Connect with us

Latest

Analysis

News

How CrowdStrike placed malware in DNC “hacked” servers

Fancy Frauds, Bogus Bears & Malware Mimicry?!

Alex Christoforou

Published

on

3,926 Views

Of course the DNC did not want to the FBI to investigate its “hacked servers”.

The plan was well underway to excuse Hillary’s pathetic election defeat to Trump, and CrowdStrike would help out by planting evidence to pin on those evil “Russian hackers.”

Some would call this entire DNC server hack an “insurance policy.”

Disobedient Media outlines the DNC server coverup evidenced in CrowdStrike malware infusion…


It’s amazing what people retain and how they pick up on conflicts of information and inconsistencies. I’ve been impressed by a lot of people I’ve come to know through Twitter and one great example is Stephen McIntyre (of Climate Audit – a blog that has an interesting history of its own in relation to the ClimateGate hack of 2009).

Over recent months McIntyre has given some attention to the topic of the alleged hacking of the DNC in 2016 and his findings have been particularly interesting, at least, to anyone interested in unraveling digital deception.

As always, some of the background helps for context, if you’re familiar with CrowdStrike’s activity at the DNC, their background and the dates of their activities, feel free to skip the next couple of paragraphs.

CrowdStrike and DNC Malware Discoveries

End of April 2016 – Breach Detected
Towards the end of April 2016, the DNC (Democratic National Convention) contacted a cyber-security firm called CrowdStrike in relation to a suspected breach.

Early May 2016 – CrowdStrike Called In, Falcon Installed
CrowdStrike visited the DNC early in May and soon discovered malware. They installed their flagship product “Falcon” (a product supposed to prevent both hackers and malware) across the network and on or before May 11, 2016, the DNC started paying their service subscription fee to CrowdStrike.

Late May 2016 – Emails Acquired
Approximately two weeks after Falcon had been installed, emails were acquired (with dates going up to 19th-25th of May depending on mailbox) that were subsequently leaked to WikiLeaks.

Early-Mid June 2016 – WikiLeaks Announce Leaks & CrowdStrike Announce Hackers
WikiLeaks first gave indication they were in possession of leaked emails (relating to Hillary Clinton) when Julian Assange stated it in an interview with ITV’s “Peston on Sunday” on June 12, 2016.

Within 48 hours of the announcement (on June 14, 2016), an article appeared in the Washington Post, covering a story from CrowdStrike executives Shawn Henry and Dmitri Alperovitch. In the article, they claim to have just been working on eliminating the last of the hackers from the DNC’s network during the past weekend (conveniently coinciding with Assange’s statement and being an indirect admission that their Falcon software had failed to achieve it’s stated capabilities at that time, assuming their statements were accurate).

The following day, June 15, 2016, they publicized a report in which they share IOCs (Indicators of Compromise) and samples of the malware code.

To date, CrowdStrike has not been able to show how the malware had relayed any emails or accessed any mailboxes. They have also not responded to inquiries specifically asking for details about this.

In fact, things have now been discovered that bring some of their malware discoveries into question.

Fancy Bear Malware & Compile Times

It was reported that Cozy Bear (aka APT29) was at the DNC since the Summer 2015 and that Fancy Bear (aka APT28) didn’t start their attacks until Spring 2016.

While it would seem logical to infer this as meaning that the Fancy Bear activity occurred just before CrowdStrike’s visit, there is a reason to think Fancy Bear didn’t start some of its activity until CrowdStrike had arrived at the DNC.

CrowdStrike, in the indiciators of compromise they reported, identified three pieces of malware relating to Fancy Bear:

On October 25, 2017, Stephen McIntyre tweeted something that caught my attention (over a month later):

The following screen captures are from VirusTotal and each one links to the original page it comes from:

 

Here are the IOCs again, but this time in order of compile date and with CrowdStrike’s corresponding activities at the time:

Strangely, it does seem that two of the pieces of malware were compiled within the five days that CrowdStrike appear to have been working at the DNC.

Of course, we also have to consider other possibilities and contradictory discoveries made.

The “First Seen In The Wild” Date Conflict

Earlier this month, someone else on Twitter pointed out that there was a date on some of the malware that seemed to conflict with the compile date:

Subsequently, I contacted VirusTotal to inquire as to why there was a difference but the response received seemed to suggest it’s the ITW (“In The Wild”) date, if anything, that would be faulty:

Real Hackers Using Postdated Timestamps?

