eternal-todo.com Report : Visit Site

Technical data of the eternal-todo.com

Geo IP provides you such as latitude, longitude and ISP (Internet Service Provider) etc. informations. Our GeoIP service found where is host eternal-todo.com. Currently, hosted in France and its service provider is OVH SAS .

the related websites

sportsfred.com bet365.com dailymail.co.uk cema.edu.mx gettyimages.co.uk astro.cardiff.ac.uk 

HTTP Header Analysis

HTTP Header information is a part of HTTP protocol that a user's browser sends to called Apache containing the details of what the browser wants and will accept back from the web server.

DNS

HtmlToText

home tools malybuzz peepdf pub advisories exploits articles presentations var scripts about dridex spam campaign using pdf as infection vector analysis botnets dridex javascript macros malware pdf peepdf during this month a dridex spam campaign using pdf documents as infection vector was spotted. i also received a couple of e-mails in my personal inbox attaching the mentioned pdf files. one of them was using the typical “scanned data” theme (subject was “scan data” and sender “scanner at eternal-todo.com” ) and the other one was related to a confirmation letter (subject was “uk_confirmation_ph764968900.pdf” and the sender “info at calmbeginnings.co.uk” ). none of them was really good in social engineering, just adding some words and the attachment. submitted by jesparza on mon, 2017/04/24 - 01:24 read more adding a scoring system in peepdf analysis gsoc pdf peepdf tools just before the summer i announced that the student rohit dua would dedicate his time to improve peepdf and add a scoring system to the output. this was possible thanks to google and his google summer of code (gsoc) program, where i presented several projects as a member of the honeynet project . a beta version was presented during black hat europe arsenal 2015 last november, where i introduced the new functionalities. the scoring system has the goal of giving valuable advice about the maliciousness of the pdf file that’s being analyzed. the first step to accomplish this task is identifying the elements which permit to distinguish if a pdf file is malicious or not, like javascript code, lonely objects, huge gaps between objects, detected vulnerabilities, etc. the next step is calculating a score out of these elements and test it with a large collection of malicious and not malicious pdf files in order to tweak it. the scoring is based on different indicators like: number of pages number of stream filters broken/missing cross reference table obfuscated elements: names, strings, javascript code. malformed elements: garbage bytes, missing tags… encryption with default password suspicious elements: javascript, event triggers, actions, known vulns… big streams and strings objects not referenced from the catalog submitted by jesparza on sun, 2016/02/28 - 21:13 read more travelling to the far side of andromeda at botconf 2015 actors andromeda botconf botnets conferences intelligence malware reversing it has been a while since i wrote the last time here and since i presented at botconf , but i wanted to share my slides here too. a couple of weks after the sad terrorist attacks in paris , botconf was held in the city of love. way more secure than before and with lots of security controls which almost made me lose my return train, but it was worth it. attending a security conference focused on cybercrime, malware, reverse engineering and intelligence is always a good plan :) i really recommend you attending botconf this year in lyon , you will not regret it ;) my presentation was about andromeda. this is the abstract: andromeda, also known as gamarue by some antivirus vendors, is a popular and modular bot active since 2011. it is normally used to spread additional malware, but sometimes, depending on the criminals, the main objective could be just stealing user credentials. after almost five years of life its development has not stopped. the people behind it keep maintaining it and adding functionalities, like new anti-analysis routines, changes in the communication encryption, new request formats, etc. this talk will not give just details about the latest changes in the andromeda binary and control panel, but it will also respond some interesting questions about this botnet. which are the most popular versions used nowadays? are most of the botnets spreading malware or just using its plugins? what are the most popular plugins? how and where is andromeda sold? who is selling it? what criminal groups are using andromeda? it is not just a talk about malware reversing but about the whole andromeda ecosystem. submitted by jesparza on sun, 2016/02/07 - 23:09 read more black hat arsenal peepdf challenge solution analysis arsenal black hat challenge ctf javascript pdf peepdf tools one week before my demo at the black hat arsenal i released a peepdf challenge . the idea was solving the challenge using just peepdf , of course ;) this post will tell you how to solve the challenge so if you want to try by yourself (you should!) stop reading here! the pdf file can be downloaded from here and it is not harmful. no shellcodes, no exploits, no kitten killed. in summary, you can open it with no fear, but do it with a version of adobe reader prior to xi ;) let's start! :) this is what you see with the last version of peepdf : in a quick look you can spot some javascript code located in object 13 and also an embedded file in the same object. checking the references to this object and some info about it we see that it is an embedded pdf file: submitted by jesparza on wed, 2015/09/09 - 19:05 read more black hat arsenal peepdf challenge analysis arsenal black hat challenge ctf pdf peepdf tools in one week i will be traveling to las vegas to show how peepdf works in the black hat usa arsenal . my time slot will be on wednesday the 5th from 15:30 to 18:00 , so you are more than welcome to come by and say hi, ask questions or just talk to me. i will also be presenting some of the work rohit dua is doing during the google summer of code (gsoc), adding a scoring system for peepdf . submitted by jesparza on sun, 2015/07/26 - 20:04 read more peepdf news: github, google summer of code and black hat analysis black hat forensics gsoc malware pdf peepdf tools vulnerabilities two months ago google announced that google code was slowly dying: no new projects can be created, it will be read only soon and in january 2016 the project will close definitely. peepdf was hosted there so it was time to move to another platform. the code is currently hosted at github, way more active than google code: https://github.com/jesparza/peepdf if you are using peepdf you must update the tool because it is pointing to google code now. after executing “ peepdf.py -u ” the tool will point to github and it will be able to be up to date with the latest commits. the peepdf google code page will also point to github soon. another important announcement is that rohit dua will be the student who will work with peepdf this summer in the google summer of code (gsoc) . i initially presented three ideas to improve peepdf through the honeynet project : project 12 - peepdf1: improve pdf filters in peepdf submitted by jesparza on tue, 2015/05/05 - 21:34 read more andromeda/gamarue bot loves json too (new versions details) analysis andromeda botnet gamarue malware reversing after my last post about andromeda different updates related to version 2.07 and 2.08 appeared. mostly, fortinet was talking about the version 2.7 features and the new anti-analysis tricks of version 2.08 . after that, kimberly was also mentioning version 2.09 in his blog but i have not seen too many details about the latest versions of andromeda. this is a summary of the interesting details about the newer versions. andromeda versions after version 2.08, the parameter used to send the bot version to the panel was removed from the post request, so now it is a bit more difficult to distinguish between versions. an easy way to spot the different versions is taking a look at the request format strings: id:%lu|bid:%lu|bv:%lu|sv:%lu|pa:%lu|la:%lu|ar:%lu (<=2.06) id:%lu|bid:%lu|bv:%lu|os:%lu|la:%lu|rg:%lu (2.07/2.08) id:%lu|bid:%lu|os:%lu|la:%lu|rg:%lu (2.09) submitted by jesparza on fri, 2015/04/17 - 01:47 2 comments read more quick analysis of the cve-2013-2729 obfuscated exploits analysis dyre javascript malware pdf peepdf shellcode vulnerabilities some months ago i analyzed some pdf exploits that i received via spam mails . they contained the vulnerability cve-2013-2729 leading to a zeus-

