Russian APT44 The Most Notorious Cyber Sabotage Group

andreasc
-
0
Russian APT44 The Most Notorious Cyber Sabotage Group
[ad_1]

As Russia’s invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS, APT44) cyber threat group remains highly active and increasingly integrated with Russian conventional military operations in support of Moscow’s war aims. 

However, Sandworm’s disruptive operations now span globally across Russian political, military, and economic interests.

With 2024 seeing record participation in national elections, the group’s history of attempting to interfere in democratic processes elevates potential near-term threats. 

Recently, cybersecurity researchers at Google’s Threat Intelligence team unveiled that Russian APT44 is the most notorious cyber sabotage group globally.

Russian APT44 Most Notorious Gang

The operationally mature APT44 (Sandworm) which is sponsored by Russian military intelligence infrastructure, carries out the full range of spying, warfare, and influencing operations – something that is quite unique to state groups who often specialize.

APT44’s spectrum of operations (Source – Google Cloud)

Russia’s “information confrontation” cyber warfare doctrine necessitates these abilities.

In pursuit of this, APT44 has actively sought to create several initiatives that would end up giving Russia an upper hand during times of war, Mandiant said.

During the early stages of the invasion, it ran a fierce campaign with wiper malware against Ukrainian critical infrastructure, sometimes aligned with kinetic strikes.

As the war proceeded, APT44 switched its interest towards intelligence gathering and launched campaigns to extract data from captured devices that could be used as intelligence sources for Russian forces at the front line.

The group’s changing strategy illustrates flexibility in support of Moscow’s military goals.

APT44’s wartime disruptive activity (Source – Google Cloud)

As an arm of Russian military intelligence, APT44’s sabotage operations extend beyond military objectives to support the Kremlin’s broader national interests like political signaling, crisis response, and preserving perceived global reputation. 

This has resulted in historically consequential attacks like disrupting Ukraine’s power grid in 2015-2016, the global NotPetya strike on Ukraine’s Constitution Day 2017, and the disruption of the 2018 Pyeongchang Olympics opening ceremony over Russia’s doping ban. 

With high capabilities, risk tolerance, and a far-reaching mandate backing Russian foreign policy across governments, civil society, and critical infrastructure globally, APT44 presents a severe, persistent threat wherever Russian interests intersect. 

Its aggressive cyber offense increases new attack concepts, likely lowering barriers for other state and non-state actors, a risk Russia itself appears concerned about based on observed defensive exercises.

APT44 is a well-known Russian-based advanced persistent threat group constituting a critical and growing international cyber threat.

For ten years, this group has been at the forefront when it comes to conducting cyber-attacks that are aimed at promoting the nationalist agenda of Russia, which focuses mainly on elections, sports events, and geopolitics.

The Ukraine war still continues, but APT44 has not shifted its concentration from the region as it may further the Kremlin’s global strategic goals, consequently perhaps impacting political dynamics, elections, and matters surrounding Russian neighboring countries.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link

Google could bring a “Look and Sign” feature to the Pixel Tablet

andreasc
-
0
Google could bring a “Look and Sign” feature to the Pixel Tablet
[ad_1]

Google is reportedly working on a new “Look and Sign” feature for the Pixel Tablet. This new feature will likely offer users a new way to interact with Google Assistant on their device. It’s worth noting that the Pixel Tablet comes with an included charging speaker dock. It allows users to use their tablet just like they would a Nest Hub Max.

Thanks to the speaker dock, users can easily manage their smart home and get answers to their queries through Google Assistant. But, this is likely to change with the future update coming to the Pixel Tablet.

In a recent APK teardown of the Google Search app, 9to5Google found that a revamped feature like Nest Hub Max’s “Look and Talk” is in the works. For those who are uninitiated, the Look and Talk feature on Nest Hub Max uses the device’s built-in camera to recognize when a user is talking while looking at it.

