Report - killerprotool.com/tool/ToniProTool.exe

Report Overview

Visitedpublic

2025-04-28 09:00:17

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
killerprotool.com	unknown	2025-02-20	2025-04-28	2025-04-28	506 B	5.1 MB	5.9.90.156

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-28	medium	killerprotool.com/tool/ToniProTool.exe	Detects malware by known bad imphash or rich_pe_header_hash

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

killerprotool.com/tool/ToniProTool.exe

IP / ASN

5.9.90.156

#24940 Hetzner Online GmbH

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Size5.1 MB (5110272 bytes)

MD500286c78a4be25ca5411d5314e1d5d4e

SHA14f0bd8a7c3870bbca05a6f1dab0c667509e54462

SHA25678d2ad06605780e77b1d0540f58c128d940a6efe0c006e045cbc44b1b2cffcfb

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects malware by known bad imphash or rich_pe_header_hash
VirusTotal	malicious	VirusTotal - Scan result 18/72

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

GET killerprotool.com/tool/ToniProTool.exe

5.9.90.156

200 OK

5.1 MB

URL

killerprotool.com/tool/ToniProTool.exe

IP / ASN

5.9.90.156

#24940 Hetzner Online GmbH

Requested byN/A

Resource Info

File typePE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

First Seen2025-04-28

Last Seen2025-04-28

Times Seen1

Size5.1 MB (5110272 bytes)

MD500286c78a4be25ca5411d5314e1d5d4e

SHA14f0bd8a7c3870bbca05a6f1dab0c667509e54462

SHA25678d2ad06605780e77b1d0540f58c128d940a6efe0c006e045cbc44b1b2cffcfb

Certificate Info

IssuerLet's Encrypt

Subjecttoniprotool.com

Fingerprint0E:E5:DC:3F:E2:36:7C:7E:9B:ED:CA:C8:43:C6:6B:64:AA:57:2B:BA

ValidityWed, 19 Mar 2025 07:58:38 GMT - Tue, 17 Jun 2025 07:58:37 GMT

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects malware by known bad imphash or rich_pe_header_hash
VirusTotal	malicious	VirusTotal - Scan result 18/72

HTTP Headers

GET /tool/ToniProTool.exe HTTP/1.1
Host: killerprotool.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-msdownload
last-modified: Sun, 30 Mar 2025 21:50:37 GMT
accept-ranges: bytes
content-length: 5110272
date: Mon, 28 Apr 2025 08:59:44 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2