bulgaria.
21/ In probably unrelated news Jeff Sessions is visiting Bulgaria. Among the topics he will discuss is deportation from Bulgaria. Just saying.
Also just saying I've never before seen a whois record like for belcloud.com that has all the names "Redacted for Privacy".
Also just saying I've never before seen a whois record like for belcloud.com that has all the names "Redacted for Privacy".
22/ What does it all mean? I was hoping you weren't going to ask. I don't know.
Only that dcleaks.com has been left off the DNC lawsuit for a reason. They want us to forget all about it. Could it be that it loops back to some important people. Who could they be?
FIN
Only that dcleaks.com has been left off the DNC lawsuit for a reason. They want us to forget all about it. Could it be that it loops back to some important people. Who could they be?
FIN
