[flagged]

Listening to the audio, this wasn't some surreptitious hot mic recording, he was addressing employees about his frustrations at personally observing them fucking off in meetings and they were laughing. Somehow listening to his aggressive-but-disarming NYC style I can't help but agree with the guy.

It's not.

This is almost certainly Windows performing certificate validation.

The "evidence" was just copy pasted from VirusTotal. In fact he forgot to copy from below the cut, which would have shown it also called out to www.microsoft.com - depending who you ask, definitely a malicious address!

VirusTotal just notes all network traffic during the time the binary executed in the sandbox. It doesn't mean it emanated from the binary.

> It is absolutely not that. To suggest this, considering the evidence posted, goes beyond idiocy into potential maliciousness

The scary IPs are part of DigiCert's CDN for OCSP responder (probably depending where you are and their anycast):

https://github.com/hoshsadiq/adblock-nocoin-list/issues/452

The "evidence" is the system made some network calls and DNS lookups. Which you know, you would do when validating a certificate. He also lists some SMB calls to the localnet which are clearly unrelated. tee.c source contains no network code so this would be truly easy to audit. So tell me again what is the damning evidence?

Also, are we to believe malware gangs are hosting on Akamai now? They must be in the major leagues.

And you call me an idiot?

Have a nice day.