URL analysis for eternal-todo.com

https://eternal-todo.com///category/arsenal
https://eternal-todo.com///category/twitter
https://eternal-todo.com///es/blog/analisis-cve-2013-3346-peepdf-troopers-blackhat
https://eternal-todo.com///blog/peepdf-gsoc-github-blackhat-arsenal
http://eternal-todo.com/files/pdf/peepdf_challenge_blackhat.pdf
https://eternal-todo.com///node?page=2
https://eternal-todo.com///eternal_files/uploads/mobile_defender_scan.png
https://eternal-todo.com///node?page=3
https://eternal-todo.com///eternal_files/uploads/peepdf_challenge_blackhat_init.png
https://eternal-todo.com///blog/cve-2013-2729-exploit-zeusp2p-gameover#comments
https://eternal-todo.com///blog/peepdf-v0.3-new-release
https://eternal-todo.com///eternal_files/uploads/01_cve-2013-2729_invoice_email.png
http://eternal-todo.com/blog/yet-another-andromeda-gamarue-analysis
https://eternal-todo.com///pub/exploits
https://eternal-todo.com///tools/malybuzz-network-fuzzer

Whois Information

Whois is a protocol that is access to registering information. You can reach when the website was registered, when it will be expire, what is contact details of the site with the following informations. In a nutshell, it includes these informations;