This eventually eliminates the whole “Hey Google” process and streamlines it for a better user experience. Not to forget, rumors about the development of the Look and Talk feature for the Pixel Tablet already surfaced online a few months ago.

A new ‘Look and Sign’ feature might come soon to your Pixel Tablet

The teardown revealed the feature in the Google Search app beta version 15.15. There were some strings of code labeled as “LnS” that pointed out the Look and Talk feature. Although Google chooses to hide these labels, 9to5Google managed to forcibly enable it in the “Assistant on Hub Mode” settings.

While there’s no exact information on what this could mean, there are a few possibilities around how the Look and Sign feature would work. First, Google might allow users to make hand gestures to engage with Google Assistant rather than saying “Hey Google.” It could be a thumbs-up, pointing fingers at the camera, or hand-waving.

Secondly, Google could bring the “Look and Sign” feature to cater to Pixel Tablet users who use sign language. No doubt, the possibilities are immense. But, if Google chooses this route, it would require advanced machine learning capabilities to achieve it.

Although Google is gradually replacing Google Assistant with Gemini, the new finding hints that Google Assistant is here to stay. At least in smart home devices, if not all of Google’s products.

This feature is in a very early stage. So, the launch date for the Pixel Tablet’s “Look and Sign” feature is unknown as of now. However, we might hear some of it in the upcoming Google I/O 2024 event, scheduled for May.


[ad_2]
Source link

FIN7 Hackers Attacking IT Employees Of Automotive Industry

andreasc
-
0
FIN7 Hackers Attacking IT Employees Of Automotive Industry
[ad_1]

IT employees in the automotive industry are often targeted by hackers because they have access to sensitive information such as customer data, intellectual property, and critical systems.

The connected technologies’ dependence on the automotive industry and the value of their data make them attractive targets for threat actors.

BlackBerry analysts recently discovered that the FIN7 hackers are actively attacking the IT employees of the automotive industry.

FIN7 Attacking IT Employees

According to some BlackBerry evaluations at the end of 2023, there was a spear-phishing campaign against a major United States-based car manufacturer by FIN7 hackers. 

FIN7 used a free IP scanning tool as bait to exploit IT staff with admin rights and then deployed their Anunak backdoor. 

It has been reported that these attacks were part of a broader campaign by FIN7, a financially motivated APT group from Russia known to be focused on sectors such as transportation and defense. 

However, before this happened, the Blackberry team interrupted before they could perform a ransomware attack.

This demonstrates the importance of detecting early intrusion to mitigate possible losses.

FIN7 then shifted to hunting big game that could pay bigger ransoms, with great detailed plans for maximizing the impacts of attacks.

They are scouts who select and study targets carefully, zooming in for employees with high access rights and delivering payloads such as “WsTaskLoad.exe” via spear-phishing emails containing malicious URLs.

These attacks take advantage of trust in legitimate sites, highlighting the necessity for strong cyber security measures to mitigate such advanced threats.

Attack chain (Source – BlackBerry)

WsTaskLoad.exe executes the final payload of Anunak/Carbanak in multiple stages. It is called jutil.dll, and it then executes the exported function “SizeSizeImage.”

jutil.dll now reads and decrypts infodb\audio.wav; its decrypted blob is shellcode that gets copied to mspdf.dll, and it runs as code there.

This shellcode also reads and decrypts infodb\audio.wav again; this decrypted blob is a loader that can be loaded and run later by the same shellcode.

The loader identifies files in the current directory with dmxl.bin and dfm\open.db matching a certain mark.

The decrypted dmxml.bin constitutes the Anunak payload, having “rabt4201_x86” as the campaign ID.

Besides this, the WsTaskLoad.exe performs scripting dissemination and persistence establishment. The first thing it does is run an obfuscated PowerShell script called powertrash.

This is established by the persistent installation of OpenSSH, scheduled as a job that opens up firewall ports.

The fake lure website “advanced-ip-sccanner[.]com” was pointed at “myipscanner[.]com”, and several other domains were registered too.