Maybe the malware was made at an earlier date but had its compile time postdated?

Invincea (part of Sophos) have inspected many malware samples as part of a case study looking at malware compile times, below is a chart of what they found regarding malware:

They found that generally, in a lot of cases, malware developers didn’t care to hide the compile times and that while implausible timestamps are used, it’s rare that these use dates in the future.

It’s possible, but unlikely that one sample would have a postdated timestamp to coincide with their visit by mere chance but seems extremely unlikely to happen with two or more samples.

Considering the dates of CrowdStrike’s activities at the DNC coincide with the compile dates of two out of the three pieces of malware discovered and attributed to APT-28 (the other compiled approximately 2 weeks prior to their visit), the big question is:

Did CrowdStrike plant some (or all) of the APT-28 malware?

Something that may help inform us more in trying to answer that question is something else that was discovered in the malware samples, something relating to the IP addresses apparently used by some of the malware.

Operationally Obsolete Hardcoded IP Addresses

Something interesting about the malware and one of the things used to identify it as belonging to Fancy Bear was a hard-coded IP address. As Thomas Rid pointed out:

More than once…

The specific malware this appeared in can also be confirmed by checking out the analysis of one of the malware samples at Invincea.

On the surface, it looks like the malware was likely to have been communicating with known Fancy Bear infrastructure due to the presence of an IP address that was well known to the infosec industry.

However, there’s a little problem with this assumption.

That particular IP address was detected as being part of Fancy Bear in 2015 and the IP address was suspended/unassigned on May 20, 2015 by CrookServers:

So, the piece of Fancy Bear malware that was compiled on May 5, 2016 was using a hard-coded IP address that had ceased to be a functioning part of the Fancy Bear infrastructure for almost a year.

Not only was it pointless to include it operationally, retaining it unnecessarily would be an obvious operational security risk for attackers and would inherently make the malware more detectable and make it easy for people to tie it to Fancy Bear.

This would have been counterproductive and a needless risk being taken by Fancy Bear which begs the question – was it really Fancy Bear?

CrookServers, Pakistan, Awans? – No, No, No!

You may have noticed in the mainstream press recently, there have been similar stories about Fancy Bear and CrookServers that make specific mention of Pakistan and do so in relation to the DNC “hack”.

While I’m sure this will act as a ‘dog-whistle’ to everyone familiar with the Awans, it should be noted that here, too, a similar issue exists that should be considered before anyone goes believing the hype.

The IP address, according to those articles, was disabled in June 2015, eleven months before the DNC emails were acquired – meaning those IP addresses, in reality, had no involvement in the alleged hacking of the DNC.

As the BBC concede in their article:

Questionable Methods, Questionable Motives

Would an advanced hacking operation clumsily leave blatant IOCs relating to infrastructure that had been redundant for eleven or more months in malware it was compiling considering that doing so would serve no function and would make the malware easy to both detect and attribute back to that hacking operation?

How likely is it that all the malware attributed to Fancy Bear was compiled in the period from ten days prior to CrowdStrike’s visit in early May 2016 to five days after?

Personally, a single malware compilation date coinciding with CrowdStrike’s visits alone was enough to catch my attention.

The fact that two out of three of the Fancy Bear malware samples identified were compiled on dates within the apparent five day period CrowdStrike were apparently at the DNC seems incredibly unlikely to have occurred by mere chance.

That all three malware samples were compiled within ten days either side of their visit – makes it clear just how questionable the Fancy Bear malware discoveries were.

That the malware was apparently using well known and long-redundant hardcoded IP addresses (serving no functional purpose and only really serving to make it more prone to detection and being easily attributed to Fancy Bear)… well… that just seems bizarre, doesn’t it?

I can’t help but continue questioning CrowdStrike’s discoveries…

…and continue wishing intelligence committees in both houses would start to do so too!

Liked it? Take a second to support The Duran on Patreon!
Advertisement
Click to comment

Leave a Reply

avatar
  Subscribe  
Notify of

Latest

US Blunders Have Made Russia The Global Trade Pivot

Even if Europe is somehow taken out of the trade equation, greater synergy between the RIC (Russia, India and China) nations may be enough to pull their nations through anticipated global volatilities ahead

The Duran

Published

on

Authored by Mathew Maavak via ActivistPost.com:


The year 2019 had barely begun before news emerged that six Russian sailors were kidnapped by pirates off the coast of Benin. It was perhaps a foretaste of risks to come. As nations reel from deteriorating economic conditions, instances of piracy and other forms of supply chain disruptions are bound to increase.

