URLhaus Database

Every malware URL on URLhaus is associated with a host. A host can be either an domain name or an IP address (in case the malware URL is hosted on an IP address and doesn't use a domain name).

Database Entry

Host: mrtool.ir
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Control D HaGeZi :Not blocked
Firstseen:2020-04-24 08:42:13 UTC
Total malware sites :4
Online malware sites :0 (0%)
Offline Malware sites :4 (100%)
A record(s) observed :2

IP addresses

The table below shows all IP address observed for this particular host (in case the host is a domain name, all A records will be listed - including all historical ones). Please note that the output is limited to 10 entires.

Firstseen (UTC)IP addressHostnameSBLASNCountryActive?
2025-04-27 12:56:04 185.126.6.204Not listedAS34918 PISHGAMAN-DATACENTER- IRyes
2020-04-24 08:42:17 185.159.153.80alborz.dnswebhost.comNot listedAS201999 Serverpars- IRno

Malware URLs

The table below shows all malware URLs that are associated with this particular host.

Dateadded (UTC)URLStatusTagsReporter
2020-04-24 13:48:08http://mrtool.ir/wp-content/languages/cass.exeOfflineAgentTesla ext exe zbetcheckin
2020-04-24 11:06:39http://mrtool.ir/wp-admin/network/fern.exeOfflineexe zbetcheckin
2020-04-24 11:06:34http://mrtool.ir/wp-includes/faye.exeOfflineexe HawkEye ext zbetcheckin
2020-04-24 08:42:17http://mrtool.ir/wp-admin/user/ord.exeOfflineAgentTesla ext exe abuse_ch

The table below shows recent payloads delivery by this host.

Firstseen (UTC)SHA256 hashFile typeBazaarSignature
2020-04-24 13:48:087052536e8f3b3224cdc9edc70a1a7f3a26ad0fc9c620c80eb91f9168ce81ad0cexeAgentTesla
2020-04-24 11:06:390574c0f6a0593f66741cc29cbf59be20e7308e8e7684304778a25508ec427291exe  
2020-04-24 11:06:343f7f3871134432b6565c7e95a17a3480c1dcdd1ce575a3d10ad5003a889c933fexeHawkEye
2020-04-24 08:42:179c07edc02d5182033a99b954e0ad56221d63af45954fd9580e8bb3018deb1abbexeAgentTesla