Post compromise, OpenSSH is utilized for external access with an SSH tunnel proxy server using a common fingerprint.

The target was a large multinational automobile manufacturer whose IT department had been deliberately pointed against.

The obfuscation and tool employed resemble FIN7 POWERTRASH tactics, confirming that the actor behind this incident was likely FIN7.

Recommendations

Here below we have mentioned all the recommendations:-

  • Conduct Regular Security Training
  • Social Engineering Awareness
  • Phishing Report System
  • Multi-Factor Authentication
  • Password hygiene
  • Security Updates and Patch Management
  • Endpoint Security Solutions
  • Monitor Suspicious Behavior
  • Data Protection and Encryption
  • Email Filtering and Authentication
  • Incident Response

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

andreasc
-
0
Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million
[ad_1]

The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive consumer data, as well as require it to provide consumers with a simple way to cancel services.

After a data breach in 2023 Cerebral disclosed that it had been using invisible pixel trackers from Google, Meta (Facebook), TikTok, and other third parties on its online services since October 2019.

A tracking pixel is a piece of code that website owners can place on their website. The pixel collects data that helps businesses track people and target adverts at them. That’s nice for the advertisers, but the combined information of all these pixels potentially provides a company with an almost complete picture of your browsing behavior and a lot of information about you.

The FTC statement claims that by using these tracking pixels, which are invisible to the website visitor unless they look at the underlying code, Cerebral provided the sensitive information of nearly 3.2 million consumers to these third parties.

The complaint points out that to get consumers to sign up for Cerebral’s services and to provide detailed personal data, the company claimed to offer “safe, secure, and discreet” services, saying that users’ data would be kept confidential.

Also, according to the complaint, the company specifically claimed in many instances that it would not share users’ data for marketing purposes without obtaining people’s consent.

Many organizations are unclear about how much information the social media companies behind the tracking pixels can gather. In the Notice of HIPAA Privacy Breach Cerebral disclosed that the following data were potentially exposed:

  • Full name
  • Phone number
  • Email address
  • Date of birth
  • IP address
  • Cerebral client ID number
  • Demographic information
  • Self-assessment responses and associated health information
  • Subscription plan type
  • Appointment dates
  • Treatment details and other clinical information
  • Health insurance/pharmacy benefit information

Among other penalties, Cerebral has to refund $5.1 million to customers who were impacted by deceptive cancellation practices and pay a $10 million civil penalty, limited to $2 million due to Cerebral’s inability to pay the full amount.

The number of breaches concerning health information is shocking. As required by section 13402(e)(4) of the HITECH Act, the Secretary of the US Department of Health and Human Services Office for Civil Rights publishes a list of breaches that reveal unsecured protected health information affecting 500 or more individuals.

We have reported about similar cases that involved tracking pixels. Research done by TheMarkup in June of 2022 showed that Meta’s pixel showed up on the websites of 33 of the top 100 hospitals in America.

Protecting yourself from a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection


[ad_2]
Source link

Galaxy Z Fold 6, Flip 6 to feature Corning and Schott UTG substrate

andreasc
-
0
Galaxy Z Fold 6, Flip 6 to feature Corning and Schott UTG substrate
[ad_1]

Samsung may have finalized the Galaxy Z Fold 6 and Galaxy Z Flip 6’s component suppliers. According to the Korean media, the company will keep the same suppliers for the ultra-thin glass (UTG) substrate and its back-end processing orders for the new foldables. The devices are expected to arrive in July.

Samsung finalizes its UTG partners for the Galaxy Z Fold 6 and Flip 6

Galaxy foldables feature an extremely thin layer of glass in the display assembly. It adds some strength to the flexible display. Since the third-gen models in 2021, South Korean firms Econy and Dowoo Insys have been handling the back-end processing orders for the UTG panels for Samsung foldables. They remain Samsung’s partners for the Galaxy Z Fold 6 and Galaxy Z Flip 6.