According to the International Maritime Bureau (IMB), 107 cases of piracy were noted during the first half of 2018 vis-à-vis 87 throughout 2017.  The 2018 tally included 32 cases in Southeast Asian waters and 48 along African shores – representing 75% of the total. To put this figure into perspective, Asian behemoths India and China – despite their vast shorelines – recorded only 2 cases of piracy each during the study period. Russia had none. In terms of hostages taken, the IMB tally read 102 in H1 2018 vs 63 in H1 2017.

Piracy adds to shipping and retail costs worldwide as security, insurance and salaries are hiked to match associated risks in maritime transport. Merchant vessels will also take longer and costlier routes to avoid piracy hotspots.

United Nations Office on Drugs and Crime (UNODC) report in 2016 sums up the perils ahead:

As over 90% of global trade is carried out by sea, the economic effects of maritime crime can be crippling. Maritime crime includes not only criminal activity directed at vessels or maritime structures, but also the use of the high seas to perpetrate transnational organized crimes such as smuggling of persons or illicit substances.  These forms of maritime crime can have devastating human consequences.

Indeed, cases of human trafficking, organ harvesting, and the smuggling of illicit substances and counterfeit goods are proliferating worldwide in tandem with rising systemic debt and suspect international agendas.

Australia offers a case in point. While it fantasizes over a Quad of allies in the Indo-Pacific – to “save Asians from China” – criminal elements from Hong Kong, Malaysia to squeaky-clean Singapore have been routinely trafficking drugs, tobacco and people right into Sydney harbour for years,  swelling the local organised crime economy to as much as $47.4 billion (Australian dollars presumably) between 2016 and 2017.

With criminal elements expected to thrive during a severe recession, they will likely enjoy a degree of prosecutorial shielding from state actors and local politicians. But this is not a Southeast Asian problem alone; any superpower wishing to disrupt Asia-Europe trade arteries – the main engine of global growth – will have targets of opportunity across oceans and lands.  The US-led war against Syria had not only cratered one potential trans-Eurasia energy and trade node, it served as a boon for child traffickingorgan harvesting and slavery as well. Yet, it is President Bashar al-Assad who is repeatedly labelled a “butcher” by the Anglo-American media.

Ultimately, industries in Asia and Europe will seek safer transit routes for their products. The inference here is inevitable: the greatest logistical undertaking in history – China’s Belt and Road Initiative (BRI) – will be highly dependent on Russian security umbrella, particularly in Central Asia. Russia also offers an alternative transit option via the Northern Sea Route, thereby avoiding any potential pan-Turkic ructions in Central Asia in the future.

Russo- and Sinophobia explained?

In retrospect, Washington’s reckless policies post-Sept 11 2001 seem aimed at disrupting growing synergies between Asia and Europe. This hypothesis helps explain the relentless US-led agitprops against Russia, China and Iran.

When the gilet jaunes (yellow vest) protests rocked France weeks ago, it was only a matter of time before some pundits blamed it on Russia. US President Donald J. Trump cheered on; just as “billionaire activist” George Soros celebrated the refugee invasion of Europe and the Arab Spring earlier.  If the yellow vest contagion spreads to the Western half of Europe, its economies will flounder. Cui bono? A Russia that can reap benefits from the two-way BRI or Arctic trade routes or a moribund United States that can no longer rule roost in an increasingly multipolar world?

Trump’s diplomatic downgrade of the European Union and his opposition to the Nord Stream 2gas pipeline matches this trade-disruption hypothesis, as do pressures applied on India and China to drop energy and trade ties with Iran.  Washington’s trade war with Beijing and recent charges against Huawei – arguably Asia’s most valuable company – seem to fit this grand strategy.

If China concedes to importing more US products, Europe will bear the consequences. Asians love European products ranging from German cars to Italian shoes and Europe remains the favourite vacation destination for its growing middle class. Eastern European products and institutions are also beginning to gain traction in Asia. However, these emerging economies will suffer if their leaders cave in to Washington’s bogeyman fetish.