Domain Name: eternal-todo.com
Registry Domain ID: 1599428576_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ovh.com
Registrar URL: http://www.ovh.com
Updated Date: 2017-05-21T12:44:19.0Z
Creation Date: 2010-05-27T19:38:50.0Z
Registrar Registration Expiration Date: 2018-05-27T19:38:50.0Z
Registrar: OVH, SAS
Registrar IANA ID: 433
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +33.972101007
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Esparza Jose Miguel
Registrant Organization:
Registrant Street: office #2299270, c/o OwO, BP80157
Registrant City: Roubaix Cedex 1
Registrant State/Province:
Registrant Postal Code: 59053
Registrant Country: FR
Registrant Phone: +33.972101007
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: Esparza Jose Miguel
Admin Organization:
Admin Street: office #2299270, c/o OwO, BP80157
Admin City: Roubaix Cedex 1
Admin State/Province:
Admin Postal Code: 59053
Admin Country: FR
Admin Phone: +33.972101007
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: Esparza Jose Miguel
Tech Organization:
Tech Street: office #2299270, c/o OwO, BP80157
Tech City: Roubaix Cedex 1
Tech State/Province:
Tech Postal Code: 59053
Tech Country: FR
Tech Phone: +33.972101007
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: dns16.ovh.net
Name Server: ns16.ovh.net
DNSSEC: signedDelegation
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-06-24T22:32:08.0Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

###############################################################################
#
# Welcome to the OVH WHOIS Server.
#
# whois server : whois.ovh.com check server : check.ovh.com
#
# The data in this Whois is at your disposal with the aim of supplying you the
# information only, that is helping you in the obtaining of the information
# about or related to a domain name registration record. OVH Sas make this
# information available "as is", and do not guarantee its accuracy. By using
# Whois, you agree that you will use these data only for legal purposes and
# that, under no circumstances will you use this data to: (1) Allow, enable,
# or otherwise support the transmission of mass unsolicited, commercial
# advertisement or roughly or requests via the individual mail (courier),
# the E-mail (SPAM), by telephone or by fax. (2) Enable high volume, automated,
# electronic processes that apply to OVH Sas (or its computer systems).
# The copy, the compilation, the re-packaging, the dissemination or the
# other use of the Whois base is expressly forbidden without the prior
# written consent of OVH. Domain ownership disputes should be settled using
# ICANN's Uniform Dispute Resolution Policy: http://www.icann.org/udrp/udrp.htm
# We reserve the right to modify these terms at any time. By submitting
# this query, you agree to abide by these terms. OVH Sas reserves the right
# to terminate your access to the OVH Sas Whois database in its sole
# discretion, including without limitation, for excessive querying of
# the Whois database or for failure to otherwise abide by this policy.
#
# L'outil du Whois est à votre disposition dans le but de vous fournir
# l'information seulement, c'est-à-dire vous aider dans l'obtention de
# l'information sur ou lié à un rapport d'enregistrement de nom de domaine.
# OVH Sas rend cette information disponible "comme est," et ne garanti pas
# son exactitude. En utilisant notre outil Whois, vous reconnaissez que vous
# emploierez ces données seulement pour des buts légaux et ne pas utiliser cet
# outil dans les buts suivant: (1) la transmission de publicité non sollicitée,
# commerciale massive ou en gros ou des sollicitations via courrier individuel,
# le courrier électronique (c'est-à-dire SPAM), par téléphone ou par fax. (2)
# l'utilisation d'un grand volume, automatisé des processus électroniques qui
# soulignent ou chargent ce système de base de données Whois vous fournissant
# cette information. La copie de tout ou partie, la compilation, le
# re-emballage, la dissémination ou d'autre utilisation de la base Whois sont
# expressément interdits sans consentement écrit antérieur de OVH. Un désaccord
# sur la possession d'un nom de domaine peut être résolu en suivant la Uniform
# Dispute Resolution Policy de l'ICANN: http://www.icann.org/udrp/udrp.htm
# Nous nous réservons le droit de modifier ces termes à tout moment. En
# soumettant une requête au Whois vous consentez à vous soumettre à ces termes.

# local time : Thursday, 13-Jul-17 15:48:21 CEST
# gmt time : Thursday, 13-Jul-17 13:48:21 GMT
# last modify : Sunday, 25-Jun-17 00:31:01 CEST
# request from : 192.168.248.122:53146



  REGISTRAR OVH

  REFERRER http://www.ovh.com

SERVERS

  SERVER com.whois-servers.net

  ARGS domain =eternal-todo.com

  PORT 43

  SERVER whois.ovh.com

  ARGS eternal-todo.com

  PORT 43

  TYPE domain

DOMAIN

  NAME eternal-todo.com

NSERVER

  DNS16.OVH.NET 213.251.188.135

  NS16.OVH.NET 213.251.128.135

STATUS
clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
clientTransferProhibited https://icann.org/epp#clientTransferProhibited

  CHANGED 2017-05-21

  CREATED 2010-05-27

  EXPIRES 2018-05-27

  REGISTERED yes

Mistakes

The following list shows you to spelling mistakes possible of the internet users for the website searched .