Like last year, Dowoo Insys will work on the UTG panel for the Fold model, while Econy will handle the job for the Flip. Back-end processing for UTG involves thinning the UTG substrate supplied by the vendor and cutting plates according to the display size. Samsung will provide them with the dimensions and other info on the folding displays for the new foldables.

According to The Elec, the Galaxy Z Fold 6’s UTG panel will feature Schott’s substrate. The Galaxy Z Flip 6, on the other hand, will use Corning’s UTG substrate. All of these firms are part of Samsung’s supply chain. Corning and Econy are part of the smartphone division’s supply chain, while Schott and Dowoo Insys are part of the display division’s supply chain.

Samsung’s smartphone division also has another Korean firm UTI as its back-end processing partner. However, UTI’s etching technology reportedly isn’t up to the mark, so Samsung didn’t sign it up for the Galaxy Z Flip 6. UTI has several Chinese smartphone companies as its customers, though the report doesn’t specify whether it handles back-end processing for any foldable device.

Samsung may have more foldable smartphones in the pipeline

Samsung may launch more than two foldable smartphones this year. Alongside the Galaxy Z Fold 6 and Galaxy Z Flip 6, there are also strong rumors about the Galaxy Z Fold 6 Ultra. Additionally, the Korean firm may also be working on two low-cost foldables. They could be called Galaxy Z Fold FE and Galaxy Z Flip FE. The “FE” in Samsung’s product branding stands for Fan Edition. These devices usually offer a mix of flagship features and affordability. Time will tell how much truth is in these rumors.


[ad_2]
Source link

Snapchat’s AI-generated images get watermarks

andreasc
-
0
Snapchat’s AI-generated images get watermarks
[ad_1]
Snap announced early this week some improvements to its AI related tools. The most important change is Snap’s decision to add watermarks to all AI-generated images shared via Snapchat.

The watermark seen below (a small ghost logo with a sparkle icon beside it) will appear on image created with Snap’s generative AI tools when the image is exported or saved to camera roll.

Besides adding watermark to all AI-generated images, Snap announced it has developed more safeguards to ensure all AI-powered features adhere to its safety and privacy regulations.
Snapchat’s AI-generated images get watermarks

For instance, Snap announced it has created a safety review process to detect and remove potentially problematic prompts in the earliest stages of development of AI Lens experiences. Going forward, all Snap’s AI Lenses that generate an image from a prompt will go through this process before they’re finalized and become available on Snapchat.

Finally, Snap revealed that it’s implementing additional testing to minimize potentially biased AI results but didn’t offer any other details.


[ad_2]
Source link

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

andreasc
-
0
Palo Alto ZeroDay Exploited in The Wild Following PoC Release
[ad_1]

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400.

This zero-day flaw, found in the GlobalProtect Gateway, is currently under active exploitation by attackers.

CVE-2024-3400 allows attackers to execute arbitrary OS commands on the affected systems without proper authentication.

The threat actors are now actively exploiting this Palo Alto ZeroDay in the wild following the PoC release.

Palo Alto ZeroDay Exploited

Researchers identified vulnerabilities and developed an exploit for GlobalProtect in three days that targeted Palo Alto VPN-SSL solutions. 

WatchTowr explained a path traversal bug with a command injection resulting in a PoC via POST request to “…/ssl-vpn/hipreport.esp”. 

It permits command injection through the SESSID cookie, which can potentially drop webshells as cron jobs. 

Rapid7’s and WatchTowr’s PoCs spread quickly, followed by TrustedSec and ShadowServer reporting on some real attacks, while some of the earlier PoCs were fake or malicious. 

Expect widespread attacks soon since Palo Alto solutions are not audited enough.

Palo Alto increased the risk level to 5 out of 5 (CVE-2024-3400), requiring either patches be applied or specific Threat Prevention signatures configured in counteraction. 