Even if Europe is somehow taken out of the trade equation, greater synergy between the RIC (Russia, India and China) nations may be enough – at least theoretically – to pull their nations through anticipated global volatilities ahead.

In the meantime, as the US-led world crumbles, it looks like Russia is patiently biding its time to become the security guarantor and kingmaker of Asia-Europe trade.  A possible state of affairs wrought more by American inanity rather than Russian ingenuity…

Dr Mathew Maavak is a regular commentator on risk-related geostrategic issues.

Liked it? Take a second to support The Duran on Patreon!
Continue Reading

Latest

Historic Eastern Christianity: An Uncertain Future

The survival of historic Eastern Christianity, particularly in Syria, is critical for several reasons.

Strategic Culture Foundation

Published

on

Authored by Elias Samo via The Strategic Culture Foundation:


The survival of historic Eastern Christianity has never been as urgent as it is today. Christianity saw its beginning in Greater Syria which was subdivided by France and Britain after WWI into modern day Syria, Lebanon, Palestian/Israel and Jordan. The land that housed, nurtured and spread the teachings of Jesus Christ for over two millenniums, now threatens children of that faith. The survival of historic Eastern Christianity, particularly in Syria, is critical for several reasons:

  1. Greater Syria is the homeland of Jesus and Christianity. Abraham was from modern day Iraq, Moses from Egypt, and Muhammad from Mecca; Jesus was from Syria.
  1. Paul converted to Christianity and saw the light while walking through ‘The Street Called Straight’ in Damascus.
  1. Jesus’ followers were called Christians for the first time in Antioch, formerly part of Syria.
  1. One of the earliest churches, perhaps the earliest, is in Syria.

The potential demise of historic Eastern Christianity is reflected in the key question Christians ask: should we stay or emigrate? The urgent question – in the face of the ongoing regional turmoil – precipitated with the American invasion of Iraq in 2003 and escalated since the Arab uprisings in 2011. Historic Eastern Christians’ fears were further magnified when Archbishop Yohanna Ibrahim of the Syriac Orthodox Church and Archbishop Paul Yazigi of the Greek Orthodox Church, both of metropolitan Aleppo, were kidnapped on April, 22, 2013; with no traces of their whereabouts, dead or alive, since. For many years, I was deputy, friend, and advisor to the Archbishop Ibrahim, which provided me an opportunity to meet many Christians. I have, over time, noticed the change in their sentiment, with more considering emigration after the uprising and the kidnapping of the two Archbishops. Historic Eastern Christians survived the Ottoman Genocide in 1915 and thereafter; they multiplied and thrived in the Fertile Crescent despite some atrocities until the start of the misnamed “Arab Spring” in early 2011. Prior to the “Arab Spring”, historic Eastern Christians were victims of violence on several occasions. In the mid-1930s, the historic Assyrian community in Iraq suffered violent onslaughts and were driven to Syria. In the 1970s and 1980s, during the Lebanese Civil War, Christians were victims of sectarian violence. During the American invasion of Iraq in 2003, Christians were victims of widespread sectarian violence which led to mass migration. The “Arab Spring” began with great hope for the right of the people to “Life, Liberty and the pursuit of Happiness”. However, it was swiftly hijacked by Islamists and Salafists and turned into an “Islamic Spring, an Arab Fall and a Christian Winter”; bringing along with it a new massacre of Christians. Presently, Eastern Christianity is at the mercy of clear and identifiable domestic, regional, and international, historic and contemporary conflicts in the Fertile Crescent, namely:

  1. Jihad vs. Ijtihad: A long standing conflict amongst Muslims between the sword vs. the pen.
  2. Sunni vs. Shiite: A conflict which began following the death of the Prophet Muhammad.
  3. Arabism vs. Islamism: The former has territorial limitations, the later has no territorial limitations.
  4. Syria vs. Israel: It is an essential component of the Palestinian problem, not the presumed Arab- Israeli conflict.
  5. West vs. East: A throwback to the Cold War, or its revival.
  6. Historic Persian, Ottoman and Arab Empires animosities: Each seeking regional hegemony.

One is reminded of the proverbial saying, “When the elephants fight, the grass suffers.” Certainly, Eastern Christianity is suffering and threatened with extinction.

Syria was a model of religious tolerance, common living and peaceful interaction amongst its religious, sectarian, cultural and ethnic components. Seven years of turmoil, in which various international and regional powers manipulated segments of Syrian society by supplying them with an abundance of weapons, money and sectarian ideologies, has heightened Eastern Christians’ fears. During the seven-year turmoil in Syria, the entire society has suffered; Sunnis, Shiites, Alawites, Yazidis, Kurds, Christians and others. Christians, being a weak and peaceful component of the society, have suffered immensely. Ma’aloula; a religious treasure for Christians globally, and the only city in the world where Aramaic – the language of Jesus Christ – is spoken, was attacked and besieged by ISIS. Numerous historic Churches were damaged, and many destroyed. Christians in Raqqa were forced by ISIS into one of three options: 1. Pay a penalty in pure gold – known as a ‘Jizya’ to keep their life and practice their faith – albeit in secret only; 2. Convert into Islam; or 3. Face immediate death. To top their pain, the kidnap of the two prominent Archbishops meant no Eastern Christian believer was safe.

Amidst all the doom and gloom, however, there remains hope. The survival of Christianity depends on the actions and reactions of three parties:

Eastern Christians: During the last hundred years, 1915-2015, since the Ottoman Genocide, Eastern Christians have been victims of a history of massacres, which meant that every Eastern Christian was a martyr, a potential martyr or a witness of martyrdom; if you fool me once, shame on you, if you fool me twice, shame on me. The ongoing regional turmoil has heightened their sense of insecurity. The answer to an age-old question Eastern Christians had on their mind: To flee Westwards or remain in their land, in the face of death, is increasingly becoming the former.

Eastern Muslims: There is a difference in perceptions between Eastern Christians and mainstream Muslims regarding the massacres committed against Christians. When certain violent groups or individuals kill Christians, while shouting a traditional Islamic profession: “No God but one God and Muhammad is God’s messenger”, it is reasonable for Christians to assume the killers are Muslims. However, for mainstream Muslims, the killers do not represent Islam; they are extremists, violating basic Islamic norms such as Muhammad’s sayings, “Whoever hurts a Thummy – Christian or Jew – has hurt me”, “no compulsion in religion” and other Islamic norms regarding just treatment of people of the Book; Christians and Jews. Therefore, it is the responsibility of the Muslim elites to impress upon their fellow Muslims that:

a. The three monotheistic religions believe in one God and all ‘faithfuls’ are equal in citizenship, rights and duties.

b. Christians participated in the rise of Arab Islamic civilization. They were pioneers in the modern Arab renaissance and they joined their Muslim brethren in resisting the Crusades, the Ottomans and Western colonialism.

c. Christians are natives of the land and they provide cultural, religious, educational, and economic, diversity.

d. Christians are a positive link between the Muslims and the Christian West, particularly in view of the rise of Islamophobia. Massacres of Christians and their migration provide a pretext for the further precipitation of Islamophobia.

e. Civilization is measured by the way it treats its minorities.

The Christian West: The Crusades, Western colonialism, creation and continued support of Israel, support of authoritarian Arab political systems, military interventions, regime change, and the destabilization of Arab states made Muslims view Eastern Christians ‘guilty by association’. The Christian West helped Jews come to Palestine to establish Israel. Shouldn’t the same Christian West also help Eastern Christians remain in their homeland, rather than facilitate their emigration? Western Christians, particularly Christian Zionists, believe that the existence of Israel is necessary for the return of Jesus to his homeland. However, it would be a great disappointment for Jesus to return to his homeland, Syria and not find any of his followers.

Prior to 2011, Eastern Christian religious leaders were encouraging Syrian Christians in the diaspora to return to Syria, their homeland, where life was safe and secure with great potential. Now, the same leaders are desperately trying to slow down Christian emigration. Eastern Christians’ loud cries for help to remain are blowing in the wind.

Liked it? Take a second to support The Duran on Patreon!
Continue Reading

Latest

Protests erupt in Athens, as ‘North Macedonia’ vote fast approaches (Video)

The Duran Quick Take: Episode 62.

Alex Christoforou

Published

on

NATO and the EU are full of joy with the Prespes agreement, which is sure to pass the Greek Parliament and fast rack the newly minted Republic of North Macedonia into NATO and the EU.