This modification will help prevent devices from becoming overloaded due to command execution attempts. They shared additional IOC and CLI commands, which mainly focused on recent vulnerabilities and not the original threat actor. 

Onyphe developed a query tool that can help identify GlobalProtect versions, which can aid patch confirmation activity. However, this will expose vulnerable servers to threat actors. 

EmergingThreats unveiled a Suricata rule designed explicitly to detect WatchTowr PoC usage. Rapid7 observed constant exploit attempts and documented them via multiple logs.

Palo Alto released patches for the critical 0day CVE-2024-3400 on April 14, with three fixes available for affected branches. On April 19, patches for the older versions will be released.

Another mass compromise has not been directed by adversaries, indicating a targeted campaign called MidnightEclipse. 

Volexity established that the adversary had moved laterally into internal systems using a Python backdoor named “update.py” and additional payloads designed to exfiltrate valuable data. 

Although some infrastructure is still online, no definite public PoC exists, and expert researchers might use the patched 0day for advanced research.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


[ad_2]
Source link

Sony Xperia 1 VI launch event date tipped for next month

andreasc
-
0
Sony Xperia 1 VI launch event date tipped for next month
[ad_1]

The Sony Xperia 1 VI launch event will seemingly take place next month, as the date has just been tipped. A poster leaked on Weibo (shown below the article), suggesting that the phone will become official on May 17. That’s a Friday, in case you were wondering.

The Xperia 1 VI launch date seemingly revealed, as the phone is expected to arrive next month

Do note that the poster itself does not specifically mention the Xperia 1 VI. However, it’s that time of year, and when it comes to Xperia devices, there are not many phones Sony is willing to host events for.

That being said, we’ve exclusively shared the design of the Xperia 1 VI quite recently. The phone will look similar to last year’s model, but it will be a bit shorter and a bit wider. Sony is changing the display aspect ratio from 21:9 to around 19.5:9.

In other words, the overall size will be more similar to regular smartphones. Sony’s phones have been very tall and narrow for quite some time now. The phone will measure roughly 161.9 x 74.5 x 8.4mm. It will include a 6.5-inch panel, and retain bezels above and below the display. Sony simply refuses to include a display camera hole.

It will include three cameras on the back, and retain a headphone jack

The Xperia 1 VI will have a flat display, with flat sides, and three cameras on the back. Those cameras will be vertically aligned in the top-left corner of the phone’s back. Sony’s logo will also be present on the back.

What’s also interesting is that the phone will retain a headphone jack. It will be located at the top. The Xperia 1 VI will be made out of metal and glass, as expected.

Based on rumors, the Xperia 1 VI may give up the 4K display for a QHD+ panel. It will surely be an AMOLED panel with an adaptive refresh rate that will go up to 120Hz, though.

The Snapdragon 8 Gen 3 will almost certainly fuel the Xperia 1 VI. We’re also expecting to see at least 12GB of LPDDR5X RAM inside the phone.

Xperia 1 VI launch date poster leak


[ad_2]
Source link

Google Pixel 7, Fold, and 8 series receive the April update

andreasc
-
0
Google Pixel 7, Fold, and 8 series receive the April update
[ad_1]

Google has begun rolling out new April updates for its Pixel 7, 7 Pro, 7a, Fold, 8, and 8 Pro phones. These updates, currently available as new Android 14 QPR2 builds, offer the April 2024 security patch and features from the Developer Preview.

While these updates are not yet available over the air (OTA) for everyday users, developers can download the factory images and flash them onto their devices. Google Pixel 7, Pixel 7 Pro, Pixel 7a, Pixel 8, and Pixel 8 Pro (Review) are receiving the build number AP1A.240405.002.B1 while the Pixel Fold was listed as AP1A.240405.002.A2.

What is in the new April update and why you might want to wait

Google hasn’t announced the official OTA update date for the Android 14 QPR2 with the April patch. But factory images suggest it’s close. Google rolls out updates in stages, so some users might get it within days, while others wait a few weeks. You can check for the update manually in Settings > System > System update.

The update is expected to include the April security patch, potential bug fixes, and performance improvements. Pixel users might also see minor UI tweaks and optimizations. However, these are developer builds, meaning features and functionalities might be unstable or even missing compared to the final version.

No major update until June

The next major update, Android 14 QPR3, isn’t expected until June. So, Pixel users can expect a more minor update next month, likely focused on security and stability improvements.

For those eager to jump straight to Android 15, the Beta 1 is available. However, it currently lacks Near Field Communication (NFC) for contactless payments like Google Pay. This makes the Android 15 Beta less ideal for daily use until Google fixes this.

Google’s rollout of the Android 14 QPR2 update builds lets developers tinker with upcoming features and security patches. But for most Pixel users, waiting for the official OTA update with stable Android 14 builds remains the safest and most practical option.


[ad_2]
Source link

The New Android Banker’s Unique Techniques

andreasc
-
0
The New Android Banker’s Unique Techniques
[ad_1]

A new banker, SoumniBot, has recently been identified. It targets Korean users and is incredible by using an unusual method to evade investigation and detection, notably obfuscating the Android manifest.

In addition to its unique obfuscation, SoumniBot stands out for its ability to steal Korean online banking keys—something Android bankers hardly do. 

This capability enables malicious actors to bypass bank authentication procedures and empty the wallets of unintentional victims. 

Researchers say SoumniBot’s creators sadly succeeded because the Android manifest parser code’s validations were not strictly enough.

Techniques Used By SoumniBot

The Kaspersky researchers explain that the standard unarchiving function in the libziparchive library only allows the following two values for the Compression method in the record header: 0x0000 (STORED, which is uncompressed) and 0x0008 (DEFLATED, which is compressed using the zlib library’s deflate), else it returns an error.

However, the Android developers choose to provide a different scenario in which the value of the Compression method field is checked wrongly rather than utilizing this function.

“If the APK parser comes across any Compression method value but 0x0008 (DEFLATED) in the APK for the AndroidManifest.

xml entry, it considers the data uncompressed. This allows app developers to put any value except 8 into Compression method and write uncompressed data”, researchers said.

Invalid Compression method value followed by uncompressed data

The Android APK parser successfully identifies the manifest and permits application installation, even though any unpacker that correctly implements compression method validation would consider a manifest like that invalid.

Secondly, the size of the manifest file is indicated in the header of the AndroidManifest.xml entry within the ZIP archive.

Even though the entry’s size is indicated inaccurately, it will be copied from the archive unaltered if stored uncompressed. 

The manifest parser ignores any overlay or information after the payload that isn’t connected to the manifest.

This is exploited by the malware, which adds some of the archive content to the unpacked manifest due to the archived manifest’s reported size exceeding its real size. 

Finally, the names of the XML namespaces are represented by very long strings included in the manifest.

These kinds of strings make manifests unreadable for both people and programs, which might not have enough memory allocated to handle them. 

“When run for the first time, the Trojan hides the app icon to complicate removal, and then starts to upload data in the background from the victim’s device to mainsite every 15 seconds”, researchers said.

The information contains the victim’s ID, which was created using the trust device-android library, contact and account lists, the country inferred from the IP address, SMS and MMS messages, and other data.

The Trojan subscribes to messages from the MQTT server to receive commands.

If you want to avoid becoming a victim of malware of that kind, it is advised to use a reputable security app on your smartphone to identify the Trojan and stop it from installing despite all of its tactics.

Indicators of compromise

MD5
0318b7b906e9a34427bf6bbcf64b6fc8
00aa9900205771b8c9e7927153b77cf2
b456430b4ed0879271e6164a7c0e4f6e
fa8b1592c9cda268d8affb6bceb7a120

C&C
https[://]google.kt9[.]site
https[://]dbdb.addea.workers[.]dev


[ad_2]
Source link
1...161162163...1,452Page 162 of 1,452