Meanwhile in Athens and Skopje, anger is reaching dangerous levels, as each side debates the pros and cons of the deal inked by Tsipras and Zaev.

The Duran’s Alex Christoforou and Editor-in-Chief Alexander Mercouris take a quick look at yesterday’s protests in Athens, Greece, where things got very ugly as radical left Prime Minster Alexis Tsipras used tear gas and a heavy police hand to put down protests, that reached upwards of 60,000 people in the Syntagma downtown square.

Remember to Please Subscribe to The Duran’s YouTube Channel.

Follow The Duran Audio Podcast on Soundcloud.

Via Ekathimerini

As Greece gets ready for a political showdown this week over the Prespes agreement, we are witnessing a relentless, often cynical, maneuvering between parties, their leaders and even individual deputies.

What is at stake is not only the ratification of the deal between Athens and Skopje, but also the potential redrawing of the domestic political map.

Greek society and the country’s political world are deeply divided. The public is clearly against the deal, with up to 70% opposed to it.

The tens of thousands that demonstrated in Sunday’s rally in Athens, showed once more that sentiments run high.

The violence, which the Prime Minister blamed on extremists, while the opposition leader criticized the extended use of tear gas and called for an investigation to find out who was responsible, is indicative of the slippery slope the country is facing in the months leading to the national elections.

Despite the voices of reason calling for a minimum of cooperation and looking for common ground, Alexis Tsipras and Kyriakos Mitsotakis are in an all out war.

The leftist Prime Minister is attempting to use the Prespes agreement to create a broad “progressive” coalition that extends well beyond SYRIZA, while the conservative opposition leader, who is leading in the polls, is trying to keep his party united (on the name issue there are differing approaches) and win the next elections with an absolute majority.

With respect to the Prespes deal itself, the rare confluence of shrewd political considerations with deeply held feelings about one’s history, makes for an explosive mix and ensures a heated debate in parliament.

As for the raw numbers, despite the public opposition, the passage of the Prespes agreement in the 300 member Greek Parliament should be considered a done deal. In the most plausible senario 153 deputies will support the deal in the vote expected later in the week.

The governing SYRIZA has 145 deputies, and one should add to those the positive votes of Tourism Minister Elena Kountoura, centrist To Potami deputies Stavros Theodorakis, Spyros Lykoudis and Giorgos Mavrotas, former To Potami MP Spiros Danellis, and ANEL MP Thanasis Papachristopoulos.

This leads to a majority of 151. Last night one more positive vote was announced, that of Thanasis Theocharopoulos, leader of Democratic Left which untill now was part of the Movement for Change coalition, from which he was ejected as a result of his decision to support the deal.

Finally, Citizens Security Deputy Minister Katerina Papacosta, a former member of New Democracy, is expected to also vote for the agreement, but has not officially said so. Thus, for all practical purposes, the Prespes agreement is expected to pass, with 152 or 153 votes.

Former Prime Minister George Papandreou, who is not a member of parliament and who has worked tiressly on the issue, both as foreign minister and PM, has gone public in support of the deal.

Despite the discomfort this move created in the leadership of the Movement for Change, doing otherwise would have made him look inconsistent. As he is not voting, the damage is seen as limited, although the symbolism does not help the Movement for Change approach.

To the extent that Greece’s transatlantic partners and allies want to see the agreement implemented, they should feel relief. Of course, nothing is done until the “fat lady sings”, but one can clearly hear her whispering the notes in the corridors of the Greek Parliament.

Still, for the astute observer of Greek politics and the foreign officials and analysts who value the crucial role of Greece as an anchor of stability in the Balkans – being by far the strongest country in this region, both militarily and economically, despite the crisis of the last eight years – the deep divisions the issue has created in the society and the political world, are a cause for concern and could spell trouble in the future.

Dealing with such a volatile landscape calls for delicate moves by all.

Liked it? Take a second to support The Duran on Patreon!
Continue Reading

JOIN OUR YOUTUBE CHANNEL

Your donations make all the difference. Together we can expose fake news lies and deliver truth.

Amount to donate in USD$:

5 100

Validating payment information...
Waiting for PayPal...
Validating payment information...
Waiting for PayPal...
Advertisement

Advertisement

Quick Donate

The Duran
EURO
DONATE
Donate a quick 10 spot!
Advertisement
Advertisement

Advertisement

The Duran Newsletter

Trending